Posted On: Apr 2, 2018

You can now use an Amazon Lambda function from a different Amazon Web Services account as the Lambda Authorizer or Integration backend for your Amazon API Gateway API Methods. This allows for better management and security controls when working across different teams that may have their own Amazon Web Services accounts.

Previously, you could only use Amazon Lambda functions from the same account as API Gateway to use Lambda Authorizer and Integration backend.

The Amazon Lambda Authorizer is a Lambda function used to control access to your API. The Amazon Lambda Authorizer uses bearer token authentication strategies such has OAuth or SAML. With cross-account Lambda authorizers, you can create a central authorization function that can be used across multiple Amazon API Gateway APIs. Visit our documentation to learn more about Lambda Authorizers.

You can now also use an Amazon Lambda function from a different Amazon Web Services account as your API integration backend. This makes it easy to centrally manage and share the Amazon Lambda Integration function across multiple APIs. For more information about cross-account Lambda integrations in Amazon API Gateway, visit our documentation.

You can use Amazon SDKs or Amazon CLI to enable cross-account access for a Lambda function to be used as Lambda authorizer and Integrations in Amazon API Gateway.

Cross-Account Amazon Lambda Authorizers and Integrations for Amazon API Gateway is available in all regions where API Gateway is available. For more information on where Amazon API Gateway is available, see the Amazon Web Services region table. Please visit our product page for more information about Amazon API Gateway.