Authorization Types
By default, calling API Gateway does not require authorization. You can add authorization to your API with API Gateway authorizers and authorization types. There are several authorization types available:
- NONE - open access
- AWS_IAM - use AWS IAM permissions
- CUSTOM - custom authorizer
- COGNITO_USER_POOLS - Cognito User Pool
The complete list of authorization types is available in the AWS API Gateway docs.
Application Wide
You can enable authorization application-wide with config/application.rb
:
Jets.application.configure do
config.api.authorization_type = :aws_iam
end
This will require a caller to authenticate using IAM before being able to access the endpoint.
Controller Wide
You can enable controller-wide authorization also. Example:
class PostsController < ApplicationController
authorization_type :aws_iam
end
All PostsController actions will be using AWS_IAM
authorization.
Route Specific
You can also enable authorization on a per-route basis with the authorization_type
option:
Jets.application.routes.draw do
get "posts", to: "posts#index", authorization_type: :aws_iam
end
Inferred Authorization Type
When using Jets Authorizers, Jets will infer the right authorization_type
for CUSTOM
and COGNITO_USER_POOLS
types. So it is recommended to only set authorization_type when you’re using other types like AWS_IAM
.