8

I use AWS Identity Pool with Facebook provider to authenticate client. I need to invoke AWS Lambda using Api Gateway. From Cognito, using Facebook token, i received credentials: AccessKeyId, SecretKey and SessionToken.

Using this credentials, how should I setup header request to invoke my Lambda?

Api Gateway setup (test calls my lambda)

enter image description here

I try to call my api, it returns "The security token included in the request is invalid."

enter image description here

Thank you!

Alexander Karpov
  • 530
  • 1
  • 7
  • 16

3 Answers3

5

JoshuaC and Vijayanath Viswanathan thank you both. Following your suggestion I resolved the issue.

I did the follow steps:

  1. Setup AWS Signature and click on "Update Request"

enter image description here

  1. Add in header "X-Amz-Security-Token" with SessionToken

enter image description here

Alexander Karpov
  • 530
  • 1
  • 7
  • 16
  • 1
    HI @Alexander Karpov , Tried the same setup as you did here . But i am facing `The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method` Error. Basically i am using federated identity and getting Temporary creds and using them in postman . – Private Aug 19 '18 at 10:11
  • @Private i guess you need to provide also Session Token for Federated Identity – Alexander Karpov Aug 19 '18 at 12:53
  • Thanks @Alexander for responding. Yeah what you said is correct . How do you find the signature of your request ? Because for that i need to have `string to sign` right ? – Private Aug 19 '18 at 12:57
  • @Private I usually use SDK of AWS to get this information. Try to see API for CLI https://docs.aws.amazon.com/cli/latest/reference/cognito-identity/. May be it helps you. – Alexander Karpov Aug 19 '18 at 14:14
  • can I do the same sending the user and pass but not the secret? – Piero Alberto Oct 15 '19 at 13:48
4

You have to manually set 'x-amz-security-token' in Postman and pass the token in that header.

Vijayanath Viswanathan
  • 8,027
  • 3
  • 25
  • 43
4

Please try this for postman:

http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-use-postman-to-call-api.html

you choose the AWS Signature option in the Authorization drop-down, and fill out the fields using the key and secret, click update. Postman will sign the request for you.

And also make sure the role being assigned to your cognito users has access to invoke apig.

JoshuaC
  • 349
  • 2
  • 5