Reputation: 2367
Serverless Framework ignoring "authorizer" block in lambda-proxy setup
We have a serverless.yml that creates a lambda proxy in APIGateway.
I have seen several ways to attach a cognito user pool authorizer to the lambda proxy, but none of them work. In every case, the result is that no auth is set up on the either the Proxy or Proxy+. (As in, in the API Gateway console, "Auth" always reads "NONE".)
Example:
events:
- http: ANY /
integration: lambda-proxy
authorizer:
type: COGNITO_USER_POOLS
authorizerId:
Ref: CognitoUserPoolAuthorizer
- http: ANY {proxy+}
integration: lambda-proxy
authorizer:
arn: ${self:custom.userPools.arnBase}/${self:custom.userPools.ids.${self:custom.stage}}
# The above results in the format: "arn:aws:cognito-idp:us-west-2:<account_id>:userpool/us-west-2_<user_pool_id>"
You can see above that I'm trying two different methods to accomplish the same task. (Let's try throwing science at the wall and see what sticks.) Both methods are documented in different places by the serverless framework, but neither are documented with respect to lambda proxy, so I'm not sure if there's an undocumented difference.
In the first method (using Ref on a resource), the resource is correctly created, but no auth is attached to the endpoint. (I didn't include the resource block here, because that is working as expected.) The second method has the same effect (but no authorizer is created).
Our serverless framework version is 1.52, which meets the requirement stated in this other SO post.
I have also tried with integration set to lambda, or with that line absent altogether. The result is the same in all cases.
I have gotten this to work by manually selecting the authorizer through the console, but we're trying to eliminate these manual steps.
What are we missing here?
Upvotes: 1
Views: 876
Answers (1)
Reputation: 3787
At a very quick glance, it looks like the indentation of your serverless.yml file may be off. Can you try again with a tab below the http array item?
Also, you'll need to remove the shorthand for method and path, and instead use them separately. The snippet below should work:
events:
- http:
method: ANY
path: /
integration: lambda-proxy
authorizer:
type: COGNITO_USER_POOLS
authorizerId:
Ref: CognitoUserPoolAuthorizer
- http:
method: ANY
path: /{proxy+}
integration: lambda-proxy
authorizer:
arn: ${self:custom.userPools.arnBase}/${self:custom.userPools.ids.${self:custom.stage}}
Upvotes: 1
Related Questions
- custom authorizers in Amazon API Gateway 500 error
- Serverless - Setting the authorization type to CUSTOM or COGNITO_USER_POOLS requires a valid authorizer
- Authorization code grant in lambda AWS with Serverless Framework
- Serverless framework - Lambda function with Authorizer COGNITO_USER_POOLS always return "Unauthorized"
- How to configure my Serverless YML to use my API Gateway Authorizer?
- Cognito user pool authorizer With Serverless Framework
- Serverless authorizer as AWS user pool
- API Gateway with Cognito User Pool Authorizer and Lambda
- Setup AWS API gateway custom authorizers in serverless framework
- How to integrate a new authorizer for AWS API Gateway through "Serverless" framework?