Authorizer
Provides an API Gateway Authorizer.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.RestApi;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.lambda.Function;
import com.pulumi.aws.lambda.FunctionArgs;
import com.pulumi.aws.apigateway.Authorizer;
import com.pulumi.aws.apigateway.AuthorizerArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.asset.FileArchive;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var demoRestApi = new RestApi("demoRestApi");
var invocationRole = new Role("invocationRole", RoleArgs.builder()
.path("/")
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
.build());
var lambda = new Role("lambda", RoleArgs.builder()
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
""")
.build());
var authorizer = new Function("authorizer", FunctionArgs.builder()
.code(new FileArchive("lambda-function.zip"))
.role(lambda.arn())
.handler("exports.example")
.build());
var demoAuthorizer = new Authorizer("demoAuthorizer", AuthorizerArgs.builder()
.restApi(demoRestApi.id())
.authorizerUri(authorizer.invokeArn())
.authorizerCredentials(invocationRole.arn())
.build());
var invocationPolicy = new RolePolicy("invocationPolicy", RolePolicyArgs.builder()
.role(invocationRole.id())
.policy(authorizer.arn().applyValue(arn -> """
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "lambda:InvokeFunction",
"Effect": "Allow",
"Resource": "%s"
}
]
}
", arn)))
.build());
}
}Import
AWS API Gateway Authorizer can be imported using the REST-API-ID/AUTHORIZER-ID, e.g.,
$ pulumi import aws:apigateway/authorizer:Authorizer authorizer 12345abcde/exampleProperties
Authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations
Source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"