Secure API authorization in Amazon API Gateway using Microsoft Entra ID
Microsoft Workloads on AWS Blog
This article provides a step-by-step guide for setting up an AWS Lambda authorizer with Microsoft Entra ID (formerly Azure Active Directory) using OpenID Connect (OIDC) to secure APIs in Amazon API Gateway. It covers securely authorizing API requests using Entra ID as an identity provider.
Specifically, the article covers:
- Solution overview and architecture
- Prerequisites for Entra ID and AWS accounts
- Setting up Entra ID configuration (registering app, creating scope and client secret)
- Building an AWS Lambda authorizer function to validate JWT tokens from Entra ID
- Building an AWS Lambda response function for testing
- Configuring Amazon API Gateway with the Lambda authorizer
- Testing and troubleshooting the setup using Postman
- Cleanup instructions
- Conclusion and additional resources
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 7
2024
2024
Amazon API Gateway customers can easily secure APIs using Amazon Verified Permissions
Nov 21
2025
2025
Enhancing API security with Amazon API Gateway TLS security policies
Apr 24
2024
2024
Authorize API Gateway APIs using Amazon Verified Permissions with Amazon Cognito or bring your own identity provider
Feb 25
2025
2025
Enhancing Security with AWS Verified Access and Microsoft Entra ID Integration
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.