AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.4.0 published on Wednesday, May 4, 2022 by Pulumi

Authorizer

Provides an API Gateway Authorizer.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var demoRestApi = new Aws.ApiGateway.RestApi("demoRestApi", new Aws.ApiGateway.RestApiArgs
        {
        });
        var invocationRole = new Aws.Iam.Role("invocationRole", new Aws.Iam.RoleArgs
        {
            Path = "/",
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""apigateway.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}
",
        });
        var lambda = new Aws.Iam.Role("lambda", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": ""sts:AssumeRole"",
      ""Principal"": {
        ""Service"": ""lambda.amazonaws.com""
      },
      ""Effect"": ""Allow"",
      ""Sid"": """"
    }
  ]
}
",
        });
        var authorizer = new Aws.Lambda.Function("authorizer", new Aws.Lambda.FunctionArgs
        {
            Code = new FileArchive("lambda-function.zip"),
            Role = lambda.Arn,
            Handler = "exports.example",
        });
        var demoAuthorizer = new Aws.ApiGateway.Authorizer("demoAuthorizer", new Aws.ApiGateway.AuthorizerArgs
        {
            RestApi = demoRestApi.Id,
            AuthorizerUri = authorizer.InvokeArn,
            AuthorizerCredentials = invocationRole.Arn,
        });
        var invocationPolicy = new Aws.Iam.RolePolicy("invocationPolicy", new Aws.Iam.RolePolicyArgs
        {
            Role = invocationRole.Id,
            Policy = authorizer.Arn.Apply(arn => @$"{{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {{
      ""Action"": ""lambda:InvokeFunction"",
      ""Effect"": ""Allow"",
      ""Resource"": ""{arn}""
    }}
  ]
}}
"),
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/apigateway"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		demoRestApi, err := apigateway.NewRestApi(ctx, "demoRestApi", nil)
		if err != nil {
			return err
		}
		invocationRole, err := iam.NewRole(ctx, "invocationRole", &iam.RoleArgs{
			Path:             pulumi.String("/"),
			AssumeRolePolicy: pulumi.Any(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"apigateway.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		lambda, err := iam.NewRole(ctx, "lambda", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.Any(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"lambda.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		authorizer, err := lambda.NewFunction(ctx, "authorizer", &lambda.FunctionArgs{
			Code:    pulumi.NewFileArchive("lambda-function.zip"),
			Role:    lambda.Arn,
			Handler: pulumi.String("exports.example"),
		})
		if err != nil {
			return err
		}
		_, err = apigateway.NewAuthorizer(ctx, "demoAuthorizer", &apigateway.AuthorizerArgs{
			RestApi:               demoRestApi.ID(),
			AuthorizerUri:         authorizer.InvokeArn,
			AuthorizerCredentials: invocationRole.Arn,
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicy(ctx, "invocationPolicy", &iam.RolePolicyArgs{
			Role: invocationRole.ID(),
			Policy: authorizer.Arn.ApplyT(func(arn string) (string, error) {
				return fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"lambda:InvokeFunction\",\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": \"", arn, "\"\n", "    }\n", "  ]\n", "}\n"), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var demoRestApi = new RestApi("demoRestApi");

        var invocationRole = new Role("invocationRole", RoleArgs.builder()        
            .path("/")
            .assumeRolePolicy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
            """)
            .build());

        var lambda = new Role("lambda", RoleArgs.builder()        
            .assumeRolePolicy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
            """)
            .build());

        var authorizer = new Function("authorizer", FunctionArgs.builder()        
            .code(new FileArchive("lambda-function.zip"))
            .role(lambda.getArn())
            .handler("exports.example")
            .build());

        var demoAuthorizer = new Authorizer("demoAuthorizer", AuthorizerArgs.builder()        
            .restApi(demoRestApi.getId())
            .authorizerUri(authorizer.getInvokeArn())
            .authorizerCredentials(invocationRole.getArn())
            .build());

        var invocationPolicy = new RolePolicy("invocationPolicy", RolePolicyArgs.builder()        
            .role(invocationRole.getId())
            .policy(authorizer.getArn().apply(arn -> """
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "lambda:InvokeFunction",
      "Effect": "Allow",
      "Resource": "%s"
    }
  ]
}
", arn)))
            .build());

