How to attach authorizer to api gateway V2 route in aws cloudformation?
I am using Api Gateway v2 and cloudformation.
I am using stages "prod" and "stg" I would like to work on separate lambda stg and prod.
In AWS console it is just one click of one button "Attach Authorization" in "Routes" section
I am using simple authorizer:
My cloudformation looks like this:
Authorizer:
Type: 'AWS::ApiGatewayV2::Authorizer'
Properties:
ApiId: !Ref ApiGateway
AuthorizerPayloadFormatVersion: 2.0
AuthorizerResultTtlInSeconds: 5
AuthorizerType: REQUEST
AuthorizerUri: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- 'arn:aws:lambda:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- :function:${stageVariables.AuthorizerFunctionName}
- /invocations
EnableSimpleResponses: true
IdentitySource:
- '$request.header.Authorization'
Name: !Sub ${ProjectName}-gateway-authorizer
MyRoute:
Type: AWS::ApiGatewayV2::Route
Properties:
ApiId: !Ref ApiGateway
AuthorizationType: CUSTOM
AuthorizerId: !Ref Authorizer
RouteKey: 'POST /posts/all'
Target: !Join
- /
- - integrations
- !Ref PostsLambdaIntegrationGet
Authorizer lambda body:
import json
# import jwt
def lambda_handler(event, context):
print('*********** The event is: ***************')
print(event)
print('headers is:')
print(event['headers'])
print('headers Authorization is:')
# !!!!! DONWCASE by postam or api !!!!! "A" -> "a"
print(event['headers']['authorization'])
if event['headers']['authorization'] == 'abc123':
response = {
"isAuthorized": True,
"context": {
"anyotherparam": "values"
}
}
else:
response = {
"isAuthorized": False,
"context": {
"anyotherparam": "values"
}
}
print('response is:')
print(response)
return response
BTW I do not see this option in cli apigatewayv2 cli documentation too.
BTW I asked this question on attach authorizer to api gateway V2 route in aws cloudformation too.
- I attached authorizer.
- I deployed api.
- I checked authorizer with hardcoded lambda name (it works), it verifies my lambda and permissions are correct.