Class CfnAuthorizer
- All Implemented Interfaces:
IConstruct
,IDependable
,IInspectable
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
AWS::ApiGatewayV2::Authorizer
.
The AWS::ApiGatewayV2::Authorizer
resource creates an authorizer for a WebSocket API or an HTTP API. To learn more, see Controlling and managing access to a WebSocket API in API Gateway and Controlling and managing access to an HTTP API in API Gateway in the API Gateway Developer Guide .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.apigatewayv2.*; CfnAuthorizer cfnAuthorizer = CfnAuthorizer.Builder.create(this, "MyCfnAuthorizer") .apiId("apiId") .authorizerType("authorizerType") .name("name") // the properties below are optional .authorizerCredentialsArn("authorizerCredentialsArn") .authorizerPayloadFormatVersion("authorizerPayloadFormatVersion") .authorizerResultTtlInSeconds(123) .authorizerUri("authorizerUri") .enableSimpleResponses(false) .identitySource(List.of("identitySource")) .identityValidationExpression("identityValidationExpression") .jwtConfiguration(JWTConfigurationProperty.builder() .audience(List.of("audience")) .issuer("issuer") .build()) .build();
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
A fluent builder forCfnAuthorizer
.static interface
TheJWTConfiguration
property specifies the configuration of a JWT authorizer.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ModifierConstructorDescriptionCfnAuthorizer
(Construct scope, String id, CfnAuthorizerProps props) Create a newAWS::ApiGatewayV2::Authorizer
.protected
CfnAuthorizer
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnAuthorizer
(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptiongetApiId()
The API identifier.The authorizer ID.Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer.Specifies the format of the payload sent to an HTTP API Lambda authorizer.The time to live (TTL) for cached authorizer results, in seconds.The authorizer type.The authorizer's Uniform Resource Identifier (URI).Specifies whether a Lambda authorizer returns a response in a simple format.The identity source for which authorization is requested.This parameter is not used.TheJWTConfiguration
property specifies the configuration of a JWT authorizer.getName()
The name of the authorizer.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
The API identifier.void
Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer.void
Specifies the format of the payload sent to an HTTP API Lambda authorizer.void
The time to live (TTL) for cached authorizer results, in seconds.void
setAuthorizerType
(String value) The authorizer type.void
setAuthorizerUri
(String value) The authorizer's Uniform Resource Identifier (URI).void
setEnableSimpleResponses
(Boolean value) Specifies whether a Lambda authorizer returns a response in a simple format.void
Specifies whether a Lambda authorizer returns a response in a simple format.void
setIdentitySource
(List<String> value) The identity source for which authorization is requested.void
This parameter is not used.void
setJwtConfiguration
(IResolvable value) TheJWTConfiguration
property specifies the configuration of a JWT authorizer.void
TheJWTConfiguration
property specifies the configuration of a JWT authorizer.void
The name of the authorizer.Methods inherited from class software.amazon.awscdk.core.CfnResource
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.core.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.core.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnAuthorizer
protected CfnAuthorizer(software.amazon.jsii.JsiiObjectRef objRef) -
CfnAuthorizer
protected CfnAuthorizer(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnAuthorizer
@Stability(Stable) public CfnAuthorizer(@NotNull Construct scope, @NotNull String id, @NotNull CfnAuthorizerProps props) Create a newAWS::ApiGatewayV2::Authorizer
.- Parameters:
scope
-- scope in which this resource is defined.
id
-- scoped id of the resource.
props
-- resource properties.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
-- tree inspector to collect and process attributes.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrAuthorizerId
The authorizer ID. -
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getApiId
The API identifier. -
setApiId
The API identifier. -
getAuthorizerType
The authorizer type.Specify
REQUEST
for a Lambda function using incoming request parameters. SpecifyJWT
to use JSON Web Tokens (supported only for HTTP APIs). -
setAuthorizerType
The authorizer type.Specify
REQUEST
for a Lambda function using incoming request parameters. SpecifyJWT
to use JSON Web Tokens (supported only for HTTP APIs). -
getName
The name of the authorizer. -
setName
The name of the authorizer. -
getAuthorizerCredentialsArn
Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer.To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null. Supported only for
REQUEST
authorizers. -
setAuthorizerCredentialsArn
Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer.To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null. Supported only for
REQUEST
authorizers. -
getAuthorizerPayloadFormatVersion
Specifies the format of the payload sent to an HTTP API Lambda authorizer.Required for HTTP API Lambda authorizers. Supported values are
1.0
and2.0
. To learn more, see Working with AWS Lambda authorizers for HTTP APIs . -
setAuthorizerPayloadFormatVersion
Specifies the format of the payload sent to an HTTP API Lambda authorizer.Required for HTTP API Lambda authorizers. Supported values are
1.0
and2.0
. To learn more, see Working with AWS Lambda authorizers for HTTP APIs . -
getAuthorizerResultTtlInSeconds
The time to live (TTL) for cached authorizer results, in seconds.If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.
