I am trying to implement a custom authorizer for AWS API Gateway. I need to make two lambda functions, one that will generate the token and the other to validate the token. However, how can the latter validate the token that came from the former? In some c# tutorials they have set the same machine key so that the validator can decrypt the token sent by the authorization server. How can I do that in aws lambda functions?
Any help would be highly appreciated.
Thank you.
I would store the signing key (I am assuming JWT tokens) in EC2 Systems Manager Parameter Store. Each Lambda function will need permissions to access the parameter store.
Very easy service to work with. This service is located on the Amazon Management Console EC2 page left hand side under Systems Manager Shared Resources.
Amazon EC2 Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, and license codes as parameter values. You can store values as plain text or encrypted data. You can then reference values by using the unique name that you specified when you created the parameter. Parameter Store is easily accessible by using the AWS Management console and the AWS CLI. Highly scalable, available, and durable, Parameter Store is backed by the AWS Cloud. Parameter Store is offered at no additional charge and includes generous limits.
Systems Manager Parameter Store
The Right Way to Store Secrets using Parameter Store
You should use SSM Parameter Store over Lambda env variables
