Authorization Types

By default, calling API Gateway does not require authorization. You can add authorization to your API with API Gateway authorizers and authorization types. There are several authorization types available:

  • NONE - open access
  • AWS_IAM - use AWS IAM permissions
  • CUSTOM - custom authorizer
  • COGNITO_USER_POOLS - Cognito User Pool

The complete list of authorization types is available in the AWS API Gateway docs.

Application Wide

You can enable authorization application-wide with config/application.rb:

Jets.application.configure do
  config.api.authorization_type = :aws_iam

This will require a caller to authenticate using IAM before being able to access the endpoint.

Controller Wide

You can enable controller-wide authorization also. Example:

class PostsController < ApplicationController
  authorization_type :aws_iam

All PostsController actions will be using AWS_IAM authorization.

Route Specific

You can also enable authorization on a per-route basis with the authorization_type option:

Jets.application.routes.draw do
  get  "posts", to: "posts#index", authorization_type: :aws_iam

Inferred Authorization Type

When using Jets Authorizers, Jets will infer the right authorization_type for CUSTOM and COGNITO_USER_POOLS types. So it is recommended to only set authorization_type when you’re using other types like AWS_IAM.