In AWS, I have built an API gateway which invokes a Lambda function. Users gain access by logging in to a Cognito User Pool associated with a Cognito Federated Identity Pool and the associated IAM roles contain API invoke permissions. The API Gateway method is a POST request.
If I use the User Pool as the authorizer of the API Gateway I am able to successfully trigger the Lambda function via an ajax request in my javascript web app - note though, this grants the same access to every user in the pool. I am trying to create different Cognito User Group based access for different methods and because I apparently cannot specify a different User Group for each method when using the Cognito User Pool as the authorizer, I am now seeing if I can secure the API using AWS_IAM as the API authorizer. However, if I select AWS_IAM as the authorizer I get back:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 403.
What might be the problem? How do I set up CORS correctly for this scenario and what should my ajax request look like in the client javascript? Does cognito take care of signing for me or do I need to do something to headers?
When I used the Cognito User Pool I had:
$.ajax({
method: 'POST',
url: _config.api.invokeUrl + '/savesurv',
headers: {
Authorization: authToken
},
data: JSON.stringify(Data),
contentType: 'application/json',
success: callback,//console.log("complete"),
error: function ajaxError(jqXHR, textStatus, errorThrown) {
console.error('Error requesting save: ', textStatus, ', Details: ', errorThrown);
console.error('Response: ', jqXHR.responseText);
alert('An error occured when requesting to save:\n' + jqXHR.responseText);
}
});
This worked in that case, do I need to change it when using AWS_IAM as authorization for the API Gateway?
