Resource: awsApigatewayv2Authorizer
Manages an Amazon API Gateway Version 2 authorizer. More information can be found in the Amazon API Gateway Developer Guide.
Example Usage
Basic WebSocket API
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apigatewayv2Authorizer.Apigatewayv2Authorizer(this, "example", {
apiId: "${aws_apigatewayv2_api.example.id}",
authorizerType: "REQUEST",
authorizerUri: "${aws_lambda_function.example.invoke_arn}",
identitySources: ["route.request.header.Auth"],
name: "example-authorizer",
});
Basic HTTP API
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.apigatewayv2Authorizer.Apigatewayv2Authorizer(this, "example", {
apiId: "${aws_apigatewayv2_api.example.id}",
authorizerPayloadFormatVersion: "2.0",
authorizerType: "REQUEST",
authorizerUri: "${aws_lambda_function.example.invoke_arn}",
identitySources: ["$request.header.Authorization"],
name: "example-authorizer",
});
Argument Reference
The following arguments are supported:
apiId
- (Required) API identifier.authorizerType
- (Required) Authorizer type. Valid values:jwt
,request
. Specifyrequest
for a Lambda function using incoming request parameters. For HTTP APIs, specifyjwt
to use JSON Web Tokens.name
- (Required) Name of the authorizer. Must be between 1 and 128 characters in length.authorizerCredentialsArn
- (Optional) Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only forrequest
authorizers.authorizerPayloadFormatVersion
- (Optional) Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values:10
,20
.authorizerResultTtlInSeconds
- (Optional) Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to300
. Supported only for HTTP API Lambda authorizers.authorizerUri
- (Optional) Authorizer's Uniform Resource Identifier (URI). Forrequest
authorizers this must be a well-formed Lambda function URI, such as theinvokeArn
attribute of theawsLambdaFunction
resource. Supported only forrequest
authorizers. Must be between 1 and 2048 characters in length.enableSimpleResponses
- (Optional) Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.identitySources
- (Optional) Identity sources for which authorization is requested. Forrequest
authorizers the value is a list of one or more mapping expressions of the specified request parameters. Forjwt
authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.jwtConfiguration
- (Optional) Configuration of a JWT authorizer. Required for thejwt
authorizer type. Supported only for HTTP APIs.
The jwtConfiguration
object supports the following:
audience
- (Optional) List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.issuer
- (Optional) Base domain of the identity provider that issues JSON Web Tokens, such as theendpoint
attribute of theawsCognitoUserPool
resource.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Authorizer identifier.
Import
awsApigatewayv2Authorizer
can be imported by using the API identifier and authorizer identifier, e.g.,