Hacker News new | past | comments | ask | show | jobs | submit login

Thanks for a clear, sensible investigation. ISTM your auth complaint is well-taken. Either Lambda should be seeing the same role as the gateway automatically, or there ought to be a way to configure that.

However, I have to admit that my first reaction to that difficulty in getting the account ID from the path/query/etc would have been to just shove it in the request body JSON that was already coming through. Then it could probably be taken out of the path completely, which would be a win for url privacy at least. This doesn't seem like the showstopper that the auth issue does.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: