Use IAM RBAC for API on AWS API Gateway

We have some admin APIs that we would like to use in Retool. Those APIs are on AWS API Gateway and we use IAM authorisation with Identity Pool and RBAC from IAM roles.

I configured Cognito User pool and client with self hosted UI to provide OAuth2 and configured retool to use it. This user pool uses our federated identity provider in Google, which we use for SSO.

This way can sign our users using their Google credentials and get identity that's associated with roles to call APIs. This however requires IAM authoriser, that requires sigv4 authorisation on client.

I was unable to find any way how to configure sigv4 on REST api that uses this Auth model. Is this somehow supported or is it on roadmap?

This model allows us to see who's calling API and we have full audit trail with minimal effort. Other approach would require us to use anonymous API key and replicate security and audit mechanisms in Retool.

Hey @martinmacak, our team is aware of this and has an open ticket to address this at some point. We don't have any estimates on when it will be implemented, but when it is we will update this post.

In the meantime are you possibly able to pass your credentials using URL params?