Member-only story
Authenticate Lambda Requests with ALB and Google OAuth: Part 1
Build an Application Load Balancer that uses OAuth2.0 to authenticate requests to Lambda services.
Recently, the AWS team introduced a serverless pattern that leverages Application Load Balancers (ALB) in front of Lambda functions instead of API Gateway (API GW). For high throughput applications, you may be able to achieve significant cost savings by replacing your API GW service with an ALB.
In a two-part series, I will explain how to configure an HTTPS ALB that authenticates through an OpenID Connect (OIDC) compliant identity provider (IdP) using CloudFormation. For this tutorial, we will use Google as our identity provider, but keep in mind that any OIDC-compliant IdP will work.
This article (Part I) will focus on the steps prior to building the Application Load Balancer. In a followup article (Part II), I will provide a sample project that uses an HTTPS ALB to authenticate requests to the different Lambda services.
What we’ll need
Before creating an HTTPS ALB, there are some application components that we will need to create, in order to make requests to the ALB:
