I'm trying to create a presigned URL for a S3 bucket in AWS Lambda (Python 3.7) that is signed using the credentials of the person that invoked the Lambda function via API Gateway.
The flow would be:
- User sends HTTP request to API Gateway, which is secured using Amazon Cognito.
- The API gateway then invokes a Lambda function, which knows who the original user is.
- The Lambda function then generates a presigned URL for the S3 bucket using the original user's credentials, rather than the default Lambda role etc.
I have managed to generate a presigned URL using the default Lambda role, just haven't managed to make this use the original user's credentials. Any direction in this would be great, thanks.