Skip to content

Latest commit

 

History

History
85 lines (66 loc) · 3.7 KB

sam-property-api-lambdatokenauthorizer.md

File metadata and controls

85 lines (66 loc) · 3.7 KB
Raw

LambdaTokenAuthorizer

Configure a Lambda Authorizer to control access to your API with a Lambda function.

For more information and examples, see Controlling Access to API Gateway APIs in the AWS Serverless Application Model Developer Guide.

Syntax

To declare this entity in your AWS SAM template, use the following syntax:

YAML

  [AuthorizationScopes](#sam-api-lambdatokenauthorizer-authorizationscopes): List
  [FunctionArn](#sam-api-lambdatokenauthorizer-functionarn): String
  [FunctionInvokeRole](#sam-api-lambdatokenauthorizer-functioninvokerole): String
  [FunctionPayloadType](#sam-api-lambdatokenauthorizer-functionpayloadtype): String
  [Identity](#sam-api-lambdatokenauthorizer-identity): [LambdaTokenAuthorizationIdentity](sam-property-api-lambdatokenauthorizationidentity.md)

Properties

AuthorizationScopes List of authorization scopes for this authorizer.
Type: List
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

FunctionArn Specify the function arn of the Lambda function which provides authorization for the API.
Type: String
Required: Yes
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

FunctionInvokeRole Adds authorizer credentials to the OpenApi definition of the Lambda authorizer.
Type: String
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

FunctionPayloadType This property can be used to define the type of Lambda Authorizer for an Api.
Supported values: TOKEN and REQUEST
Type: String
Required: No
Default: TOKEN
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Identity This property can be used to specify an IdentitySource in an incoming request for an authorizer.
Type: LambdaTokenAuthorizationIdentity
Required: No
AWS CloudFormation Compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Examples

LambdaTokenAuth

YAML

Authorizers:
  MyLambdaTokenAuth:
    FunctionArn:
      Fn::GetAtt:
        - MyAuthFunction
        - Arn
    Identity:
      Header: MyCustomAuthHeader # OPTIONAL; Default: 'Authorization'
      ValidationExpression: mycustomauthexpression # OPTIONAL
      ReauthorizeEvery: 20 # OPTIONAL; Service Default: 300

BasicLambdaTokenAuth

YAML

Authorizers:
  MyLambdaTokenAuth:
    FunctionArn:
      Fn::GetAtt:
        - MyAuthFunction
        - Arn