Caffeinated Computing

In the last article I showed you how to put API Gateway in front of your Lambda.  In this article I'll enable JWT in the API Gateway and show you how to configure a Keycloak client to generate a JWT for the service.  I'm using my development Keycloak service but the concepts will apply to any Keycloak instance.

In the previous article I showed you how to setup API Gateway in front of your Lambda function.  This article will show you how to setup Keycloak to be used for API Gateway.

In part 1 of this series I showed you how to setup an AWS Lambda with the AWS console.  Now, let's protect that Lambda with API Gateway and a JWT Authorizer , specifically with Keycloak . The JWT Authorizer in API Gateway expects a standard JWT to be passed on every call to the API.  This leverages the standard Authorization header to pass the token. A curl call to the API might look like:   curl https://2ozg2rh13f.execute-api.us-west-2.amazonaws.com/default/api-gw-dad-joke -H "Accept: application/json" -H "Authorization: Bearer {token}"     where the token is a JWT that looks something like: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJq ...   In the next article I'll show you where to get this token.  But first, let's put an API in front of the Lambda.     Note: once again I am showing you the "ClickOps" method of setting up your environment by doing everything though the AWS console.  This is not a best practice by any