How to validate API Key in AWS Lambda function

I have read quite a few articles like this one and it looks like currently in AWS API Gateway you cannot send API Key in query string.
We also have few legacy clients that will need passing api-key in query string.

So i thought of two options

1>Create lambda function as Integration Type and validate API in key inside function handler. But i am not able to figure out how to validate it against keys in aws. Something like

public async Task<JObject> FunctionHandler(JObject request, ILambdaContext context)

{

      // i know how to get apikey from queryStringParameters here 

      // but how do i validate it against api keys in aws

}

2> Create new custom authorizer, but again not sure how do i do it.

Which would be prefered option. I am using .NET core. Are there any nuget packages already available?

Please note querystring support is required and not debatable even if it is not recommended for security reason

asked Jan 2 at 23:59

LP13

5,1891166151

add a comment |

1>Create lambda function as Integration Type and validate API in key inside function handler. But i am not able to figure out how to validate it against keys in aws. Something like

public async Task<JObject> FunctionHandler(JObject request, ILambdaContext context)

{

      // i know how to get apikey from queryStringParameters here 

      // but how do i validate it against api keys in aws

}

2> Create new custom authorizer, but again not sure how do i do it.

Which would be prefered option. I am using .NET core. Are there any nuget packages already available?

Please note querystring support is required and not debatable even if it is not recommended for security reason

asked Jan 2 at 23:59

LP13

5,1891166151

add a comment |

1>Create lambda function as Integration Type and validate API in key inside function handler. But i am not able to figure out how to validate it against keys in aws. Something like

public async Task<JObject> FunctionHandler(JObject request, ILambdaContext context)

{

      // i know how to get apikey from queryStringParameters here 

      // but how do i validate it against api keys in aws

}

2> Create new custom authorizer, but again not sure how do i do it.

Which would be prefered option. I am using .NET core. Are there any nuget packages already available?

Please note querystring support is required and not debatable even if it is not recommended for security reason

asked Jan 2 at 23:59

LP13

5,1891166151

1>Create lambda function as Integration Type and validate API in key inside function handler. But i am not able to figure out how to validate it against keys in aws. Something like

public async Task<JObject> FunctionHandler(JObject request, ILambdaContext context)

{

      // i know how to get apikey from queryStringParameters here 

      // but how do i validate it against api keys in aws

}

2> Create new custom authorizer, but again not sure how do i do it.

Which would be prefered option. I am using .NET core. Are there any nuget packages already available?

Please note querystring support is required and not debatable even if it is not recommended for security reason

amazon-web-services aws-lambda aws-api-gateway

asked Jan 2 at 23:59

LP13

5,1891166151

asked Jan 2 at 23:59

LP13

5,1891166151

asked Jan 2 at 23:59

LP13

5,1891166151

asked Jan 2 at 23:59

LP13

5,1891166151

asked Jan 2 at 23:59

LP13

5,1891166151

add a comment |

1 Answer
1

active

oldest

votes

You can pass security key in query param use header and pass key

curl -X PUT 

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice 

 -H 'Content-Type: application/json' 

 -H 'x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 

 -d '{



 "initData": "HI",

 "name": "vaquar khan",

 "likes": "Java"

}'

Security key validation taken care by API getaway so no lambda
authorizer required

If you are passing in query string

URL:

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice ?x-api-key=XXXXXXXXXXXXXXXX &uid=5

Python 2.7

from __future__ import print_function



import boto3

import json



print('Loading function')





def lambda_handler(event, context):

    print(event['params']['querystring']['x-api-key'])

    print(event['params']['querystring']['uid'])

edited Jan 3 at 6:26

answered Jan 3 at 2:57

vaquar khan

3,43312041

Please read my question

– LP13
Jan 3 at 4:02

add a comment |

Your Answer

StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54014737%2fhow-to-validate-api-key-in-aws-lambda-function%23new-answer', 'question_page');
}
);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

You can pass security key in query param use header and pass key

curl -X PUT 

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice 

 -H 'Content-Type: application/json' 

 -H 'x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 

 -d '{



 "initData": "HI",

 "name": "vaquar khan",

 "likes": "Java"

}'

Security key validation taken care by API getaway so no lambda
authorizer required

If you are passing in query string

URL:

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice ?x-api-key=XXXXXXXXXXXXXXXX &uid=5

Python 2.7

from __future__ import print_function



import boto3

import json



print('Loading function')





def lambda_handler(event, context):

    print(event['params']['querystring']['x-api-key'])

    print(event['params']['querystring']['uid'])

edited Jan 3 at 6:26

answered Jan 3 at 2:57

vaquar khan

3,43312041

Please read my question

– LP13
Jan 3 at 4:02

add a comment |

You can pass security key in query param use header and pass key

curl -X PUT 

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice 

 -H 'Content-Type: application/json' 

 -H 'x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 

 -d '{



 "initData": "HI",

 "name": "vaquar khan",

 "likes": "Java"

}'

Security key validation taken care by API getaway so no lambda
authorizer required

If you are passing in query string

URL:

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice ?x-api-key=XXXXXXXXXXXXXXXX &uid=5

Python 2.7

from __future__ import print_function



import boto3

import json



print('Loading function')





def lambda_handler(event, context):

    print(event['params']['querystring']['x-api-key'])

    print(event['params']['querystring']['uid'])

edited Jan 3 at 6:26

answered Jan 3 at 2:57

vaquar khan

3,43312041

Please read my question

– LP13
Jan 3 at 4:02

add a comment |

You can pass security key in query param use header and pass key

curl -X PUT 

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice 

 -H 'Content-Type: application/json' 

 -H 'x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 

 -d '{



 "initData": "HI",

 "name": "vaquar khan",

 "likes": "Java"

}'

Security key validation taken care by API getaway so no lambda
authorizer required

If you are passing in query string

URL:

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice ?x-api-key=XXXXXXXXXXXXXXXX &uid=5

Python 2.7

from __future__ import print_function



import boto3

import json



print('Loading function')





def lambda_handler(event, context):

    print(event['params']['querystring']['x-api-key'])

    print(event['params']['querystring']['uid'])

edited Jan 3 at 6:26

answered Jan 3 at 2:57

vaquar khan

3,43312041

You can pass security key in query param use header and pass key

curl -X PUT 

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice 

 -H 'Content-Type: application/json' 

 -H 'x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' 

 -d '{



 "initData": "HI",

 "name": "vaquar khan",

 "likes": "Java"

}'

Security key validation taken care by API getaway so no lambda
authorizer required

If you are passing in query string

URL:

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice ?x-api-key=XXXXXXXXXXXXXXXX &uid=5

Python 2.7

from __future__ import print_function



import boto3

import json



print('Loading function')





def lambda_handler(event, context):

    print(event['params']['querystring']['x-api-key'])

    print(event['params']['querystring']['uid'])

edited Jan 3 at 6:26

answered Jan 3 at 2:57

vaquar khan

3,43312041

edited Jan 3 at 6:26

answered Jan 3 at 2:57

vaquar khan

3,43312041

answered Jan 3 at 2:57

vaquar khan

3,43312041

answered Jan 3 at 2:57

vaquar khan

3,43312041

Please read my question

– LP13
Jan 3 at 4:02

add a comment |

Please read my question

– LP13
Jan 3 at 4:02

Please read my question

– LP13
Jan 3 at 4:02

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Stack Overflow!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

Search This Blog

Ufyukyu