interface LambdaAuthorizerConfig
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.AppSync.LambdaAuthorizerConfig |
Java | software.amazon.awscdk.services.appsync.LambdaAuthorizerConfig |
Python | aws_cdk.aws_appsync.LambdaAuthorizerConfig |
TypeScript (source) | @aws-cdk/aws-appsync » LambdaAuthorizerConfig |
Configuration for Lambda authorization in AppSync.
Note that you can only have a single AWS Lambda function configured to authorize your API.
Example
import * as lambda from '@aws-cdk/aws-lambda';
declare const authFunction: lambda.Function;
new appsync.GraphqlApi(this, 'api', {
name: 'api',
schema: appsync.Schema.fromAsset(path.join(__dirname, 'appsync.test.graphql')),
authorizationConfig: {
defaultAuthorization: {
authorizationType: appsync.AuthorizationType.LAMBDA,
lambdaAuthorizerConfig: {
handler: authFunction,
// can also specify `resultsCacheTtl` and `validationRegex`.
},
},
},
});
Properties
Name | Type | Description |
---|---|---|
handler | IFunction | The authorizer lambda function. |
results | Duration | How long the results are cached. |
validation | string | A regular expression for validation of tokens before the Lambda function is called. |
handler
Type:
IFunction
The authorizer lambda function.
Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To do so with the AWS CLI, run the following:
aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal appsync.amazonaws.com --action lambda:InvokeFunction
resultsCacheTtl?
Type:
Duration
(optional, default: Duration.minutes(5))
How long the results are cached.
Disable caching by setting this to 0.
validationRegex?
Type:
string
(optional, default: no regex filter will be applied.)
A regular expression for validation of tokens before the Lambda function is called.