LambdaAuthorizer provides the definition for a custom Authorizer for API Gateway.

interface LambdaAuthorizer {
    authType: string;
    authorizerName?: string;
    authorizerResultTtlInSeconds?: number;
    handler: any;
    identitySource?: string[];
    identityValidationExpression?: string;
    parameterLocation: "header" | "query";
    parameterName: string;
    type: "token" | "request";
}

Properties

authType: string

Specifies the authorization mechanism for the client. Typical values are "oauth2" or "custom".

authorizerName?: string

The name for the Authorizer to be referenced as. This must be unique for each unique authorizer within the API. If no name if specified, a name will be generated for you.

authorizerResultTtlInSeconds?: number

The number of seconds during which the resulting IAM policy is cached. Default is 300s. You can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an authorizer across more than one route you will want to disable the cache or else it will cause problems for you.

handler: any

The authorizerHandler specifies information about the authorizing Lambda. You can either set up the Lambda separately and just provide the required information or you can define the Lambda inline using a JavaScript function.

identitySource?: string[]

List of mapping expressions of the request parameters as the identity source. This indicates where in the request identity information is expected. Applicable for the authorizer of the "request" type only. Example: ["method.request.header.HeaderAuth1", "method.request.querystring.QueryString1"]

identityValidationExpression?: string

A regular expression for validating the token as the incoming identity. It only invokes the authorizer's lambda if there is a match, else it will return a 401. This does not apply to REQUEST Lambda Authorizers. Example: "^x-[a-z]+"

parameterLocation: "header" | "query"

Defines where in the request API Gateway should look for identity information. The value must be "header" or "query". If there are multiple identity sources, the value must be "header".

parameterName: string

parameterName is the name of the header or query parameter containing the authorization token. Must be "Unused" for multiple identity sources.

type: "token" | "request"

The type of the authorizer. This value must be one of the following: - "token", for an authorizer with the caller identity embedded in an authorization token - "request", for an authorizer with the caller identity contained in request parameters

Generated using TypeDoc