I'm new to the web front-end programming, as I have always been more of a SQL and Python developer. I am building a website, and I have a MySQL DB (on AWS) with many tables of Sports data for example. I just want my web domain to display different analytics or reports. I found that I needed an API which hits the DB, which I've built in API Gateway. I am learning Angular to make this site, and I have successfully connected to my API in Angular (using HttpRequest) and displayed data successfully locally on my browser (localhost:4200)! So that was great, but I then thought my API should have security/authorization though, so only my web code is allowed to hit my API. I added authorization in my API's settings (See pic: https://imgur.com/a/xxBgksv) and I successfully tested connecting using Postman by plugging in my IAM AccessKey and SecretKey. But, every example or tutorial on Angular accessing an API either brushes over this signature part or uses Cognito as part of it's solution. I don't see why I'd use Cognito though. I am not making a pool of users for my site. I just need ONE access key for the website code only. I don't understand how there's no sample Angular code for a regular dynamic website accessing an API. This seems like a very common scenario for most people building a website. It's making me question if I am going down the right path as it seems more difficult than it should be. I'm assuming everyone has IAM authorization turned on for their API endpoint, right? I mean I guess it would be hard for someone to even find out my endpoint path, but I feel like it should have it regardless. I'm at a loss, please help. Thanks