This is great. Do you know with API gateway + cognito authorizer, how to send unauthorized requests to cloudwatch logs or s3? Also would love to see a video on a detailed WAF and adding to API gateway, cloudfront, etc with cdk.
Hey! Yes, API Gateway supports logging unauthorized requests to CloudWatch if you enable logging in the API Gateway settings. To do this in the CDK, you can use the API Gateway Stage construct and specify a accessLogDestination with a CloudWatch log group. If you also wanted to set these logs up to go to S3, you could create a lambda to do that. I will look into doing a video about WAF and API Gateway/CloudFront for a video, thanks for the great suggestion! API GW Stage Construct: docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.Stage.html
Hi Ryan, thanks for great content - great value and love the format! In CDK is it possible to setup RBAC with a Cognito authorizer - protecting ApiGateway routes? If yes, then I’d like to make this a video request. Thanks again!
Hey, Yes correct, you would probably not do this through the CLI. You would instead add the token to the header of your API request in the code like "'Authorization": "Bearer ${idToken}", or something along those lines. This is how I usually do it with Axios by adding an interceptor to append that header to each API call before its made. Hope this helps!
Copy that, that thanks! Since you ask about topics for videos I think one important topic it vpc endpoint service (not vpc endpoints). Would be interesting how to set it up and more importantly how to configure my app to consume that service. Thanks in advance!
Which topics would you like to see me make videos on next?
This is great. Do you know with API gateway + cognito authorizer, how to send unauthorized requests to cloudwatch logs or s3?
Also would love to see a video on a detailed WAF and adding to API gateway, cloudfront, etc with cdk.
Hey!
Yes, API Gateway supports logging unauthorized requests to CloudWatch if you enable logging in the API Gateway settings. To do this in the CDK, you can use the API Gateway Stage construct and specify a accessLogDestination with a CloudWatch log group. If you also wanted to set these logs up to go to S3, you could create a lambda to do that.
I will look into doing a video about WAF and API Gateway/CloudFront for a video, thanks for the great suggestion!
API GW Stage Construct: docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_apigateway.Stage.html
Hi Ryan, thanks for great content - great value and love the format!
In CDK is it possible to setup RBAC with a Cognito authorizer - protecting ApiGateway routes?
If yes, then I’d like to make this a video request.
Thanks again!
Hey,
Off the top of my head, I am not sure if this is possible, but I will look into it!
how to use this info in production? in prod you don't c&p the tokens to the shell
Hey,
Yes correct, you would probably not do this through the CLI. You would instead add the token to the header of your API request in the code like "'Authorization": "Bearer ${idToken}", or something along those lines. This is how I usually do it with Axios by adding an interceptor to append that header to each API call before its made.
Hope this helps!
Copy that, that thanks! Since you ask about topics for videos I think one important topic it vpc endpoint service (not vpc endpoints). Would be interesting how to set it up and more importantly how to configure my app to consume that service. Thanks in advance!
This is a great suggestion, I will look into it, thank you!