        }
}
import pulumi
import pulumi_aws as aws

demo_rest_api = aws.apigateway.RestApi("demoRestApi")
invocation_role = aws.iam.Role("invocationRole",
    path="/",
    assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""")
lambda_ = aws.iam.Role("lambda", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""")
authorizer = aws.lambda_.Function("authorizer",
    code=pulumi.FileArchive("lambda-function.zip"),
    role=lambda_.arn,
    handler="exports.example")
demo_authorizer = aws.apigateway.Authorizer("demoAuthorizer",
    rest_api=demo_rest_api.id,
    authorizer_uri=authorizer.invoke_arn,
    authorizer_credentials=invocation_role.arn)
invocation_policy = aws.iam.RolePolicy("invocationPolicy",
    role=invocation_role.id,
    policy=authorizer.arn.apply(lambda arn: f"""{{
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Action": "lambda:InvokeFunction",
      "Effect": "Allow",
      "Resource": "{arn}"
    }}
  ]
}}
"""))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const demoRestApi = new aws.apigateway.RestApi("demoRestApi", {});
const invocationRole = new aws.iam.Role("invocationRole", {
    path: "/",
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
const lambda = new aws.iam.Role("lambda", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`});
const authorizer = new aws.lambda.Function("authorizer", {
    code: new pulumi.asset.FileArchive("lambda-function.zip"),
    role: lambda.arn,
    handler: "exports.example",
});
const demoAuthorizer = new aws.apigateway.Authorizer("demoAuthorizer", {
    restApi: demoRestApi.id,
    authorizerUri: authorizer.invokeArn,
    authorizerCredentials: invocationRole.arn,
});
const invocationPolicy = new aws.iam.RolePolicy("invocationPolicy", {
    role: invocationRole.id,
    policy: pulumi.interpolate`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "lambda:InvokeFunction",
      "Effect": "Allow",
      "Resource": "${authorizer.arn}"
    }
  ]
}
`,
});
resources:
  demoAuthorizer:
    type: aws:apigateway:Authorizer
    properties:
      restApi: ${demoRestApi.id}
      authorizerUri: ${authorizer.invokeArn}
      authorizerCredentials: ${invocationRole.arn}
  demoRestApi:
    type: aws:apigateway:RestApi
  invocationRole:
    type: aws:iam:Role
    properties:
      path: /
      assumeRolePolicy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Principal": {
                "Service": "apigateway.amazonaws.com"
              },
              "Effect": "Allow",
              "Sid": ""
            }
          ]
        }        
  invocationPolicy:
    type: aws:iam:RolePolicy
    properties:
      role: ${invocationRole.id}
      policy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": "${authorizer.arn}"
            }
          ]
        }        
  lambda:
    type: aws:iam:Role
    properties:
      assumeRolePolicy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              },
              "Effect": "Allow",
              "Sid": ""
            }
          ]
        }        
  authorizer:
    type: aws:lambda:Function
    properties:
      code:
        Fn::FileArchive: lambda-function.zip
      role: ${lambda.arn}
      handler: exports.example

