Friday, August 25, 2017

AWS SAM API with Cognito User Pools authorizer

By Hường Hana 7:30 PM , , Leave a Comment

How can I create an API with AWS SAM that does authorization using Cognito User Pools authorizer?

Theres AWS::ApiGateway::Authorizer. But ... 

{   "Type" : "AWS::ApiGateway::Authorizer",   "Properties" : {     "AuthorizerCredentials" : String,     "AuthorizerResultTtlInSeconds" : Integer,     "AuthorizerUri" : String,     "IdentitySource" : String,     "IdentityValidationExpression" : String,     "Name" : String,     "ProviderARNs" : [ String, ... ],     "RestApiId" : String,     "Type" : String   } }

it looks like RestApiId refers to the API which uses this authorizer? But with AWS SAM, my APIs are defined like 

Resources:   Ec2Index:     Type: AWS::Serverless::Function     Properties:       Handler: ec2/index.handler       Runtime: nodejs6.10       CodeUri: ./src       FunctionName: 'ApiEc2IndexHandler'       Description: 'List EC2 resources'       Timeout: 30       Role: 'arn:aws:iam::598545985414:role/awsmanagement-lambda-management'       Events:         Ec2Index:           Type: Api           Properties:             Path: /ec2             Method: get

I dont get how do I associate them together?

1 Answers

Answers 1

I'm not certain you can specify an authorizer in SAM but you can embed Swagger in SAM files which can do this. It's a new feature as of Feb. 17 [ref].

I'm definitely not an expert on Swagger or SAM but it seems like you would want something like:

AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: Simple API Endpoint configured using Swagger specified inline and backed by a Lambda function Resources:    Ec2Index:      Type: AWS::Serverless::Api     Properties:         StageName: <stage>         DefinitionBody:             swagger: 2.0             info:               title:                 Ref: AWS::StackName             securityDefinitions:               cognitoUserPool:                 type: apiKey,                 name: "Authorization"                 in: header                 x-amazon-apigateway-authtype: cognito_user_pools                 x-amazon-apigateway-authorizer:                   type: cognito_user_pools                   providerARNs:                     - arn:aws:cognito-idp:${AWS::Region}:{AWS::AccountId}:userpool/<user_pool_id>             paths:               "/ec2":                 get:                   security:                     cognitoUserPool: []                   x-amazon-apigateway-integration:                     httpMethod: POST                     type: aws_proxy                     uri:                       Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Ec2IndexLamb.Arn}/invocations                   responses: {}             swagger: '2.0'    Ec2IndexLamb:     Type: AWS::Serverless::Function     Properties:       Handler: ec2/index.handler       Runtime: nodejs6.10       CodeUri: ./src       FunctionName: 'ApiEc2IndexHandler'       Description: 'List EC2 resources'       Timeout: 30       Role: 'arn:aws:iam::598545985414:role/awsmanagement-lambda-management'       Events:         Ec2Index:           Type: Api           Properties:             Path: /ec2             Method: get

References:

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html#apigateway-enable-cognito-user-pool

https://github.com/awslabs/serverless-application-model/blob/master/examples/2016-10-31/inline_swagger/template.yaml

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment