As the name implies, this method of security uses AWS Lambda functions to restrict who can invoke REST API methods. Lambda authorizers can either use bearer-based tokens to authenticate the request, including OAuth or SAML (Security Assertion Markup Language), or alternatively request parameters, such as HTML headers, paths, query string parameters, and stage variables.
When AWS API Gateway processes a request for API access, the identity of the request will be identified by the Lambda authorizer, which will generate a resulting IAM policy defining the access granted.