LambdaAuthorizerConfig - AWS AppSync


A LambdaAuthorizerConfig specifies how to authorize AWS AppSync API access when using the AWS_LAMBDA authorizer mode. Be aware that an AWS AppSync API can have only one AWS Lambda authorizer configured at a time.



The number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 3600.

Required: No


The Amazon Resource Name (ARN) of the Lambda function to be called for authorization. This can be a standard Lambda ARN, a version ARN (.../v3), or an alias ARN.

Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To use the AWS Command Line Interface (AWS CLI), run the following:

aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal --action lambda:InvokeFunction

Type: String

Required: Yes


A regular expression for validation of tokens before the Lambda function is called.

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: