Authorizer
data class AuthorizerArgs(val apiId: Output<String>? = null, val authorizerCredentialsArn: Output<String>? = null, val authorizerPayloadFormatVersion: Output<String>? = null, val authorizerResultTtlInSeconds: Output<Int>? = null, val authorizerType: Output<String>? = null, val authorizerUri: Output<String>? = null, val enableSimpleResponses: Output<Boolean>? = null, val identitySources: Output<List<String>>? = null, val jwtConfiguration: Output<AuthorizerJwtConfigurationArgs>? = null, val name: Output<String>? = null) : ConvertibleToJava<AuthorizerArgs>
Manages an Amazon API Gateway Version 2 authorizer. More information can be found in the Amazon API Gateway Developer Guide.
Example Usage
Basic WebSocket API
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.apigatewayv2.Authorizer("example", {
apiId: exampleAwsApigatewayv2Api.id,
authorizerType: "REQUEST",
authorizerUri: exampleAwsLambdaFunction.invokeArn,
identitySources: ["route.request.header.Auth"],
name: "example-authorizer",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.apigatewayv2.Authorizer("example",
api_id=example_aws_apigatewayv2_api["id"],
authorizer_type="REQUEST",
authorizer_uri=example_aws_lambda_function["invokeArn"],
identity_sources=["route.request.header.Auth"],
name="example-authorizer")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.ApiGatewayV2.Authorizer("example", new()
{
ApiId = exampleAwsApigatewayv2Api.Id,
AuthorizerType = "REQUEST",
AuthorizerUri = exampleAwsLambdaFunction.InvokeArn,
IdentitySources = new[]
{
"route.request.header.Auth",
},
Name = "example-authorizer",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := apigatewayv2.NewAuthorizer(ctx, "example", &apigatewayv2.AuthorizerArgs{
ApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),
AuthorizerType: pulumi.String("REQUEST"),
AuthorizerUri: pulumi.Any(exampleAwsLambdaFunction.InvokeArn),
IdentitySources: pulumi.StringArray{
pulumi.String("route.request.header.Auth"),
},
Name: pulumi.String("example-authorizer"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigatewayv2.Authorizer;
import com.pulumi.aws.apigatewayv2.AuthorizerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Authorizer("example", AuthorizerArgs.builder()
.apiId(exampleAwsApigatewayv2Api.id())
.authorizerType("REQUEST")
.authorizerUri(exampleAwsLambdaFunction.invokeArn())
.identitySources("route.request.header.Auth")
.name("example-authorizer")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:apigatewayv2:Authorizer
properties:
apiId: ${exampleAwsApigatewayv2Api.id}
authorizerType: REQUEST
authorizerUri: ${exampleAwsLambdaFunction.invokeArn}
identitySources:
- route.request.header.Auth
name: example-authorizerContent copied to clipboard
Basic HTTP API
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.apigatewayv2.Authorizer("example", {
apiId: exampleAwsApigatewayv2Api.id,
authorizerType: "REQUEST",
authorizerUri: exampleAwsLambdaFunction.invokeArn,
identitySources: ["$request.header.Authorization"],
name: "example-authorizer",
authorizerPayloadFormatVersion: "2.0",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.apigatewayv2.Authorizer("example",
api_id=example_aws_apigatewayv2_api["id"],
authorizer_type="REQUEST",
authorizer_uri=example_aws_lambda_function["invokeArn"],
identity_sources=["$request.header.Authorization"],
name="example-authorizer",
authorizer_payload_format_version="2.0")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.ApiGatewayV2.Authorizer("example", new()
{
ApiId = exampleAwsApigatewayv2Api.Id,
AuthorizerType = "REQUEST",
AuthorizerUri = exampleAwsLambdaFunction.InvokeArn,
IdentitySources = new[]
{
"$request.header.Authorization",
},
Name = "example-authorizer",
AuthorizerPayloadFormatVersion = "2.0",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := apigatewayv2.NewAuthorizer(ctx, "example", &apigatewayv2.AuthorizerArgs{
ApiId: pulumi.Any(exampleAwsApigatewayv2Api.Id),
AuthorizerType: pulumi.String("REQUEST"),
AuthorizerUri: pulumi.Any(exampleAwsLambdaFunction.InvokeArn),
IdentitySources: pulumi.StringArray{
pulumi.String("$request.header.Authorization"),
},
Name: pulumi.String("example-authorizer"),
AuthorizerPayloadFormatVersion: pulumi.String("2.0"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigatewayv2.Authorizer;
import com.pulumi.aws.apigatewayv2.AuthorizerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Authorizer("example", AuthorizerArgs.builder()
.apiId(exampleAwsApigatewayv2Api.id())
.authorizerType("REQUEST")
.authorizerUri(exampleAwsLambdaFunction.invokeArn())
.identitySources("$request.header.Authorization")
.name("example-authorizer")
.authorizerPayloadFormatVersion("2.0")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:apigatewayv2:Authorizer
properties:
apiId: ${exampleAwsApigatewayv2Api.id}
authorizerType: REQUEST
authorizerUri: ${exampleAwsLambdaFunction.invokeArn}
identitySources:
- $request.header.Authorization
name: example-authorizer
authorizerPayloadFormatVersion: '2.0'Content copied to clipboard
Import
Using pulumi import, import aws_apigatewayv2_authorizer using the API identifier and authorizer identifier. For example:
$ pulumi import aws:apigatewayv2/authorizer:Authorizer example aabbccddee/1122334Content copied to clipboard
Constructors
Link copied to clipboard
constructor(apiId: Output<String>? = null, authorizerCredentialsArn: Output<String>? = null, authorizerPayloadFormatVersion: Output<String>? = null, authorizerResultTtlInSeconds: Output<Int>? = null, authorizerType: Output<String>? = null, authorizerUri: Output<String>? = null, enableSimpleResponses: Output<Boolean>? = null, identitySources: Output<List<String>>? = null, jwtConfiguration: Output<AuthorizerJwtConfigurationArgs>? = null, name: Output<String>? = null)
Properties
Link copied to clipboard
Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
Link copied to clipboard
Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
Link copied to clipboard
Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
Link copied to clipboard
Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
Link copied to clipboard
Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
Link copied to clipboard
Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
Link copied to clipboard
Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
Link copied to clipboard
Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.