Skip to content

Latest commit

 

History

History
85 lines (66 loc) · 3.73 KB

sam-property-api-lambdatokenauthorizer.md

File metadata and controls

85 lines (66 loc) · 3.73 KB

LambdaTokenAuthorizer

Configure a Lambda Authorizer to control access to your API with a Lambda function.

For more information and examples, see Controlling access to API Gateway APIs.

Syntax

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

YAML

  [AuthorizationScopes](#sam-api-lambdatokenauthorizer-authorizationscopes): List
  [FunctionArn](#sam-api-lambdatokenauthorizer-functionarn): String
  [FunctionInvokeRole](#sam-api-lambdatokenauthorizer-functioninvokerole): String
  [FunctionPayloadType](#sam-api-lambdatokenauthorizer-functionpayloadtype): String
  [Identity](#sam-api-lambdatokenauthorizer-identity): LambdaTokenAuthorizationIdentity

Properties

AuthorizationScopes List of authorization scopes for this authorizer.
Type: List
Required: No
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

FunctionArn Specify the function arn of the Lambda function which provides authorization for the API.
Type: String
Required: Yes
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

FunctionInvokeRole Adds authorizer credentials to the OpenApi definition of the Lambda authorizer.
Type: String
Required: No
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

FunctionPayloadType This property can be used to define the type of Lambda Authorizer for an Api.
Valid values: TOKEN or REQUEST
Type: String
Required: No
Default: TOKEN
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Identity This property can be used to specify an IdentitySource in an incoming request for an authorizer. This property is only required if the FunctionPayloadType property is set to REQUEST.
Type: LambdaTokenAuthorizationIdentity
Required: Conditional
AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Examples

LambdaTokenAuth

YAML

Authorizers:
  MyLambdaTokenAuth:
    FunctionArn:
      Fn::GetAtt:
        - MyAuthFunction
        - Arn
    Identity:
      Header: MyCustomAuthHeader # OPTIONAL; Default: 'Authorization'
      ValidationExpression: mycustomauthexpression # OPTIONAL
      ReauthorizeEvery: 20 # OPTIONAL; Service Default: 300

BasicLambdaTokenAuth

YAML

Authorizers:
  MyLambdaTokenAuth:
    FunctionArn:
      Fn::GetAtt:
        - MyAuthFunction
        - Arn