1

Architecture: SNS post to AWS API Gateway with proxy to a lambda function. There is a lambda authorizer with REQUEST module setup to authorize the api requests.

It works fine both from SNS and Postman when there is no Authorization. I can see the messages published in cloudwatch logs.

Issue: Unable to test how SNS will publish a message to API when Authentication is enabled i.e by passing username and password in the api. Postman throws AuthorizerConfigurationException error when url "https://username:password@apiurl.com" is passed.

  1. Created a new lambda function and associated lambda authorizer to API gateway. -> Request with Authorization Header.
  2. Modified the gateway response to include WWW-Authenticate header and 'Basic' value
  3. E2E it works fine when I pass a "Authorization" Header and base64 username:password encoded. Since I want to simulate the SNS to API -> I cannot use Authorization header.

Questions:

  1. What is the use case of Token vs Request Authorizer?
  2. What changes should I make to API for it to accept USERNAME and PASSWORD in the URL? The error I receive in POSTMAN in "AuthorizerConfigurationException".
srg
  • 11
  • 4
  • Maybe [this answer](https://stackoverflow.com/a/38640351/4831297) (and the comments below it) help you fixing the `AuthorizerConfigurationException` ? So in short: check that the API Gateway can call your authorizer function and that your authorizer function does not throw any errors. – s.hesse Jan 05 '21 at 13:42
  • Besides that, a **Token Authorizer** is used if your authorizer function can rely on a single HTTP header to authenticate a request. If not, e.g. if it needs to access query parameters, other HTTP headers, or similar things, then you should choose **Request Authorizer** instead. – s.hesse Jan 05 '21 at 13:44

0 Answers0