CODEWITHSUNDEEP
amazon-web-servicesasp.net-coreaws-lambdaaws-api-gatewayserverless-framework
muhammad kashif
muhammad kashif

Reputation: 2624

AWS Serverless Template Configurations with Custom Authorization and Rest API

I am a newbie to AWS Lambda Services. I have created a serverless lambda method and successfully deployed it on the AWS cloud.

Next I created a Lambda custom Authorizer and configured the API Gateway for the Lambda method and custom Authorizer.

As, I need to expose many other server less lambda methods therefore I decided to move my lambda method in a serverless .Net API Project. I can deploy this api project to AWS cloud and then manually I can setup the authorizer to use my custom Authorize lambda method.

The struggling part is, I want to configure all these things through serverless.template file.

I am struggling in getting the RESTAPIID for my custom authorizer method and how to set authorizer for my lambda function using the serverless.template file. Below is the configurations I have done. Also, how to get AuthorizerUri?

I do not want to hard code any thing.

    "Resources" : {
**//How I can create this serverless function to use my custom authorizer?**
    "Create" : {
      "Type" : "AWS::Serverless::Function",      
      "Properties": {
        "Handler": "Osn.Ott.Telco.Connector.UI.Web.Controllers.V10::Osn.Ott.Telco.Connector.UI.Web.Controllers.V10.SubscriptionController::Create",
        "Runtime": "dotnetcore2.1",
        "CodeUri": "",
        "MemorySize": 256,
        "Timeout": 30,
        "Role": null,
        "FunctionName" : "CreateCustomer",
        "Policies": [ "AWSLambdaBasicExecutionRole" ],
        "Events": {
          "PutResource": {
            "Type": "Api",
            "Properties": {
              "Path": "/create",
              "Method": "POST"
            }            
          }
        }
      }
    },
    "CustomAuthorizer" : {
        "Type" : "AWS::ApiGateway::Authorizer",
        "Properties" : {
            "AuthorizerUri" : {"Fn::GetAtt" : [ "Create", "Arn"]},
            "IdentitySource" : "method.request.header.Authorization,method.request.context.resourcePath, method.request.context.path",
            "Name"           : "CustomAuthorizer",
            "Type"           : "REQUEST",
**//How I can get this id?**
            "RestApiId" : {"Fn::GetAtt" : [ "ServerlessRespApi", ""]}
        }
    }
}

Upvotes: 3

Views: 2277

Answers (1)

matsev
matsev

Reputation: 33779

AWS announced support for AWS Serverless Application Model Supports Amazon API Gateway Authorizers last week (it could be done previously as well but then one had to use inline Swagger in the SAM template).

There are a few GitHub examples linked from the page the above, and I guess that the Lambda Request Authorizer is closest to your problem. The code below is copied from the template.yaml. Please also see the API Auth Object part of the AWS SAM specification.

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: API Gateway with Lambda Token Authorizer
Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        DefaultAuthorizer: MyLambdaRequestAuthorizer
        Authorizers:
          MyLambdaRequestAuthorizer:
            FunctionPayloadType: REQUEST
            FunctionArn: !GetAtt MyAuthFunction.Arn
            # FunctionInvokeRole: !Ref MyRole
            Identity:
              QueryStrings:
                - auth
              # NOTE: Additional options:
              # Headers:
              #   - Authorization
              # StageVariables:
              #   - AUTHORIZATION
              # Context:
              #   - authorization
              # ReauthorizeEvery: 100 # seconds

  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./src
      Handler: index.handler
      Runtime: nodejs8.10
      Events:
        GetRoot:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /
            Method: get
            Auth:
              Authorizer: NONE
        GetUsers:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /users
            Method: get

  MyAuthFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: ./src
      Handler: authorizer.handler
      Runtime: nodejs8.10

Outputs:
  ApiURL:
    Description: "API URL"
    Value: !Sub 'https://${MyApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/'

Upvotes: 3

Related Questions