Authenticate Lambda Requests with ALB and Google OAuth: Part 1

Build an Application Load Balancer that uses OAuth2.0 to authenticate requests to Lambda services.

General Architecture

What we’ll need

Before creating an HTTPS ALB, there are some application components that we will need to create. In order to make requests to the ALB, we’ll need to perform the following steps:

  1. Create an SSL Certificate for our domain using the AWS Certificate Manager Service.
  2. Create a Google OAuth Client.

Let’s Talk About Cost

While API Gateway has a robust set of features for Authentication and Authorization and is really easy to configure for a serverless application, it does not always scale well from a cost perspective. For a deep dive on the cost analysis between API GW and ALB, this article written by Jeremy Thomerson does a wonderful job at comparing the two services.

Register a Route53 Domain

In order to serve requests from an HTTPS ALB, we’ll need a Route53 Registered Domain. When we eventually define our ALB, we will need a valid SSL/TLS certificate from the AWS Certificate Manager. However, the certificate provided by the certificate manager must be issued to a valid domain name.

Create a Certificate for your Domain

The next thing we’ll have to do in order to deploy an HTTPS ALB is create an SSL/TLS certificate for our registered domain using AWS’s Certificate Manager (ACM).

Create ACM certificate for “ianswebforum.com”

Create a Google OAuth Client

The last thing we’ll need to do before building our Application Load Balancer is to create our Google OAuth client. Once the client is built, we can tell our ALB to authenticate requests through the OAuth client.

  1. In the search bar, enter Create a Project and select Create a Project.
  2. Enter a Project Name and click Create.
Steps 1–3
Step 4
Steps 5–7
  • profile: Shares the user’s Google profile information (first name, last name, profile picture, etc.) in the request header.
  • openid: Allows our ALB to authenticate with Google’s OAuth client.
Steps 8–9
Step 11
Steps 12–14

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store