LambdaAuthorizer - AWS Serverless Application Model

LambdaAuthorizer

Configure a Lambda authorizer to control access to your Amazon API Gateway HTTP API with an AWS Lambda function.

For more information and examples, see Working with AWS Lambda authorizers for HTTP APIs in the API Gateway Developer Guide.

Syntax

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

Properties

AuthorizerPayloadFormatVersion

Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers.

This is passed through to the authorizerPayloadFormatVersion section of an x-amazon-apigateway-authorizer in the securitySchemes section of an OpenAPI definition.

Valid values: 1.0 or 2.0

Type: String

Required: Yes

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

EnableSimpleResponses

Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an AWS Identity and Access Management (IAM) policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy.

This is passed through to the enableSimpleResponses section of an x-amazon-apigateway-authorizer in the securitySchemes section of an OpenAPI definition.

Type: Boolean

Required: No

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

FunctionArn

The Amazon Resource Name (ARN) of the Lambda function that provides authorization for the API.

This is passed through to the authorizerUri section of an x-amazon-apigateway-authorizer in the securitySchemes section of an OpenAPI definition.

Type: String

Required: Yes

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

FunctionInvokeRole

The ARN of the IAM role that has the credentials required to invoke the authorizer.

This is passed through to the authorizerCredentials section of an x-amazon-apigateway-authorizer in the securitySchemes section of an OpenAPI definition.

Type: String

Required: No

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Identity

Specifies an IdentitySource in an incoming request for an authorizer.

This is passed through to the identitySource section of an x-amazon-apigateway-authorizer in the securitySchemes section of an OpenAPI definition.

Type: LambdaAuthorizationIdentity

Required: No

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

Examples

LambdaAuthorizer

LambdaAuthorizer example

YAML

Authorizer: MyLambdaAuthorizer: AuthorizerPayloadFormatVersion: 2.0 FunctionArn: Fn::GetAtt: - MyAuthFunction - Arn FunctionInvokeRole: Fn::GetAtt: - LambdaAuthInvokeRole - Arn Identity: Headers: - Authorization