AWS::AppSync::GraphQLApi LambdaAuthorizerConfig

Configuration for AWS Lambda function authorization.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "AuthorizerResultTtlInSeconds" : Number,
  "AuthorizerUri" : String,
  "IdentityValidationExpression" : String
}

YAML


  AuthorizerResultTtlInSeconds: Number
  AuthorizerUri: String
  IdentityValidationExpression: String

Properties

AuthorizerResultTtlInSeconds

The number of seconds a response should be cached for. The default is 0 seconds, which disables caching. If you don't specify a value for authorizerResultTtlInSeconds, the default value is used. The maximum value is one hour (3600 seconds). The Lambda function can override this by returning a ttlOverride key in its response.

Required: No

Type: Number

Update requires: No interruption

AuthorizerUri

The ARN of the Lambda function to be called for authorization. This may be a standard Lambda ARN, a version ARN (.../v3) or alias ARN.

Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To do so with the AWS CLI, run the following:

aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal appsync.amazonaws.com --action lambda:InvokeFunction

Required: No

Type: String

Update requires: No interruption

IdentityValidationExpression

A regular expression for validation of tokens before the Lambda function is called.

Required: No

Type: String

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

EnhancedMetricsConfig

LogConfig