Most of the time you design and build a microservice, you want part of it to be privately accessible. It means that only authenticated/authorized users can access that part. To do so, you want to implement an authenticated/authorized system to check all the accesses. There are different systems that can be integrated, but the process to check the calls that are made to private parts is the following one: you first get something that authenticates/authorizes you (for example a JWT token), and you then send it for every call you perform to let the system check.

In this lab, you will use the Serverless Framework to build a microservice composed of three functions: one for getting an authentication token, another one that will be private, and a final one that will be used as middleware for authenticating the requests made. To do so, you will create the authentication function as a custom authorizer. It means that every call made to a private function will be first passed to the authentication function through API Gateway. It will check for the presence of an authentication part, and if it's valid it will return an IAM policy to let the request be sent to the target function.

Learning Objectives

Upon completion of this lab you will be able to:

• Build a serverless microservice with private parts
• Define a custom authorizer function that will authenticate all the requests made to private parts

Intended Audience

This lab is intended for:

• Software engineers that want to build a microservice that requires authentication/authorization
• Developers that want to understand how to leverage the Serverless Framework to build an authenticated microservice

Prerequisites

To get the most from this lab, you should have basic knowledge of the Serverless Framework. To get ready, you can use the following labs:

• Introduction to the Serverless Framework
• Build and Deploy a Highly Scalable Serverless CRUD Microservice With the Serverless Framework
• Sending Async Fan-Out Messages Using the Serverless Framework