WebSocketApiAuth

Configure authorization to control access to your Amazon API Gateway WebSocket API.

For more information about configuring access to WebSocket APIs, see Controlling access to WebSocket APIs in the API Gateway Developer Guide.

Syntax

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

YAML


AuthArn: String
AuthType: String
IdentitySource: List
InvokeRole: String
Name: String

Properties

AuthArn

The ARN of the Lambda function to use for authorization. Required when AuthType is CUSTOM.

Type: String

Required: Conditional

CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

AuthType

The type of authorization. Valid values are NONE, AWS_IAM, or CUSTOM.

NONE - No authorization
AWS_IAM - IAM authorization
CUSTOM - Lambda authorizer

Type: String

Required: Yes

CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

IdentitySource

The identity source for which authorization is requested. For example, route.request.header.Authorization.

Type: List

Required: No

CloudFormation compatibility: This property is passed directly to the IdentitySource property of an AWS::ApiGatewayV2::Authorizer resource.

InvokeRole

The ARN of the IAM role that API Gateway assumes when invoking the authorizer function. If not specified, AWS SAM automatically creates a resource-based permission that allows API Gateway to invoke the authorizer function.

Type: String

Required: No

CloudFormation compatibility: This property is passed directly to the AuthorizerCredentialsArn property of an AWS::ApiGatewayV2::Authorizer resource.

Name

The name of the authorizer.

Type: String

Required: No

CloudFormation compatibility: This property is passed directly to the Name property of an AWS::ApiGatewayV2::Authorizer resource.

Examples

Lambda Authorizer

The following example configures a Lambda authorizer for a WebSocket API.


Auth:
  AuthType: CUSTOM
  AuthArn: !GetAtt AuthorizerFunction.Arn
  IdentitySource:
    - route.request.header.Authorization

IAM Authorization

The following example configures IAM authorization for a WebSocket API.


Auth:
  AuthType: AWS_IAM

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::Serverless::WebSocketApi

WebSocketApiDomainConfiguration