User Authentication & Authorization
- IAM Roles & Policies: Best for internal APIs or service-to-service authentication.
- Amazon Cognito: Manages identity for external users, ideal for web and mobile apps.
- Custom Authorizers (Lambda Authorizers): Implement custom authentication and authorization logic, including JWT validation or integration with external identity providers.
Custom Domain Names & TLS/HTTPS
- Supports integration with AWS Certificate Manager (ACM) for SSL/TLS certificates.
- Edge-Optimized Endpoint: ACM certificate must be in
us-east-1.
- Regional Endpoint: ACM certificate must be in the same AWS region as the API.
- DNS mapping via CNAME or Alias (A record) in Route 53 or any DNS provider.
Notes:
Amazon API Gateway HTTP APIs support native JWT authorizers, allowing developers to configure the API to automatically validate JWT tokens issued by an OIDC-compliant identity provider, such as Auth0, Okta, or Amazon Cognito.