attach authorizer to api gateway V2 route in aws cloudformation

How to attach authorizer to api gateway V2 route in aws cloudformation?

I am using Api Gateway v2 and cloudformation.

I am using stages "prod" and "stg" I would like to work on separate lambda stg and prod.

In AWS console it is just one click of one button "Attach Authorization" in "Routes" section

I am using simple authorizer:

My cloudformation looks like this:

  Authorizer:
    Type: 'AWS::ApiGatewayV2::Authorizer'
    Properties:
      ApiId: !Ref ApiGateway
      AuthorizerPayloadFormatVersion: 2.0
      AuthorizerResultTtlInSeconds: 5
      AuthorizerType: REQUEST
      AuthorizerUri: !Join 
        - ''
        - - 'arn:'
          - !Ref 'AWS::Partition'
          - ':apigateway:'
          - !Ref 'AWS::Region'
          - ':lambda:path/2015-03-31/functions/'
          - 'arn:aws:lambda:'
          - !Ref 'AWS::Region'
          - ':'
          - !Ref 'AWS::AccountId'
          - :function:${stageVariables.AuthorizerFunctionName}
          - /invocations
      EnableSimpleResponses: true
      IdentitySource:
        - '$request.header.Authorization'
      Name: !Sub ${ProjectName}-gateway-authorizer

  MyRoute:
    Type: AWS::ApiGatewayV2::Route
    Properties:
      ApiId: !Ref ApiGateway
      AuthorizationType: CUSTOM
      AuthorizerId: !Ref Authorizer
      RouteKey: 'POST /posts/all'
      Target: !Join
        - /
        - - integrations
          - !Ref PostsLambdaIntegrationGet

Authorizer lambda body:

import json
# import jwt

def lambda_handler(event, context):
    print('*********** The event is: ***************')
    print(event)
    
    print('headers is:')
    print(event['headers'])
    
    print('headers Authorization is:')
    # !!!!! DONWCASE by postam or api !!!!! "A" -> "a"
    print(event['headers']['authorization'])
    
    
    if event['headers']['authorization'] == 'abc123':
        response = {
            "isAuthorized": True,
            "context": {
                "anyotherparam": "values"
            }
        }
    else:
        response = {
            "isAuthorized": False,
            "context": {
                "anyotherparam": "values"
            }
        }
    
    print('response is:')
    print(response)
    
    return response

BTW I do not see this option in cli apigatewayv2 cli documentation too.

BTW I asked this question on attach authorizer to api gateway V2 route in aws cloudformation too.

I attached authorizer.
I deployed api.
I checked authorizer with hardcoded lambda name (it works), it verifies my lambda and permissions are correct.

Topics

Serverless Compute Front-End Web & Mobile Networking & Content Delivery Management & Governance Microservices

Relevant content

Cloudformation & API Gateway V2 Errors in Jakarta and Hyderabad regions
Accepted Answer
khinkson-tp
asked a year ago
Troubleshooting CloudFormation Deployment: Missing Authorizer and Routes in API Gateway
ThomasB
asked 6 months ago
Cannot create API Gateway v2 in multiple regions with Route 53 latency-based routing
rcrowley
asked 2 years ago
Can I Create API Gateway V2 in AWS Console?
SangHyun
asked a year ago
How do I authorize access to API Gateway APIs using custom scopes in Amazon Cognito?
AWS OFFICIALUpdated a year ago
How do I troubleshoot HTTP 403 Forbidden errors when using a Lambda authorizer with an API Gateway REST API?
AWS OFFICIALUpdated 2 years ago
Why am I getting API Gateway 401 Unauthorized errors after creating a Lambda authorizer?
AWS OFFICIALUpdated 2 years ago
How can I provide cross-account IAM authorization for API Gateway HTTP APIs?
AWS OFFICIALUpdated 2 years ago
Implementing request parameters validation in Amazon API Gateway REST API with Cloud Development Kit (CDK)
EXPERT
Vihang Shah
published 5 months ago
How to troubleshooting connectivity issues between AWS VPC and On-premises via Transit Gateway based AWS Site to Site VPN.
EXPERT
Narinder Singh Kharbanda
published 9 months ago