December 2019
Intermediate to advanced
382 pages
9h 43m
English
Content preview from Learn AWS Serverless Computing
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
IAM permissions and policies
The first option to cover is the IAM authentication method for securing APIs. To clarify, there are two main ways to use IAM:
- The first is to provide administrative access to create, update, maintain, and delete APIs.
- The second is to control which entities can invoke or execute an existing API—this is the component that this section is focused on.
The benefit of using IAM for access control is that it centralizes our authentication and authorization concerns to a single service. Those of us who have been using AWS for a while will also be very familiar with the IAM service as it is integrated with almost everything. Changes we make to roles or policies can also be made without redeploying any API code, and ...