Controlling and managing access to an HTTP API in API Gateway
API Gateway supports multiple mechanisms for controlling and managing access to your HTTP API:
-
Lambda authorizers use Lambda functions to control access to APIs. For more information, see Working with Amazon Lambda authorizers for HTTP APIs.
-
JWT authorizers use JSON web tokens to control access to APIs. For more information, see Controlling access to HTTP APIs with JWT authorizers.
-
Standard Amazon IAM roles and policies offer flexible and robust access controls. You can use IAM roles and policies to control who can create and manage your APIs, as well as who can invoke them. For more information, see Using IAM authorization.