I want to secure my Amazon API Gateway WebSocket API. How can I do this?
Short description
Amazon API Gateway supports the following methods for controlling and managing access to APIs:
- AWS Identity and Access Management (IAM) authorization
- AWS Lambda REQUEST authorizer function
Resolution
IAM authorization
For WebSocket APIs, make sure that your routes use an ARN in the following format:
arn:aws:execute-api:region:account-id:api-id/stage-name/route-key
For more information, see Using IAM authorization.
Lambda authorizer function
You can't use path variables (event.pathParameters) with Lambda authorizer functions for WebSocket APIs because the path is fixed. Make sure that the methodArn ends with "$connect" in the following format:
arn:aws:execute-api:region:account-id:api-id/stage-name/$connect
For more information, see Creating a Lambda REQUEST authorizer function.
Related information
How can I set up a custom domain name for my API Gateway API?