AWS Lambda, AWS API Gateway and Securing REST endpoints

I don't think you want to use Spring Security in a Lambda function. I can't imagine that working very well, and I doubt it would work at all. Even if it could run on Lambda it would definitely add more to your function's cold startup time than you are going to want to deal with.

The recommended way to provide user authentication checking to stateless services is through the use of JWT (JSON Web Tokens). Auth0 provides a good general article about JWT here, as well as a tutorial on using Auth0 with API Gateway and Lambda here. Even if you don't use Auth0 I think the second tutorial is useful for understanding how to perform user authentication on API Gateway and Lambda.

You can also use API Gateway Custom Authorization functions, which allow you to encapsulate all your authentication code in one Lambda function that acts like a "gatekeeper" to your API endpoints. I would recommend using a Custom Authorization Lambda function to validate the JSON web tokens submitted to your API.