Amazon API Gateway
Developer Guide

Controlling Access to an API in API Gateway

API Gateway supports multiple mechanisms of access control, including metering or tracking API uses by clients using API keys. The standard AWS IAM roles and policies offer flexible and robust access controls that can be applied to an entire API set or individual methods. Lambda authorizers and Amazon Cognito user pools provide customizable authorization and authentication solutions.