Authorize API Gateway APIs using Amazon Verified Permissions with Amazon Cognito or bring your own identity provider
Security Blog
This article covers how to use Amazon Verified Permissions and Amazon Cognito to authorize access to Amazon API Gateway APIs based on Cognito user groups.
Specifically, the article covers:
- Setting up API authorization using Amazon Verified Permissions
- Getting started with the simplified Verified Permissions console wizard
- Overview of a sample PetStore application with different access requirements
- Step-by-step walkthrough of using the Verified Permissions wizard to secure the PetStore API
- Details on the deployment architecture and generated Cedar policies
- Validating API security with example curl commands
- Conclusion highlighting the benefits of using Verified Permissions to simplify API authorization
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Jun 7
2024
2024
Amazon API Gateway customers can easily secure APIs using Amazon Verified Permissions
Jan 25
2024
2024
Secure API authorization in Amazon API Gateway using Microsoft Entra ID
Nov 21
2025
2025
Enhancing API security with Amazon API Gateway TLS security policies
Mar 11
2025
2025
Build an enterprise API management solution using Amazon API Gateway
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.