I am building a multi-tenant SaaS service with Cognito and API Gateway. I am watching videos and reading blogs but I cannot find a clear solution how this works.
- I am thinking to create multiple Cognitos, one for each tenant, but when creating an API Gateway you have to link an authorizer to a Cognito User Pool ID and there is a limit how many you can link. Why I am asking this? because I want to use the same API Gateway endpoints for all the Cognito User Pools. So my guess is that I have to create a Lambda Authorizer and create a policy with that API Gateway ID, right?
1.1 Is it possible to use a JWT token to call API Gateway REST API with a Lambda Authorizer ?
- On re:Invent 2019 Serverless SaaS deep dive, they give a solution to create a dynamic policy and associate to a Lambda on-the-fly, so that you can improve the security for example when querying a DynamoDB table (they alert about the security of this approach, but I am curious). How they do that? Because I have already seen that it is not possible to forward the policy created by the Lambda Authorizer to a Lambda Function.
Thanks
