AWS API Gateway Authorizer
This page shows how to write Terraform and CloudFormation for API Gateway Authorizer and write them securely.
aws_api_gateway_authorizer (Terraform)
The Authorizer in API Gateway can be configured in Terraform with the resource name aws_api_gateway_authorizer
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_api_gateway_authorizer" "createAuth" {
name = "createAuth"
type = var.auth_type
provider_arns = data.aws_cognito_user_pools.userPools.arns
rest_api_id = aws_api_gateway_rest_api.todolist.id
authorizer_uri = aws_lambda_function.create_func.invoke_arn
resource "aws_api_gateway_authorizer" "cognito_user_pool" {
name = "api_gateway_authorizer"
rest_api_id = aws_api_gateway_rest_api.first_api.id
identity_source = "method.request.header.Authorization"
type = "COGNITO_USER_POOLS"
provider_arns = [var.cognito_user_pool_arn]
Parameters
-
authorizer_credentials
optional - string -
authorizer_result_ttl_in_seconds
optional - number -
authorizer_uri
optional - string -
id
optional computed - string -
identity_source
optional - string -
identity_validation_expression
optional - string -
name
required - string -
provider_arns
optional - set of string -
rest_api_id
required - string -
type
optional - string
Explanation in Terraform Registry
Provides an API Gateway Authorizer.
Tips: Best Practices for The Other AWS API Gateway Resources
In addition to the aws_api_gateway_method_settings, AWS API Gateway has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_api_gateway_method_settings
Ensure that API Gateway stage-level cache is encrypted
It is better to enable the stage-level cache encryption which reduces the risk of data leakage.
aws_api_gateway_domain_name
Ensure to use modern TLS protocols
It is better to adopt TLS v1.2+.
aws_api_gateway_stage
Ensure to enable access logging of your API Gateway stage (v1)
It is better to enable the access logging of your API Gateway stage (v1).
aws_api_gateway_method
Ensure that your API Gateway method blocks unwanted access
It is better that the API Gateway method does not allow public access.
AWS::ApiGateway::Authorizer (CloudFormation)
The Authorizer in ApiGateway can be configured in CloudFormation with the resource name AWS::ApiGateway::Authorizer
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
RestApiId
required - String -
AuthType
optional - String -
AuthorizerCredentials
optional - String -
AuthorizerResultTtlInSeconds
optional - Integer -
AuthorizerUri
optional - String -
IdentitySource
optional - String -
IdentityValidationExpression
optional - String -
Name
required - String -
ProviderARNs
optional - List -
Type
required - String
Explanation in CloudFormation Registry
The
AWS::ApiGateway::Authorizer
resource creates an authorization layer that API Gateway activates for methods that have authorization enabled. API Gateway activates the authorizer when a client calls those methods.
Frequently asked questions
What is AWS API Gateway Authorizer?
AWS API Gateway Authorizer is a resource for API Gateway of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS API Gateway Authorizer?
For Terraform, the abondar24/ServerlessAI and deepakddun/AWSAPIGatewayTerraform source code examples are useful. See the Terraform Example section for further details.