By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Defining an authorizer using Serverless Framework with a predefined Cognito

0

Hi I am trying to add authentication to my serverless framework serverless.yml file using a predefined cognito user pool

The shortened code is

....
provider:
  name: aws
  stage: dev
  region: us-west-2
  profile: brief-api
  runtime: python3.9
 ....
  httpApi:
    authorizers:
      DevToolAuthorizer:
        name: DevToolAuthorizer
        type: jwt
        identitySource: $request.header.Authorization
        issuerUrl: https://cognito-idp.us-west-2.amazonaws.com/us-west-2_xxxxx
        audience:
          - xxxxxxxxxxxxxxxxxx

....
functions
 dev_tool_model_call:
    handler: brief_api.dev_tool.model_call.lambda_handler

    events:
      - httpApi: 
          path: '/dev_tool_call'
          method: 'POST'

          authorizer:
            name: DevToolAuthorizer

Although it worked the first time I 'serverless deploy', the second time I got the error

CREATE_FAILED: HttpApiAuthorizerDevToolAuthorizer (AWS::ApiGatewayV2::Authorizer)
Resource handler returned message: "Authorizer name must be unique. Authorizer DevToolAuthorizer already exists in this RestApi. (Service: AmazonApiGatewayV2; Status Code: 400; Error Code: BadRequestException; Request ID: xxxxxxxxxxxxxxxxxxxxxxx; Proxy: null)" (RequestToken: xxxxxxxxxxxxxxxxxxxxxxxxxx HandlerErrorCode: AlreadyExists)

I understand that this is saying that this Authorizer already exists however, I feel like there should be a way where I can continuously deploy and it realizes that the authorizer already exists so it skips the creation of it. Similar to how you can redeploy a lambda function even if it exists.

If I remove the DevToolAuthorizer definition I get the error

Error:
Event references not configured authorizer 'DevToolAuthorizer'
Topics
ServerlessSecurity, Identity, & Compliance
Tags
ServerlessAmazon Cognito
Language
English
JT
asked 7 months ago454 views
1 Answer
0

Thank you for sharing the serverless template. I was able to test the same template to create the HTTP API with the cognito authorizer successfully during the 1st serverless deploy command.

Further, I tried to make changes with the authorizer name, issuerUrl, audience etc and it was able to update the stack successfully without any errors. If I tried to run serverless deploy command without making any changes to existing template then it will detect no changes and no updates will be made.

Later, when you remove the DevToolAuthorizer definition then you will face the error "Event references not configured authorizer 'DevToolAuthorizer'" because the authorizer is still referenced in functions events.

Therefore, please share your exact steps for your use-case of continuous updation of template. This will help me reproduce the error behavior and troubleshoot ahead.

Additionally, as serverless is a 3rd party product we would recommend raising an issue with them directly here https://github.com/serverless/serverless/issues

AWS
SUPPORT ENGINEER
AgawAbhi
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content