Add API Gateway IAM (AWS_IAM) Authorizers

[horike37]

Issue #802 #781, if available:

Description of changes:
Add API Gateway IAM (AWS_IAM) Authorizers

Description of how you validated changes:
Please verify this PR with following the RFC of #781,

Checklist:

• Write/update tests
• make pr passes
• Update documentation
  Regarding documentation, I didn't update those because I took a look at stuff under doc directory but I was not able to find related to Authorizers features. Ping me if missed it.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov-io]

Codecov Report

Merging #827 into develop will increase coverage by 0.02%.
The diff coverage is 95.91%.

@@             Coverage Diff             @@
##           develop     #827      +/-   ##
===========================================
+ Coverage    94.56%   94.58%   +0.02%     
===========================================
  Files           67       67              
  Lines         2834     2865      +31     
  Branches       508      519      +11     
===========================================
+ Hits          2680     2710      +30     
- Misses          82       83       +1     
  Partials        72       72

Impacted Files	Coverage Δ
samtranslator/model/eventsources/push.py	88.77% <100%> (+0.03%)	⬆️
samtranslator/model/api/api_generator.py	96.25% <100%> (+0.08%)	⬆️
samtranslator/model/apigateway.py	97.22% <100%> (+0.89%)	⬆️
samtranslator/swagger/swagger.py	97.46% <90%> (-0.87%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b4baac6...c281b55. Read the comment docs.

[brettstack]

This is awesome. Greatly appreciate the PR. A few minor comments; the largest one probably the scenario where Authorizers isn't defined - I don't think that's necessary for AWS_IAM

[horike37]

Hey @brettstack, thank you for the review 👍
I have updated all of them. Please check it again.

[brettstack]

LGTM! I just had a small request to add a code comment. All that's remaining is to update this doc https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessapi with your new additions and we'll get them merged in. I'm super excited about getting this in and I many others are as well.

[brettstack]

We'd also appreciate an example using AWS_IAM. If you're not up for it, we'll ask someone else if they'd like to have contribute one. See this example as a reference https://github.com/awslabs/serverless-application-model/tree/master/examples/2016-10-31/api_lambda_token_auth.

[keetonian]

Looks like I broke things with my last merge. I'll fix that.

[horike37]

Hey, @brettstack @keetonian. I have fixed the conflicts and added the documentation and source comment.

We'd also appreciate an example using AWS_IAM. If you're not up for it, we'll ask someone else if >they'd like to have contribute one. See this example as a reference >https://github.com/awslabs/serverless-application-model/tree/master/examples/2016-10-31/api_lambda_token_auth.

Sorry, it is difficult for me to spend more time to do it, would be great if you can ask someone else.

[brettstack]

🎉

[keetonian]

This is great! Thank you!

[horike37]

Thanks @brettstack @keetonian 😄
When will this be released? This is needed for for my job.

[brettstack]

Policy says we can't give dates, but I can say we want to get this and other features/fixes out asap.

If you need it now, you can try using SAM CLI and these instructions for using a dev version of SAM https://github.com/awslabs/aws-sam-cli/blob/develop/DEVELOPMENT_GUIDE.md#4-optional-install-development-version-of-sam-transformer. Running sam validate --debug you'll get the transformed template.

[Jun711]

@brettstack @horike37
While waiting for this pull request to be released, would using a securityDefinitions work? thanks

securityDefinitions: 
   AwsIamAuthorizer:
      type: "apiKey"
      name: "Authorization"
      in: "header"
      x-amazon-apigateway-authtype: "awsSigv4"

and, under my AWS::Serverless::Api path method, I add a security item that points to the securityDefinition.

 security: 
 - AwsIamAuthorizer: []