-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorization on api? #25
Comments
I think this can be done through the Swagger template, just add the following sections, the first one either at the top level of the file, or for individual resources:
Also if you want a custom authorizer, try configuring it via the Console, then export the Swagger file with AWS extensions. The relevant sections will be in that file. |
Checkout /examples/2016-10-31/api_swagger_cors for example on how to use Swagger with SAM API |
I have Authorization working by specifying it in Swagger.
When I add an event to the authorizer function, to let SAM automatically creates the Permission, it looks like the permission isn't granted. I did:
But when I try this, in CloudWatch I see |
I think issue seem to be replacing dynamically generated lambda function name in swagger.yml file Works fine if we replace generated function name manually . |
Now it stopped working. Using the API Gateway Authorizers console test: Execution log for request test-request When I type in the actual function name in the box and confirm giving the permissions, it works. |
@sanathkr I have enabled iam auth on my resource but it doesn't seem to enable auth on the stage, which makes the api still public accessible. What am I doing wrong? ---
swagger: "2.0"
basePath: "/Prod"
schemes:
- "https"
paths:
/report:
get:
x-amazon-apigateway-auth:
type: aws_iam
responses: {}
x-amazon-apigateway-integration:
type: "aws_proxy"
uri: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:<<my account id>>:function:${stageVariables.LambdaFunctionName}/invocations"
passthroughBehavior: "when_no_match"
httpMethod: "POST"
info:
version: "1.0"
title: "dev-reporting-test"
|
Ah got it, as @dinvlad stated above. Not well documented anywhere I could find. ---
swagger: "2.0"
basePath: "/Prod"
schemes:
- "https"
paths:
/report:
get:
responses: {}
security:
- sigv4: []
x-amazon-apigateway-integration:
type: "aws_proxy"
uri: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:<< account id >>:function:${stageVariables.LambdaFunctionName}/invocations"
passthroughBehavior: "when_no_match"
httpMethod: "POST"
info:
version: "1.0"
title: "dev-reporting-test"
securityDefinitions:
sigv4:
type: "apiKey"
name: "Authorization"
in: "header"
x-amazon-apigateway-authtype: "awsSigv4"
|
Btw |
Closing this in favor of #49 as a feature request to add custom authorizers to implicit APIs |
With cognito user pool I managed to use it like this: (no swagger here)
so ProviderARNs is basically the arn of the userpool. Hope it helps someone. edit: forum motor messes up the "code" section I don't know why... but it json, so you can copy... :/ |
Alto I hit the next wall, I can't assign this to the methods, as the serverless function does not support authorizer ? Or do I miss something here ? |
It seems you can reference your Authorizer @marczis in swagger e.g.:
at least that's the export, but I can't seem to get it to work when deploying. Also noted that sam/cloudformation completely removed the APIGW Authorizer if I updated the inline swagger. Not sure if this is a new bug, or I should re-open this one. |
Spoke too soon: remove the Cloudformation, add it to the swagger resolves my issues:
|
See #546 which recently added support for |
It seems it's not possible to define authorization (IAM or Custom) on the implicit API created as a lambda event source. And it looks like AWS::Serverless::Api doesn't support it either? Is there any plan to add this feature?
The text was updated successfully, but these errors were encountered: