1. Packages
  2. AWS
  3. API Docs
  4. apigatewayv2
  5. Authorizer
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.apigatewayv2.Authorizer

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Manages an Amazon API Gateway Version 2 authorizer. More information can be found in the Amazon API Gateway Developer Guide.

    Example Usage

    Basic WebSocket API

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.apigatewayv2.Authorizer("example", {
        apiId: exampleAwsApigatewayv2Api.id,
        authorizerType: "REQUEST",
        authorizerUri: exampleAwsLambdaFunction.invokeArn,
        identitySources: ["route.request.header.Auth"],
        name: "example-authorizer",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.apigatewayv2.Authorizer("example",
        api_id=example_aws_apigatewayv2_api["id"],
        authorizer_type="REQUEST",
        authorizer_uri=example_aws_lambda_function["invokeArn"],
        identity_sources=["route.request.header.Auth"],
        name="example-authorizer")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := apigatewayv2.NewAuthorizer(ctx, "example", &apigatewayv2.AuthorizerArgs{
    			ApiId:          pulumi.Any(exampleAwsApigatewayv2Api.Id),
    			AuthorizerType: pulumi.String("REQUEST"),
    			AuthorizerUri:  pulumi.Any(exampleAwsLambdaFunction.InvokeArn),
    			IdentitySources: pulumi.StringArray{
    				pulumi.String("route.request.header.Auth"),
    			},
    			Name: pulumi.String("example-authorizer"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.ApiGatewayV2.Authorizer("example", new()
        {
            ApiId = exampleAwsApigatewayv2Api.Id,
            AuthorizerType = "REQUEST",
            AuthorizerUri = exampleAwsLambdaFunction.InvokeArn,
            IdentitySources = new[]
            {
                "route.request.header.Auth",
            },
            Name = "example-authorizer",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.apigatewayv2.Authorizer;
    import com.pulumi.aws.apigatewayv2.AuthorizerArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Authorizer("example", AuthorizerArgs.builder()
                .apiId(exampleAwsApigatewayv2Api.id())
                .authorizerType("REQUEST")
                .authorizerUri(exampleAwsLambdaFunction.invokeArn())
                .identitySources("route.request.header.Auth")
                .name("example-authorizer")
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:apigatewayv2:Authorizer
        properties:
          apiId: ${exampleAwsApigatewayv2Api.id}
          authorizerType: REQUEST
          authorizerUri: ${exampleAwsLambdaFunction.invokeArn}
          identitySources:
            - route.request.header.Auth
          name: example-authorizer
    

    Basic HTTP API

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.apigatewayv2.Authorizer("example", {
        apiId: exampleAwsApigatewayv2Api.id,
        authorizerType: "REQUEST",
        authorizerUri: exampleAwsLambdaFunction.invokeArn,
        identitySources: ["$request.header.Authorization"],
        name: "example-authorizer",
        authorizerPayloadFormatVersion: "2.0",
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.apigatewayv2.Authorizer("example",
        api_id=example_aws_apigatewayv2_api["id"],
        authorizer_type="REQUEST",
        authorizer_uri=example_aws_lambda_function["invokeArn"],
        identity_sources=["$request.header.Authorization"],
        name="example-authorizer",
        authorizer_payload_format_version="2.0")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigatewayv2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := apigatewayv2.NewAuthorizer(ctx, "example", &apigatewayv2.AuthorizerArgs{
    			ApiId:          pulumi.Any(exampleAwsApigatewayv2Api.Id),
    			AuthorizerType: pulumi.String("REQUEST"),
    			AuthorizerUri:  pulumi.Any(exampleAwsLambdaFunction.InvokeArn),
    			IdentitySources: pulumi.StringArray{
    				pulumi.String("$request.header.Authorization"),
    			},
    			Name:                           pulumi.String("example-authorizer"),
    			AuthorizerPayloadFormatVersion: pulumi.String("2.0"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.ApiGatewayV2.Authorizer("example", new()
        {
            ApiId = exampleAwsApigatewayv2Api.Id,
            AuthorizerType = "REQUEST",
            AuthorizerUri = exampleAwsLambdaFunction.InvokeArn,
            IdentitySources = new[]
            {
                "$request.header.Authorization",
            },
            Name = "example-authorizer",
            AuthorizerPayloadFormatVersion = "2.0",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.apigatewayv2.Authorizer;
    import com.pulumi.aws.apigatewayv2.AuthorizerArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Authorizer("example", AuthorizerArgs.builder()
                .apiId(exampleAwsApigatewayv2Api.id())
                .authorizerType("REQUEST")
                .authorizerUri(exampleAwsLambdaFunction.invokeArn())
                .identitySources("$request.header.Authorization")
                .name("example-authorizer")
                .authorizerPayloadFormatVersion("2.0")
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:apigatewayv2:Authorizer
        properties:
          apiId: ${exampleAwsApigatewayv2Api.id}
          authorizerType: REQUEST
          authorizerUri: ${exampleAwsLambdaFunction.invokeArn}
          identitySources:
            - $request.header.Authorization
          name: example-authorizer
          authorizerPayloadFormatVersion: '2.0'
    

