interface AppSyncLambdaAuthorizerConfig

Language	Type name
.NET	`Amazon.CDK.AWS.AppSync.AppSyncLambdaAuthorizerConfig`
Go	`github.com/aws/aws-cdk-go/awscdk/v2/awsappsync#AppSyncLambdaAuthorizerConfig`
Java	`software.amazon.awscdk.services.appsync.AppSyncLambdaAuthorizerConfig`
Python	`aws_cdk.aws_appsync.AppSyncLambdaAuthorizerConfig`
TypeScript (source)	`aws-cdk-lib` » `aws_appsync` » `AppSyncLambdaAuthorizerConfig`

Configuration for Lambda authorization in AppSync.

Note that you can only have a single AWS Lambda function configured to authorize your API.

Example

import * as lambda from 'aws-cdk-lib/aws-lambda';
declare const handler: lambda.Function;

const iamProvider: appsync.AppSyncAuthProvider = {
  authorizationType: appsync.AppSyncAuthorizationType.IAM,
};

const apiKeyProvider: appsync.AppSyncAuthProvider = {
  authorizationType: appsync.AppSyncAuthorizationType.API_KEY,
};

const lambdaProvider: appsync.AppSyncAuthProvider = {
  authorizationType: appsync.AppSyncAuthorizationType.LAMBDA,
  lambdaAuthorizerConfig: {
    handler,
    resultsCacheTtl: Duration.minutes(6),
    validationRegex: 'test',
  },
};

const api = new appsync.EventApi(this, 'api', {
  apiName: 'api',
  authorizationConfig: {
    // set auth providers
    authProviders: [
      iamProvider,
      apiKeyProvider,
      lambdaProvider,
    ],
    connectionAuthModeTypes: [
      appsync.AppSyncAuthorizationType.IAM,  // IAM authorization to connect
    ],
    defaultPublishAuthModeTypes: [
      appsync.AppSyncAuthorizationType.API_KEY,  // API key authorization to publish
    ],
    defaultSubscribeAuthModeTypes: [
      appsync.AppSyncAuthorizationType.LAMBDA,  // Lambda authorization to subscribe
    ],
  }
});

api.addChannelNamespace('default');

Properties

Name	Type	Description
handler	`IFunction`	The authorizer lambda function.
resultsCacheTtl?	`Duration`	How long the results are cached.
validationRegex?	`string`	A regular expression for validation of tokens before the Lambda function is called.

handler

Type: IFunction

The authorizer lambda function.

resultsCacheTtl?

Type: Duration (optional, default: Duration.minutes(5))

How long the results are cached.

Disable caching by setting this to 0.

validationRegex?

Type: string (optional, default: no regex filter will be applied.)

A regular expression for validation of tokens before the Lambda function is called.