Create a Authorizer Resource

new Authorizer(name: string, args: AuthorizerArgs, opts?: CustomResourceOptions);
@overload
def Authorizer(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               authorizer_credentials: Optional[str] = None,
               authorizer_result_ttl_in_seconds: Optional[int] = None,
               authorizer_uri: Optional[str] = None,
               identity_source: Optional[str] = None,
               identity_validation_expression: Optional[str] = None,
               name: Optional[str] = None,
               provider_arns: Optional[Sequence[str]] = None,
               rest_api: Optional[str] = None,
               type: Optional[str] = None)
@overload
def Authorizer(resource_name: str,
               args: AuthorizerArgs,
               opts: Optional[ResourceOptions] = None)
func NewAuthorizer(ctx *Context, name string, args AuthorizerArgs, opts ...ResourceOption) (*Authorizer, error)
public Authorizer(string name, AuthorizerArgs args, CustomResourceOptions? opts = null)
public Authorizer(String name, AuthorizerArgs args)
public Authorizer(String name, AuthorizerArgs args, CustomResourceOptions options)
type: aws:apigateway:Authorizer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AuthorizerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AuthorizerArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AuthorizerArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AuthorizerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AuthorizerArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Authorizer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Authorizer resource accepts the following input properties:

RestApi string | string

The ID of the associated REST API

AuthorizerCredentials string

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

AuthorizerResultTtlInSeconds int

The TTL of cached authorizer results in seconds. Defaults to 300.

AuthorizerUri string

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

IdentitySource string

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

IdentityValidationExpression string

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

Name string

The name of the authorizer

ProviderArns List<string>

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

Type string

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

RestApi string | string

The ID of the associated REST API

AuthorizerCredentials string

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

AuthorizerResultTtlInSeconds int

The TTL of cached authorizer results in seconds. Defaults to 300.

AuthorizerUri string

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

IdentitySource string

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

IdentityValidationExpression string

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

Name string

The name of the authorizer

ProviderArns []string

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

Type string

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

restApi String | String

The ID of the associated REST API

authorizerCredentials String

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

authorizerResultTtlInSeconds Integer

The TTL of cached authorizer results in seconds. Defaults to 300.

authorizerUri String

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

identitySource String

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

identityValidationExpression String

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

name String

The name of the authorizer

providerArns List

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

type String

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

restApi string | RestApi

The ID of the associated REST API

authorizerCredentials string

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

authorizerResultTtlInSeconds number

The TTL of cached authorizer results in seconds. Defaults to 300.

authorizerUri string

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

identitySource string

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

identityValidationExpression string

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

name string

The name of the authorizer

providerArns string[]

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

type string

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

rest_api str | str

The ID of the associated REST API

authorizer_credentials str

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

authorizer_result_ttl_in_seconds int

The TTL of cached authorizer results in seconds. Defaults to 300.

authorizer_uri str

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

identity_source str

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

identity_validation_expression str

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

name str

The name of the authorizer

provider_arns Sequence[str]

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

type str

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

restApi String |

The ID of the associated REST API

authorizerCredentials String

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

authorizerResultTtlInSeconds Number

The TTL of cached authorizer results in seconds. Defaults to 300.

authorizerUri String

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

identitySource String

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

identityValidationExpression String

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

name String

The name of the authorizer

providerArns List

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

type String

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

Outputs

All input properties are implicitly available as output properties. Additionally, the Authorizer resource produces the following output properties:

Arn string

Amazon Resource Name (ARN) of the API Gateway Authorizer

Id string

The provider-assigned unique ID for this managed resource.

Arn string

Amazon Resource Name (ARN) of the API Gateway Authorizer

Id string

The provider-assigned unique ID for this managed resource.

arn String

Amazon Resource Name (ARN) of the API Gateway Authorizer

id String

The provider-assigned unique ID for this managed resource.

arn string

Amazon Resource Name (ARN) of the API Gateway Authorizer

id string

The provider-assigned unique ID for this managed resource.

arn str

Amazon Resource Name (ARN) of the API Gateway Authorizer

id str

The provider-assigned unique ID for this managed resource.