    Create Authorizer Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Authorizer(name: string, args: AuthorizerArgs, opts?: CustomResourceOptions);
    @overload
    def Authorizer(resource_name: str,
                   args: AuthorizerArgs,
                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def Authorizer(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   api_id: Optional[str] = None,
                   authorizer_type: Optional[str] = None,
                   authorizer_credentials_arn: Optional[str] = None,
                   authorizer_payload_format_version: Optional[str] = None,
                   authorizer_result_ttl_in_seconds: Optional[int] = None,
                   authorizer_uri: Optional[str] = None,
                   enable_simple_responses: Optional[bool] = None,
                   identity_sources: Optional[Sequence[str]] = None,
                   jwt_configuration: Optional[AuthorizerJwtConfigurationArgs] = None,
                   name: Optional[str] = None)
    func NewAuthorizer(ctx *Context, name string, args AuthorizerArgs, opts ...ResourceOption) (*Authorizer, error)
    public Authorizer(string name, AuthorizerArgs args, CustomResourceOptions? opts = null)
    public Authorizer(String name, AuthorizerArgs args)
    public Authorizer(String name, AuthorizerArgs args, CustomResourceOptions options)
    
    type: aws:apigatewayv2:Authorizer
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AuthorizerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AuthorizerArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AuthorizerArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AuthorizerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AuthorizerArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var awsAuthorizerResource = new Aws.ApiGatewayV2.Authorizer("awsAuthorizerResource", new()
    {
        ApiId = "string",
        AuthorizerType = "string",
        AuthorizerCredentialsArn = "string",
        AuthorizerPayloadFormatVersion = "string",
        AuthorizerResultTtlInSeconds = 0,
        AuthorizerUri = "string",
        EnableSimpleResponses = false,
        IdentitySources = new[]
        {
            "string",
        },
        JwtConfiguration = new Aws.ApiGatewayV2.Inputs.AuthorizerJwtConfigurationArgs
        {
            Audiences = new[]
            {
                "string",
            },
            Issuer = "string",
        },
        Name = "string",
    });
    
    example, err := apigatewayv2.NewAuthorizer(ctx, "awsAuthorizerResource", &apigatewayv2.AuthorizerArgs{
    	ApiId:                          pulumi.String("string"),
    	AuthorizerType:                 pulumi.String("string"),
    	AuthorizerCredentialsArn:       pulumi.String("string"),
    	AuthorizerPayloadFormatVersion: pulumi.String("string"),
    	AuthorizerResultTtlInSeconds:   pulumi.Int(0),
    	AuthorizerUri:                  pulumi.String("string"),
    	EnableSimpleResponses:          pulumi.Bool(false),
    	IdentitySources: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	JwtConfiguration: &apigatewayv2.AuthorizerJwtConfigurationArgs{
    		Audiences: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Issuer: pulumi.String("string"),
    	},
    	Name: pulumi.String("string"),
    })
    
    var awsAuthorizerResource = new Authorizer("awsAuthorizerResource", AuthorizerArgs.builder()
        .apiId("string")
        .authorizerType("string")
        .authorizerCredentialsArn("string")
        .authorizerPayloadFormatVersion("string")
        .authorizerResultTtlInSeconds(0)
        .authorizerUri("string")
        .enableSimpleResponses(false)
        .identitySources("string")
        .jwtConfiguration(AuthorizerJwtConfigurationArgs.builder()
            .audiences("string")
            .issuer("string")
            .build())
        .name("string")
        .build());
    
    aws_authorizer_resource = aws.apigatewayv2.Authorizer("awsAuthorizerResource",
        api_id="string",
        authorizer_type="string",
        authorizer_credentials_arn="string",
        authorizer_payload_format_version="string",
        authorizer_result_ttl_in_seconds=0,
        authorizer_uri="string",
        enable_simple_responses=False,
        identity_sources=["string"],
        jwt_configuration={
            "audiences": ["string"],
            "issuer": "string",
        },
        name="string")
    
