In the last article I showed you how to put API Gateway in front of your Lambda. In this article I'll enable JWT in the API Gateway and show you how to configure a Keycloak client to generate a JWT for the service. I'm using my development Keycloak service but the concepts will apply to any Keycloak instance. Note: once again I am showing you the "ClickOps" method of setting up your environment by doing everything though the AWS console. This is not a best practice by any means. Best practice is to use a toolkit such as AWS CDK or others to have an IaC (Infrastructure-as-Code) environment. An IaC environment allows you to reproduce your overall infrastructure easily and allows much simpler auditing. But this is a demo - it's not meant to be the be-all and end-all for AWS best practices. Let's start by going to the API Gateway page. If you're not already there, just select the AWS logo in the upper right of the page and search for API Gateway.