arn String

Amazon Resource Name (ARN) of the API Gateway Authorizer

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing Authorizer Resource

Get an existing Authorizer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AuthorizerState, opts?: CustomResourceOptions): Authorizer
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        authorizer_credentials: Optional[str] = None,
        authorizer_result_ttl_in_seconds: Optional[int] = None,
        authorizer_uri: Optional[str] = None,
        identity_source: Optional[str] = None,
        identity_validation_expression: Optional[str] = None,
        name: Optional[str] = None,
        provider_arns: Optional[Sequence[str]] = None,
        rest_api: Optional[str] = None,
        type: Optional[str] = None) -> Authorizer
func GetAuthorizer(ctx *Context, name string, id IDInput, state *AuthorizerState, opts ...ResourceOption) (*Authorizer, error)
public static Authorizer Get(string name, Input<string> id, AuthorizerState? state, CustomResourceOptions? opts = null)
public static Authorizer get(String name, Output<String> id, AuthorizerState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

Amazon Resource Name (ARN) of the API Gateway Authorizer

AuthorizerCredentials string

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

AuthorizerResultTtlInSeconds int

The TTL of cached authorizer results in seconds. Defaults to 300.

AuthorizerUri string

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

IdentitySource string

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

IdentityValidationExpression string

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

Name string

The name of the authorizer

ProviderArns List<string>

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

RestApi string | string

The ID of the associated REST API

Type string

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

Arn string

Amazon Resource Name (ARN) of the API Gateway Authorizer

AuthorizerCredentials string

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

AuthorizerResultTtlInSeconds int

The TTL of cached authorizer results in seconds. Defaults to 300.

AuthorizerUri string

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

IdentitySource string

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

IdentityValidationExpression string

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

Name string

The name of the authorizer

ProviderArns []string

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

RestApi string | string

The ID of the associated REST API

Type string

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

arn String

Amazon Resource Name (ARN) of the API Gateway Authorizer

authorizerCredentials String

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

authorizerResultTtlInSeconds Integer

The TTL of cached authorizer results in seconds. Defaults to 300.

authorizerUri String

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

identitySource String

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

identityValidationExpression String

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

name String

The name of the authorizer

providerArns List

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

restApi String | String

The ID of the associated REST API

type String

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

arn string

Amazon Resource Name (ARN) of the API Gateway Authorizer

authorizerCredentials string

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

authorizerResultTtlInSeconds number

The TTL of cached authorizer results in seconds. Defaults to 300.

authorizerUri string

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

identitySource string

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

identityValidationExpression string

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

name string

The name of the authorizer

providerArns string[]

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

restApi string | RestApi

The ID of the associated REST API

type string

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

arn str

Amazon Resource Name (ARN) of the API Gateway Authorizer

authorizer_credentials str

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

authorizer_result_ttl_in_seconds int

The TTL of cached authorizer results in seconds. Defaults to 300.

authorizer_uri str

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

identity_source str

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

identity_validation_expression str

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

name str

The name of the authorizer

provider_arns Sequence[str]

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

rest_api str | str

The ID of the associated REST API

type str

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

arn String

Amazon Resource Name (ARN) of the API Gateway Authorizer

authorizerCredentials String

The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.

authorizerResultTtlInSeconds Number

The TTL of cached authorizer results in seconds. Defaults to 300.

authorizerUri String

The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of arn:aws:apigateway:{region}:lambda:path/{service_api}, e.g., arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations

identitySource String

The source of the identity in an incoming request. Defaults to method.request.header.Authorization. For REQUEST type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g., "method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName"

identityValidationExpression String

A validation expression for the incoming identity. For TOKEN type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

name String

The name of the authorizer

providerArns List

A list of the Amazon Cognito user pool ARNs. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}.

restApi String |

The ID of the associated REST API

type String

The type of the authorizer. Possible values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, or COGNITO_USER_POOLS for using an Amazon Cognito user pool. Defaults to TOKEN.

Import

AWS API Gateway Authorizer can be imported using the REST-API-ID/AUTHORIZER-ID, e.g.,

 $ pulumi import aws:apigateway/authorizer:Authorizer authorizer 12345abcde/example

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.