    const awsAuthorizerResource = new aws.apigatewayv2.Authorizer("awsAuthorizerResource", {
        apiId: "string",
        authorizerType: "string",
        authorizerCredentialsArn: "string",
        authorizerPayloadFormatVersion: "string",
        authorizerResultTtlInSeconds: 0,
        authorizerUri: "string",
        enableSimpleResponses: false,
        identitySources: ["string"],
        jwtConfiguration: {
            audiences: ["string"],
            issuer: "string",
        },
        name: "string",
    });
    
    type: aws:apigatewayv2:Authorizer
    properties:
        apiId: string
        authorizerCredentialsArn: string
        authorizerPayloadFormatVersion: string
        authorizerResultTtlInSeconds: 0
        authorizerType: string
        authorizerUri: string
        enableSimpleResponses: false
        identitySources:
            - string
        jwtConfiguration:
            audiences:
                - string
            issuer: string
        name: string
    

    Authorizer Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Authorizer resource accepts the following input properties:

    ApiId string
    API identifier.
    AuthorizerType string
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    AuthorizerCredentialsArn string
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    AuthorizerPayloadFormatVersion string
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    AuthorizerResultTtlInSeconds int
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    AuthorizerUri string
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    EnableSimpleResponses bool
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    IdentitySources List<string>
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    JwtConfiguration AuthorizerJwtConfiguration
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    Name string
    Name of the authorizer. Must be between 1 and 128 characters in length.
    ApiId string
    API identifier.
    AuthorizerType string
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    AuthorizerCredentialsArn string
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    AuthorizerPayloadFormatVersion string
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    AuthorizerResultTtlInSeconds int
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    AuthorizerUri string
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    EnableSimpleResponses bool
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    IdentitySources []string
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    JwtConfiguration AuthorizerJwtConfigurationArgs
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    Name string
    Name of the authorizer. Must be between 1 and 128 characters in length.
    apiId String
    API identifier.
    authorizerType String
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    authorizerCredentialsArn String
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    authorizerPayloadFormatVersion String
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    authorizerResultTtlInSeconds Integer
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    authorizerUri String
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    enableSimpleResponses Boolean
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    identitySources List<String>
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    jwtConfiguration AuthorizerJwtConfiguration
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    name String
    Name of the authorizer. Must be between 1 and 128 characters in length.
    apiId string
    API identifier.
    authorizerType string
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    authorizerCredentialsArn string
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    authorizerPayloadFormatVersion string
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    authorizerResultTtlInSeconds number
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    authorizerUri string
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    enableSimpleResponses boolean
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    identitySources string[]
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    jwtConfiguration AuthorizerJwtConfiguration
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    name string
    Name of the authorizer. Must be between 1 and 128 characters in length.
    api_id str
    API identifier.
    authorizer_type str
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    authorizer_credentials_arn str
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    authorizer_payload_format_version str
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    authorizer_result_ttl_in_seconds int
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    authorizer_uri str
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    enable_simple_responses bool
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    identity_sources Sequence[str]
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    jwt_configuration AuthorizerJwtConfigurationArgs
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    name str
    Name of the authorizer. Must be between 1 and 128 characters in length.
    apiId String
    API identifier.
    authorizerType String
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    authorizerCredentialsArn String
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    authorizerPayloadFormatVersion String
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    authorizerResultTtlInSeconds Number
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    authorizerUri String
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    enableSimpleResponses Boolean
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    identitySources List<String>
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    jwtConfiguration Property Map
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    name String
    Name of the authorizer. Must be between 1 and 128 characters in length.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Authorizer resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Authorizer Resource

