I don't understand why my User Pool will not Authenticate a method in my API.
I've started with the simple petstore example, and added an Authorizer for my user pool. The test button shows that the JWT I have is working. I applied that Authorizer to the POST method on /pets, added Authorization as a request header.
When POST to /pets with postman (or curl), passing the Authorization: Bearer <token> header I always get the response {"message":"Unauthorized"}
I've messed around with creating an Identity pool linked to the User pool, with an Authenticated role that has a policy allowing access to the API Gateway. I've created a group in the User Pool to assign this group.
There's got to be some piece I'm missing. All I want to to allow access to the POST method to any user that presents a valid ID JWT from Cognito.
The policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"execute-api:Invoke"
],
"Resource": "arn:aws:execute-api:us-east-1:*:XXX/*/POST/*"
}
]
}
Which works fine in the simulator. I'm not 100% sure the policy should even be in play though. I'm not clear on how the provided User Pool authenticator would acquire the policy, it wasn't in any docs I saw. I just started throwing darts at the wall.
Would just like to hear that anyone has secured an API Gateway endpoint with a Userpool.