-
setAuthorizerResultTtlInSeconds
The time to live (TTL) for cached authorizer results, in seconds.If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Supported only for HTTP API Lambda authorizers.
-
getAuthorizerUri
The authorizer's Uniform Resource Identifier (URI).For
REQUEST
authorizers, this must be a well-formed Lambda function URI, for example,arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2: *{account_id}* :function: *{lambda_function_name}* /invocations
. In general, the URI has this form:arn:aws:apigateway: *{region}* :lambda:path/ *{service_api}*
, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial/
. For Lambda functions, this is usually of the form/2015-03-31/functions/[FunctionARN]/invocations
. -
setAuthorizerUri
The authorizer's Uniform Resource Identifier (URI).For
REQUEST
authorizers, this must be a well-formed Lambda function URI, for example,arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2: *{account_id}* :function: *{lambda_function_name}* /invocations
. In general, the URI has this form:arn:aws:apigateway: *{region}* :lambda:path/ *{service_api}*
, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial/
. For Lambda functions, this is usually of the form/2015-03-31/functions/[FunctionARN]/invocations
. -
getEnableSimpleResponses
Specifies whether a Lambda authorizer returns a response in a simple format.By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs .
-
setEnableSimpleResponses
Specifies whether a Lambda authorizer returns a response in a simple format.By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs .
-
setEnableSimpleResponses
Specifies whether a Lambda authorizer returns a response in a simple format.By default, a Lambda authorizer must return an IAM policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs. To learn more, see Working with AWS Lambda authorizers for HTTP APIs .
-
getIdentitySource
The identity source for which authorization is requested.For a
REQUEST
authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with$
, for example,$request.header.Auth
,$request.querystring.Name
. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs .For
JWT
, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example$request.header.Authorization
. -
setIdentitySource
The identity source for which authorization is requested.For a
REQUEST
authorizer, this is optional. The value is a set of one or more mapping expressions of the specified request parameters. The identity source can be headers, query string parameters, stage variables, and context parameters. For example, if an Auth header and a Name query string parameter are defined as identity sources, this value is route.request.header.Auth, route.request.querystring.Name for WebSocket APIs. For HTTP APIs, use selection expressions prefixed with$
, for example,$request.header.Auth
,$request.querystring.Name
. These parameters are used to perform runtime validation for Lambda-based authorizers by verifying all of the identity-related request parameters are present in the request, not null, and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function. Otherwise, it returns a 401 Unauthorized response without calling the Lambda function. For HTTP APIs, identity sources are also used as the cache key when caching is enabled. To learn more, see Working with AWS Lambda authorizers for HTTP APIs .For
JWT
, a single entry that specifies where to extract the JSON Web Token (JWT) from inbound requests. Currently only header-based and query parameter-based selections are supported, for example$request.header.Authorization
. -
getIdentityValidationExpression
This parameter is not used. -
setIdentityValidationExpression
This parameter is not used. -
getJwtConfiguration
TheJWTConfiguration
property specifies the configuration of a JWT authorizer.Required for the
JWT
authorizer type. Supported only for HTTP APIs. -
setJwtConfiguration
TheJWTConfiguration
property specifies the configuration of a JWT authorizer.Required for the
JWT
authorizer type. Supported only for HTTP APIs. -
setJwtConfiguration
@Stability(Stable) public void setJwtConfiguration(@Nullable CfnAuthorizer.JWTConfigurationProperty value) TheJWTConfiguration
property specifies the configuration of a JWT authorizer.Required for the
JWT
authorizer type. Supported only for HTTP APIs.
-