TokenAuthorizer¶
-
class
aws_cdk.aws_apigateway.TokenAuthorizer(scope, id, *, identity_source=None, validation_regex=None, handler, assume_role=None, authorizer_name=None, results_cache_ttl=None)¶ Bases:
aws_cdk.aws_apigateway.AuthorizerToken based lambda authorizer that recognizes the caller’s identity as a bearer token, such as a JSON Web Token (JWT) or an OAuth token.
Based on the token, authorization is performed by a lambda function.
- Resource
AWS::ApiGateway::Authorizer
- Parameters
scope (
Construct) –id (
str) –identity_source (
Optional[str]) – The request header mapping expression for the bearer token. This is typically passed as part of the header, in which case this should bemethod.request.header.Authorizerwhere Authorizer is the header containing the bearer token. Default:IdentitySource.header('Authorization')validation_regex (
Optional[str]) – An optional regex to be matched against the authorization token. When matched the authorizer lambda is invoked, otherwise a 401 Unauthorized is returned to the client. Default: - no regex filter will be applied.handler (
IFunction) – The handler for the authorizer lambda function. The handler must follow a very specific protocol on the input it receives and the output it needs to produce. API Gateway has documented the handler’s input specification {@link https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-input.html | here} and output specification {@link https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html | here}.assume_role (
Optional[IRole]) – An optional IAM role for APIGateway to assume before calling the Lambda-based authorizer. The IAM role must be assumable by ‘apigateway.amazonaws.com’. Default: - A resource policy is added to the Lambda function allowing apigateway.amazonaws.com to invoke the function.authorizer_name (
Optional[str]) – An optional human friendly name for the authorizer. Note that, this is not the primary identifier of the authorizer. Default: - the unique construcrt IDresults_cache_ttl (
Optional[Duration]) – How long APIGateway should cache the results. Max 1 hour. Disable caching by setting this to 0. Default: Duration.minutes(5)
Methods
-
apply_removal_policy(policy)¶ Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DELETE), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).- Parameters
policy (
RemovalPolicy) –- Return type
None
-
to_string()¶ Returns a string representation of this construct.
- Return type
str
Attributes
The authorization type of this authorizer.
- Return type
Optional[AuthorizationType]
The ARN of the authorizer to be used in permission policies, such as IAM and resource-based grants.
- Return type
str
The id of the authorizer.
- Return type
str
-
env¶ The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
- Return type
-
node¶ The construct tree node associated with this construct.
- Return type
Static Methods
Return whether the given object is an Authorizer.
- Parameters
x (
Any) –- Return type
bool
-
classmethod
is_construct(x)¶ Return whether the given object is a Construct.
- Parameters
x (
Any) –- Return type
bool
-
classmethod
is_resource(construct)¶ Check whether the given construct is a Resource.
- Parameters
construct (
IConstruct) –- Return type
bool