Access POST Request body from Custom Authorizer Lambda Function

Question

I've got a custom authorizer lambda function in AWS configured for an API to another Lambda function with a POST resource.

The authorizer is setup as of type Request, not Token, because I am not using tokens in the Authorization header, and instead want to access form data that is being posted.

When I inspect the contents of the event parameter to my authorizer function, I do not see any of the original POST request body (form data). However, if I change my resource to a GET, I see the form data in the queryStringParameters as expected.

(notice below that when the request is POST, the queryStringParameters is always an empty object)

Is there anyway to access the form data from the request in the function, when using a POST method?

Here's an example of what the event parameter to the authorizer function will contain when using POST:

{
  type: 'REQUEST',
  methodArn: 'arn:aws:execute-api:us-east-1:********:********/dev/POST/receive',
  resource: '/receive',
  path: '/sms/receive',
  httpMethod: 'POST',
  headers: {
    Accept: '*/*',
    'CloudFront-Viewer-Country': 'US',
    'CloudFront-Forwarded-Proto': 'https',
    'CloudFront-Is-Tablet-Viewer': 'false',
    'CloudFront-Is-Mobile-Viewer': 'false',
    'User-Agent': 'TwilioProxy/1.1',
    'X-Forwarded-Proto': 'https',
    'CloudFront-Is-SmartTV-Viewer': 'false',
    Host: 'api.myredactedcompany.io',
    'X-Forwarded-Port': '443',
    'X-Amzn-Trace-Id': 'Root=**************',
    Via: '1.1 ***************.cloudfront.net (CloudFront)',
    'Cache-Control': 'max-age=259200',
    'X-Twilio-Signature': '***************************',
    'X-Amz-Cf-Id': '****************************',
    'X-Forwarded-For': '[redacted IP addresses]',
    'Content-Length': '492',
    'CloudFront-Is-Desktop-Viewer': 'true',
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  queryStringParameters: {},
  pathParameters: {},
  stageVariables: {},
  requestContext: {
    path: '/sms/receive',
    accountId: '************',
    resourceId: '*****',
    stage: 'dev',
    requestId: '5458adda-ce2c-11e7-ba08-b7e69bc7c01c',
    identity: {
      cognitoIdentityPoolId: null,
      accountId: null,
      cognitoIdentityId: null,
      caller: null,
      apiKey: '',
      sourceIp: '[redacted IP]',
      accessKey: null,
      cognitoAuthenticationType: null,
      cognitoAuthenticationProvider: null,
      userArn: null,
      userAgent: 'TwilioProxy/1.1',
      user: null
    },
    resourcePath: '/receive',
    httpMethod: 'POST',
    apiId: '*******'
  }
}

Answer 1

Per this answer to a similar question, it does not seem the body is provided to custom authorizers. Documentation here does not list a body parameter. I think perhaps the thinking is that the authorizer should rely on the route and headers rather than getting into the application-level body data.

Answer 2

If you need to implement a signature-based authorizer, you can use a Lambda@Edge. It works with cloud front and you can intercept events in viewer request, origin request, origin response and viewer response.

Fields received: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-event-structure.html#request-event-fields-request

Be aware of the body size limitations, the body will be truncated if it exceeds the size limit. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-requirements-limits.html#lambda-at-the-edge-body-size-limits-lambda-at-edge