AWS SAM: set the authorization cache TTL in the resource template (AWS::Serverless::Api)

Question

Hi all, I am using SAM in order to deploy my serverless application which consist of a REST API and a lambda authorizer. The REST API is not triggering a Lambda. It integrates other public services.

When declaring the [AWS::Serverless::Api](https://docs.aws.amazon.com/fr_fr/serverless-application-model/latest/developerguide/sam-resource-api.html) and its [auth](https://docs.aws.amazon.com/fr_fr/serverless-application-model/latest/developerguide/sam-property-api-apiauth.html) attribte, I cannot find a way to configure the authorization-cache's TTL as in the [AWS::ApiGateway::Authorizer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-authorizer.html#cfn-apigateway-authorizer-authorizerresultttlinseconds) resource. Am I missing something? If not, is there any reason the  authorization-cache's TTL configuration is not made available in the [AWS::Serverless::Api](https://docs.aws.amazon.com/fr_fr/serverless-application-model/latest/developerguide/sam-resource-api.html) element?

This potentially missing feature is something minor for us, and does not block us in our project. It is more a nice-to-have, as I would prefer to not have to copy/paste the whole OpenAPI specification directly in the template file, but  rather use the SAM feature to specify the API via the [AWS::Serverless::Api](https://docs.aws.amazon.com/fr_fr/serverless-application-model/latest/developerguide/sam-resource-api.html#sam-api-definitionuri) 's *DefinitionUri* attribute. This makes it possible to not have an API definition in the template, but to embbed this definition in a local file which will be automatically uploaded to S3 during the SAM deploy step.

Thanks

AWS-User-2851010 · Answer

Looking deeper, I realized that it may be possible to reference a AWS::ApiGateway::Authorizer as the DefaultAuthorizer in the ApiAuth attribute.

Trying to do so leads me to another problem when deploying the stack using SAM deploy:

Auth works only with inline Swagger specified in 'DefinitionBody' property.

I guess features like "Authentication" or "Cors enable" requires CloudFormation's transform macro to access the OpenAPI/Swagger configuration in order to modify it. Hence this OpenAPI/Swagger declaration must be part of the template given to CloudFormation and cannot be provided as a separated file from S3 anyway.

Trying to do so leads me to another problem when deploying the stack using SAM deploy:
> Auth works only with inline Swagger specified in 'DefinitionBody' property.

I guess features like "Authentication" or "Cors enable" requires CloudFormation's transform macro to access the OpenAPI/Swagger configuration in order to modify it. Hence this OpenAPI/Swagger declaration must be part of the template given to CloudFormation and cannot be provided as a separated file from S3 anyway.

AWS SAM: set the authorization cache TTL in the resource template (AWS::Serverless::Api)

Relevant content