Controlling and managing access to a WebSocket API in API Gateway

API Gateway supports multiple mechanisms for controlling and managing access to your WebSocket API.

You can use the following mechanisms for authentication and authorization:

Standard AWS IAM roles and policies offer flexible and robust access controls. You can use IAM roles and policies for controlling who can create and manage your APIs, as well as who can invoke them. For more information, see Using IAM authorization.
IAM tags can be used together with IAM policies to control access. For more information, see Using tags to control access to API Gateway REST API resources.
Lambda authorizers are Lambda functions that control access to APIs. For more information, see Creating a Lambda REQUEST authorizer function.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Subprotocol support

Using IAM authorization