I want to be able to deploy web apps made by people in my company, but I don't want to have to modify our code for auth. We can protect access to our frontend with an application load balancer easily, but I don't know how to protect the API easily whilst still allowing for programatic access to the API.
It seems like the ALB creates a cookie called AWSELBAuthSessionCookie, however to access the API via python, I would need to add an Authorization Bearer header.
It this currently possible with AWS's ALB?
ALB doesn't natively support Authorization: Bearer headers. You can use a Cognito User Pool with API Gateway for JWT validation or a Lambda Authorizer as middleware for authentication.