[Caching with custom authorizers lambda]

[truongleeuet]

Please help. I have the api and I want to cache API base on roles in requestContext return from custom authorizers(picture below). Thanks

[DianaIonita]

Hi @truongleeuet,

Thanks for your question. I'm not sure you can cache requests based on the result of the authorizer. I haven't encountered anything about how one might do that. Some quick tests also show that API Gateway doesn't accept mapping expressions like method.request.requestContext.authorizer.roles.
However, if your authorization is based on the value of a header, you can cache based on that value. For example, if your app sends a header like Authorization: Bearer <token>, then you can configure caching like this:

mySecureLambda:
  handler: path-to-handler/handler.handle
  events:
    - http:
        path: /the-path
        method: get
        caching:
          enabled: true
          ttlInSeconds: 3600 # caches response of lambda for 1 hour
          cacheKeyParameters:
            - name: request.header.Authorization

That means that each request should be cached based on the value of the Authorization header. If the user's role changes, you also have the option of invalidating the cache when that happens, which would mean sending a request that contains the Cache-Control: max-age=0 header along with any other cache key parameters you have configured, so API Gateway knows which key to invalidate.

Hope this helps.

[DianaIonita]

Closing the issue, please reopen if there are any updates.