问题描述
我想为我的应用创建一个API,该API仅可由我的应用访问。我已将AWS Cognito身份添加到我的appDelegate中,如下所示:
I want to create an api for my app that is only accessible by my app. I have added the AWS Cognito identity to my appDelegate like so:
AWSCognitoCredentialsProvider *credentialsProvider = [[DeveloperAuthenticationProvider alloc] initWithRegionType:AWSRegionUSEast1 identityPoolId:@"poolId"];
AWSServiceConfiguration *configuration = [[AWSServiceConfiguration alloc] initWithRegion:AWSRegionUSEast1 credentialsProvider:credentialsProvider];
AWSServiceManager.defaultServiceManager.defaultServiceConfiguration = configuration;
__block NSString *cognitoId = nil;
// Retrieve your Amazon Cognito ID
[[credentialsProvider getIdentityId] continueWithBlock:^id(AWSTask *task)
{
if (task.error)
{
NSLog(@"Error: %@", task.error);
}
else
{
// the task result will contain the identity id
cognitoId = task.result;
}
return nil;
}];
如何使用返回的gonitoId来确保这是唯一具有ID的应用可以访问我的api?我需要保存此id并在访问api时使用它吗?
How do I use this gonitoId that gets returned to make sure that this is the only app with the id that can access my api? Do I need to save this id and use it when accessing the api?
谢谢。
推荐答案
使用 AWS_IAM授权保护API将要求使用同一AWS账户中的凭证对请求进行签名。除此之外,如果您可以控制帐户,那么应该通过设置API网关操作和资源的细粒度策略来确保只有Cognito角色可以访问。
Securing the API with 'AWS_IAM' authorization will require that requests are signed with credentials in the same AWS account. Past that, if you are in control of the account then you should be able to ensure that only the Cognito roles have access by setting a fine-grained policy with the API Gateway actions and resources.
该应用通过身份验证后,您应该会收到Cognito凭据,因此您将在API Gateway SDK中使用。生成的SDK可在iOS Android和JavaScript中使用。
The app should be receiving Cognito credentials when authenticated so you'll use in the API Gateway SDK. The generated SDKs are available in iOS Android and JavaScript.
这篇关于创建私有Amazon API Gateway的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!