Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to provide AWS API Gateway Custom Authorizer a Lambda Permission?

Tags:

amazon-web-services

aws-lambda

aws-api-gateway

amazon-cloudformation

I have an AWS Lambda function, to which I am trying to provide permission after successfully setting it as an Authorizer.

Basically I want to achieve the following in CloudFromation -

enter image description here

Following is my CloudFormation resource, which is unable to set the permission -

GWAuthPermission:
    Type: "AWS::Lambda::Permission"
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt AuthTest.Arn
      Principal: "apigateway.amazonaws.com"
      SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayRestApi}/authorizers/${AuthTest}"

ApiGatewayRestApi - is the logical Id of the Gateway
AuthTest - is the logical Id of the Custom Auth lambda function

like image 529
Ani Avatar asked Aug 20 '19 11:08

Ani

People also ask

Does API gateway pass authorization header to Lambda?

For a Lambda authorizer of the REQUEST type, API Gateway passes request parameters to the authorizer Lambda function as part of the event object. The request parameters include headers, path parameters, query string parameters, stage variables, and some of request context variables.

How do I secure API gateway with Lambda authorizer?

Go to the API Gateway created in step “1”. Go to “Authorizers” section and click “Create New Authorizer”. Enter a “Name”, select “Type” as “Lambda”, select the Lambda function that was created in step “2” as “Lamda Function”. For the field “Token Source” enter the name “jwt_token” as below.

1 Answers

I was able to resolve it with the following -

Added AWS::ApiGateway::Authorizer resource,
And referred it to AWS::Lambda::Permission

Code -

GWAuth:
    Type: AWS::ApiGateway::Authorizer
    Properties: 
      AuthorizerUri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AuthLambda.Arn}/invocations"
      RestApiId: !Ref ApiGatewayRestApi
      Type: "REQUEST"
      IdentitySource: method.request.header.authorization
      Name: custom_auth

  GWAuthPermission:
    Type: "AWS::Lambda::Permission"
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt AuthLambda.Arn
      Principal: "apigateway.amazonaws.com"
      SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayRestApi}/authorizers/${GWAuth}"
like image 133
Ani Avatar answered Oct 12 '22 04:10

Ani
Sign in to Comment

Related questions

S3 last-modified timestamp for eventually-consistent overwrite PUTs
Setting up ElastiCache Redis with Elastic BeanStalk + Django
How do you associate a IAM Role with an Aurora Cluster using CloudFormation?
AWS - nodejs SDK - CognitoIdentityServiceProvider.initiateAuth - CredentialsError: Missing credentials in config
Uploading multiple files to AWS S3 using NodeJS
aws rds, lost connection to MySQL server during query, when importing large file
AWS Glue Crawler Classifies json file as UNKNOWN
Webpack configuration for AWS Lambda?
botocore.exceptions.ClientError An error occurred (SignatureDoesNotMatch) when calling the GetObject operation
Use IAmazonDynamoDB or IDynamoDBContext (both?)
Is there a way to run aws glue crawler after job is finished?
How do I excluded folder from sam deploy command?
Can AWS Lambdas receive inbound TCP connections?
Where is the API documentation for boto3 resources?
Failed to retrieve credentials from EC2 Instance Metadata Service
Using External Identity Providers with Server Side Authentication
Publish AWS SNS message to Pagerduty
Custom version label with aws code pipeline
Organize multiple projects (AWS)
Use ECR images in EKS from another account

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!