AWS - {lambda function} may not have authorization defined

Question

I have encountered this issue when trying to sam deploy my lambda function. I have found a link to the same issue here:

When using guided deploy and accepting the default options I receive a Security Constraints Not Satisfied! error. · Issue #1990 · awslabs/aws-sam-cli

However, even after reading through it and the docs, I do not understand how to fix it. Can somebody explain this to me?

Answer 1

This is normally happening for all those who are started with AWS SAM Hello World template and deploy without any changes or following AWS SAM tutorial. (Doesn't mean that you shouldn't start from that template or not use AWS SAM tutorial but you should add some more configurations to get rid of this message).

Here, AWS SAM is informing you that your application configures an API Gateway APIs without authorization. When you deploy the same application, AWS SAM creates a publicly available URL/API.

For getting rid of this message you need to define some access control mechanism for your API.

You can use AWS SAM to control who can access your API Gateway APIs by enabling authorization within your AWS SAM template. example,

MyApi:
   Type: AWS::Serverless::Api
   Properties:
     StageName: Prod
     Auth:
       DefaultAuthorizer: MyLambdaTokenAuthorizer
       Authorizers:
         MyLambdaTokenAuthorizer:
           FunctionArn: !GetAtt MyAuthFunction.Arn
MyAuthFunction:
   Type: AWS::Serverless::Function
   Properties:
     CodeUri: ./src
     Handler: authorizer.handler
     Runtime: nodejs12.x

The above snippet is an example of an authorization mechanism called Lambda Authorizer. There are some other mechanisms too. Like, IAM Permissions, API Keys, etc.

You can find more information about these authorizations from following link https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-controlling-access-to-apis.html