[{"data":1,"prerenderedAt":74},["ShallowReactive",2],{"pattern-apigws-secretsmanager-apikey-cdk":3},{"id":4,"title":5,"architectureURL":6,"cleanup":7,"contributors":11,"deploy":13,"description":17,"extension":18,"framework":19,"gitHub":20,"highlight":6,"introBox":26,"language":33,"level":34,"meta":35,"patternArch":36,"resources":56,"s3URL":6,"services":6,"stem":67,"testing":68,"videoId":6,"__hash__":73},"patterns\u002Fpatterns\u002Fapigws-secretsmanager-apikey-cdk.json","Amazon API Gateway, AWS Lambda Authorizer & Secrets Manager for API Key Authentication",null,{"text":8},[9,10],"Delete the CDK stack: \u003Ccode>cdk destroy\u003C\u002Fcode>","Delete created SecretManager keys using the provided script: \u003Ccode>.\u002Fremove_secrets.sh\u003C\u002Fcode>",[12],"content\u002Fcontributors\u002Fmarco-jahn.json",{"text":14},[15,16],"npm install","cdk deploy","Implement a secure API key-based authorization system using Amazon API Gateway, AWS Lambda Authorizer, and AWS Secrets Manager.","json","AWS CDK",{"template":21},{"repoURL":22,"templateURL":23,"projectFolder":24,"templateFile":25},"https:\u002F\u002Fgithub.com\u002Faws-samples\u002Fserverless-patterns\u002Ftree\u002Fmain\u002Fapigw-secretsmanager-apikey-cdk","serverless-patterns\u002Fapigw-secretsmanager-apikey-cdk","apigw-secretsmanager-apikey-cdk","lib\u002Fapigw-secretsmanager-apikey-stack.ts",{"headline":27,"text":28},"How it works",[29,30,31,32],"This pattern demonstrates how to implement a secure API key-based authorization system using Amazon API Gateway, Lambda Authorizer, and AWS Secrets Manager.","Each user\u002Ftenant has their own unique API key stored in Secrets Manager, which is validated by a Lambda authorizer when requests are made to protected API endpoints.","The Lambda authorizer checks if the API key exists in Secrets Manager. If the key is valid, the associated tenant information is retrieved and included in the authorization context.","The API Gateway then allows or denies access to the protected endpoint based on the policy returned by the authorizer.","TypeScript","200",{},{"icon1":37,"icon2":42,"icon3":45,"line1":49,"line2":53},{"x":38,"y":39,"service":40,"label":41},20,50,"apigw","API Gateway REST API",{"x":39,"y":39,"service":43,"label":44},"lambda","AWS Lambda Authorizer",{"x":46,"y":39,"service":47,"label":48},80,"secretsmanager","AWS Secrets Manager",{"from":50,"to":51,"label":52},"icon1","icon2","Authorizer",{"from":51,"to":54,"label":55},"icon3","Request secret",{"bullets":57},[58,61,64],{"text":59,"link":60},"Lambda Authorizers for Amazon API Gateway","https:\u002F\u002Fdocs.aws.amazon.com\u002Fapigateway\u002Flatest\u002Fdeveloperguide\u002Fapigateway-use-lambda-authorizer.html",{"text":62,"link":63},"AWS Secrets Manager User Guide","https:\u002F\u002Fdocs.aws.amazon.com\u002Fsecretsmanager\u002Flatest\u002Fuserguide\u002Fintro.html",{"text":65,"link":66},"Amazon API Gateway - REST APIs","https:\u002F\u002Fdocs.aws.amazon.com\u002Fapigateway\u002Flatest\u002Fdeveloperguide\u002Fapigateway-rest-api.html","patterns\u002Fapigws-secretsmanager-apikey-cdk",{"text":69},[70,71,72],"Create an API key using the provided script: \u003Ccode>.\u002Fcreate_api_key.sh sample-tenant\u003C\u002Fcode>","Make a request to the protected endpoint using the valid API key: \u003Ccode>curl -H \"x-api-key: CREATED_API_KEY\" https:\u002F\u002FREPLACE_WITH_CREATED_API_URL.amazonaws.com\u002Fprod\u002Fprotected\u003C\u002Fcode>","If successful, you should receive a response: \u003Ccode>{ \"message\": \"Access granted\" }\u003C\u002Fcode>","AMiGvoy8Iv0fbjRHc1PpLafmZsCANgBQ4TAcPrnS6_s",1781692543121]