Hi Darshak,

For APIs, the best approach is to use OAuth scopes as much as possible because this blog uses AWS IAM permissions which is not an industry standard. It is fine to use AWS IAM permissions to control access for AWS specific resources like s3 bucket. But, for APIs, it is always better to use OAuth scopes.

I have not tried creating AWS IAM roles for API access. You can take a look at this documentation https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html. You might have to create multiple roles to control access to different APIs and map the incoming role to a specific AWS IAM role during authentication. Again, this is not the ideal approach.

Thanks,

Karthik

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store