    Get an existing Authorizer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AuthorizerState, opts?: CustomResourceOptions): Authorizer
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            api_id: Optional[str] = None,
            authorizer_credentials_arn: Optional[str] = None,
            authorizer_payload_format_version: Optional[str] = None,
            authorizer_result_ttl_in_seconds: Optional[int] = None,
            authorizer_type: Optional[str] = None,
            authorizer_uri: Optional[str] = None,
            enable_simple_responses: Optional[bool] = None,
            identity_sources: Optional[Sequence[str]] = None,
            jwt_configuration: Optional[AuthorizerJwtConfigurationArgs] = None,
            name: Optional[str] = None) -> Authorizer
    func GetAuthorizer(ctx *Context, name string, id IDInput, state *AuthorizerState, opts ...ResourceOption) (*Authorizer, error)
    public static Authorizer Get(string name, Input<string> id, AuthorizerState? state, CustomResourceOptions? opts = null)
    public static Authorizer get(String name, Output<String> id, AuthorizerState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApiId string
    API identifier.
    AuthorizerCredentialsArn string
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    AuthorizerPayloadFormatVersion string
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    AuthorizerResultTtlInSeconds int
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    AuthorizerType string
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    AuthorizerUri string
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    EnableSimpleResponses bool
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    IdentitySources List<string>
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    JwtConfiguration AuthorizerJwtConfiguration
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    Name string
    Name of the authorizer. Must be between 1 and 128 characters in length.
    ApiId string
    API identifier.
    AuthorizerCredentialsArn string
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    AuthorizerPayloadFormatVersion string
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    AuthorizerResultTtlInSeconds int
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    AuthorizerType string
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    AuthorizerUri string
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    EnableSimpleResponses bool
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    IdentitySources []string
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    JwtConfiguration AuthorizerJwtConfigurationArgs
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    Name string
    Name of the authorizer. Must be between 1 and 128 characters in length.
    apiId String
    API identifier.
    authorizerCredentialsArn String
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    authorizerPayloadFormatVersion String
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    authorizerResultTtlInSeconds Integer
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    authorizerType String
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    authorizerUri String
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    enableSimpleResponses Boolean
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    identitySources List<String>
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    jwtConfiguration AuthorizerJwtConfiguration
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    name String
    Name of the authorizer. Must be between 1 and 128 characters in length.
    apiId string
    API identifier.
    authorizerCredentialsArn string
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    authorizerPayloadFormatVersion string
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    authorizerResultTtlInSeconds number
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    authorizerType string
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    authorizerUri string
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    enableSimpleResponses boolean
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    identitySources string[]
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    jwtConfiguration AuthorizerJwtConfiguration
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    name string
    Name of the authorizer. Must be between 1 and 128 characters in length.
    api_id str
    API identifier.
    authorizer_credentials_arn str
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    authorizer_payload_format_version str
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    authorizer_result_ttl_in_seconds int
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    authorizer_type str
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    authorizer_uri str
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    enable_simple_responses bool
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    identity_sources Sequence[str]
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    jwt_configuration AuthorizerJwtConfigurationArgs
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    name str
    Name of the authorizer. Must be between 1 and 128 characters in length.
    apiId String
    API identifier.
    authorizerCredentialsArn String
    Required credentials as an IAM role for API Gateway to invoke the authorizer. Supported only for REQUEST authorizers.
    authorizerPayloadFormatVersion String
    Format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers. Valid values: 1.0, 2.0.
    authorizerResultTtlInSeconds Number
    Time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to 300. Supported only for HTTP API Lambda authorizers.
    authorizerType String
    Authorizer type. Valid values: JWT, REQUEST. Specify REQUEST for a Lambda function using incoming request parameters. For HTTP APIs, specify JWT to use JSON Web Tokens.
    authorizerUri String
    Authorizer's Uniform Resource Identifier (URI). For REQUEST authorizers this must be a well-formed Lambda function URI, such as the invoke_arn attribute of the aws.lambda.Function resource. Supported only for REQUEST authorizers. Must be between 1 and 2048 characters in length.
    enableSimpleResponses Boolean
    Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy. Supported only for HTTP APIs.
    identitySources List<String>
    Identity sources for which authorization is requested. For REQUEST authorizers the value is a list of one or more mapping expressions of the specified request parameters. For JWT authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.
    jwtConfiguration Property Map
    Configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
    name String
    Name of the authorizer. Must be between 1 and 128 characters in length.

    Supporting Types

    AuthorizerJwtConfiguration, AuthorizerJwtConfigurationArgs

    Audiences List<string>
    List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.
    Issuer string
    Base domain of the identity provider that issues JSON Web Tokens, such as the endpoint attribute of the aws.cognito.UserPool resource.
    Audiences []string
    List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.
    Issuer string
    Base domain of the identity provider that issues JSON Web Tokens, such as the endpoint attribute of the aws.cognito.UserPool resource.
    audiences List<String>
    List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.
    issuer String
    Base domain of the identity provider that issues JSON Web Tokens, such as the endpoint attribute of the aws.cognito.UserPool resource.
    audiences string[]
    List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.
    issuer string
    Base domain of the identity provider that issues JSON Web Tokens, such as the endpoint attribute of the aws.cognito.UserPool resource.
    audiences Sequence[str]
    List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.
    issuer str
    Base domain of the identity provider that issues JSON Web Tokens, such as the endpoint attribute of the aws.cognito.UserPool resource.
    audiences List<String>
    List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.
    issuer String
    Base domain of the identity provider that issues JSON Web Tokens, such as the endpoint attribute of the aws.cognito.UserPool resource.

    Import

    Using pulumi import, import aws_apigatewayv2_authorizer using the API identifier and authorizer identifier. For example:

    $ pulumi import aws:apigatewayv2/authorizer:Authorizer example aabbccddee/1122334
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi