CfnAuthorizerProps

class aws_cdk.aws_apigateway.CfnAuthorizerProps(*, name, rest_api_id, type, authorizer_credentials=None, authorizer_result_ttl_in_seconds=None, authorizer_uri=None, auth_type=None, identity_source=None, identity_validation_expression=None, provider_arns=None)

Bases: object

Properties for defining a CfnAuthorizer.

Parameters
  • name (str) – The name of the authorizer.

  • rest_api_id (str) – The ID of the RestApi resource that API Gateway creates the authorizer in.

  • type (str) – The type of authorizer. Valid values include:. - TOKEN : A custom authorizer that uses a Lambda function. - COGNITO_USER_POOLS : An authorizer that uses Amazon Cognito user pools. - REQUEST : An authorizer that uses a Lambda function using incoming request parameters.

  • authorizer_credentials (Optional[str]) – The credentials that are required for the authorizer. To specify an IAM role that API Gateway assumes, specify the role’s Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

  • authorizer_result_ttl_in_seconds (Union[int, float, None]) – The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. If you specify a value greater than 0, API Gateway caches the authorizer responses. By default, API Gateway sets this property to 300. The maximum value is 3600, or 1 hour.

  • authorizer_uri (Optional[str]) – The authorizer’s Uniform Resource Identifier (URI). If you specify TOKEN for the authorizer’s Type property, specify a Lambda function URI that has the form arn:aws:apigateway: *region* :lambda:path/ *path* . The path usually has the form /2015-03-31/functions/ LambdaFunctionARN /invocations.

  • auth_type (Optional[str]) – An optional customer-defined field that’s used in OpenApi imports and exports without functional impact.

  • identity_source (Optional[str]) – The source of the identity in an incoming request. If you specify TOKEN or COGNITO_USER_POOLS for the Type property, this property is required. Specify a header mapping expression using the form method.request.header. *name* , where name is the name of a custom authorization header that clients submit as part of their requests. If you specify REQUEST for the Type property, this property is required when authorization caching is enabled. Specify a comma-separated string of one or more mapping expressions of the specified request parameter using the form method.request.parameter. *name* . For supported parameter types, see Configure Lambda Authorizer Using the API Gateway Console in the API Gateway Developer Guide .

  • identity_validation_expression (Optional[str]) – A validation expression for the incoming identity. If you specify TOKEN for the authorizer’s Type property, specify a regular expression. API Gateway uses the expression to attempt to match the incoming client token, and proceeds if the token matches. If the token doesn’t match, API Gateway responds with a 401 (unauthorized request) error code.

  • provider_arns (Optional[Sequence[str]]) – A list of the Amazon Cognito user pool Amazon Resource Names (ARNs) to associate with this authorizer. Required if you specify COGNITO_USER_POOLS as the authorizer Type . For more information, see Use Amazon Cognito User Pools in the API Gateway Developer Guide .

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_apigateway as apigateway

cfn_authorizer_props = apigateway.CfnAuthorizerProps(
    name="name",
    rest_api_id="restApiId",
    type="type",

    # the properties below are optional
    authorizer_credentials="authorizerCredentials",
    authorizer_result_ttl_in_seconds=123,
    authorizer_uri="authorizerUri",
    auth_type="authType",
    identity_source="identitySource",
    identity_validation_expression="identityValidationExpression",
    provider_arns=["providerArns"]
)

Attributes

auth_type

An optional customer-defined field that’s used in OpenApi imports and exports without functional impact.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-authtype

Return type

Optional[str]

authorizer_credentials

The credentials that are required for the authorizer.

To specify an IAM role that API Gateway assumes, specify the role’s Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-authorizercredentials

Return type

Optional[str]

authorizer_result_ttl_in_seconds

The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results.

If you specify a value greater than 0, API Gateway caches the authorizer responses. By default, API Gateway sets this property to 300. The maximum value is 3600, or 1 hour.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-authorizerresultttlinseconds

Return type

Union[int, float, None]

authorizer_uri

The authorizer’s Uniform Resource Identifier (URI).

If you specify TOKEN for the authorizer’s Type property, specify a Lambda function URI that has the form arn:aws:apigateway: *region* :lambda:path/ *path* . The path usually has the form /2015-03-31/functions/ LambdaFunctionARN /invocations.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-authorizeruri

Return type

Optional[str]

identity_source

The source of the identity in an incoming request.

If you specify TOKEN or COGNITO_USER_POOLS for the Type property, this property is required. Specify a header mapping expression using the form method.request.header. *name* , where name is the name of a custom authorization header that clients submit as part of their requests.

If you specify REQUEST for the Type property, this property is required when authorization caching is enabled. Specify a comma-separated string of one or more mapping expressions of the specified request parameter using the form method.request.parameter. *name* . For supported parameter types, see Configure Lambda Authorizer Using the API Gateway Console in the API Gateway Developer Guide .

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-identitysource

Return type

Optional[str]

identity_validation_expression

A validation expression for the incoming identity.

If you specify TOKEN for the authorizer’s Type property, specify a regular expression. API Gateway uses the expression to attempt to match the incoming client token, and proceeds if the token matches. If the token doesn’t match, API Gateway responds with a 401 (unauthorized request) error code.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-identityvalidationexpression

Return type

Optional[str]

name

The name of the authorizer.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-name

Return type

str

provider_arns

A list of the Amazon Cognito user pool Amazon Resource Names (ARNs) to associate with this authorizer.

Required if you specify COGNITO_USER_POOLS as the authorizer Type . For more information, see Use Amazon Cognito User Pools in the API Gateway Developer Guide .

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-providerarns

Return type

Optional[List[str]]

rest_api_id

The ID of the RestApi resource that API Gateway creates the authorizer in.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-restapiid

Return type

str

type

.

  • TOKEN : A custom authorizer that uses a Lambda function.

  • COGNITO_USER_POOLS : An authorizer that uses Amazon Cognito user pools.

  • REQUEST : An authorizer that uses a Lambda function using incoming request parameters.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-type

Type

The type of authorizer. Valid values include

Return type

str