WebSocketIamAuthorizer

class aws_cdk.aws_apigatewayv2_authorizers.WebSocketIamAuthorizer

Bases: object

Authorize WebSocket API Routes with IAM.

ExampleMetadata:

infused

Example:

from aws_cdk.aws_apigatewayv2_authorizers import WebSocketIamAuthorizer
from aws_cdk.aws_apigatewayv2_integrations import WebSocketLambdaIntegration

# This function handles your connect route
# connect_handler: lambda.Function


web_socket_api = apigwv2.WebSocketApi(self, "WebSocketApi")

web_socket_api.add_route("$connect",
    integration=WebSocketLambdaIntegration("Integration", connect_handler),
    authorizer=WebSocketIamAuthorizer()
)

# Create an IAM user (identity)
user = iam.User(self, "User")

web_socket_arn = Stack.of(self).format_arn(
    service="execute-api",
    resource=web_socket_api.api_id
)

# Grant access to the IAM user
user.attach_inline_policy(iam.Policy(self, "AllowInvoke",
    statements=[
        iam.PolicyStatement(
            actions=["execute-api:Invoke"],
            effect=iam.Effect.ALLOW,
            resources=[web_socket_arn]
        )
    ]
))

Methods

bind(*, route, scope)

Bind this authorizer to a specified WebSocket route.

Parameters:

• route (IWebSocketRoute) – The route to which the authorizer is being bound.

• scope (Construct) – The scope for any constructs created as part of the bind.

Return type:

WebSocketRouteAuthorizerConfig