AWS::IoT::Authorizer

Specifies an authorizer.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::IoT::Authorizer",
  "Properties" : {
      "AuthorizerFunctionArn" : String,
      "AuthorizerName" : String,
      "EnableCachingForHttp" : Boolean,
      "SigningDisabled" : Boolean,
      "Status" : String,
      "Tags" : [ Tag, ... ],
      "TokenKeyName" : String,
      "TokenSigningPublicKeys" : {Key: Value, ...}
    }
}

YAML


Type: AWS::IoT::Authorizer
Properties:
  AuthorizerFunctionArn: String
  AuthorizerName: String
  EnableCachingForHttp: Boolean
  SigningDisabled: Boolean
  Status: String
  Tags: 
    - Tag
  TokenKeyName: String
  TokenSigningPublicKeys: 
    Key: Value

Properties

AuthorizerFunctionArn

The authorizer's Lambda function ARN.

Required: Yes

Type: String

Pattern: [\s\S]*

Maximum: 2048

Update requires: No interruption

AuthorizerName

The authorizer name.

Required: No

Type: String

Pattern: [\w=,@-]+

Minimum: 1

Maximum: 128

Update requires: Replacement

EnableCachingForHttp

When true, the result from the authorizer's Lambda function is cached for clients that use persistent HTTP connections. The results are cached for the time specified by the Lambda function in refreshAfterInSeconds. This value doesn't affect authorization of clients that use MQTT connections.

Required: No

Type: Boolean

Update requires: No interruption

SigningDisabled

Specifies whether AWS IoT validates the token signature in an authorization request.

Required: No

Type: Boolean

Update requires: Replacement

Status

The status of the authorizer.

Valid values: ACTIVE | INACTIVE

Required: No

Type: String

Allowed values: ACTIVE | INACTIVE

Update requires: No interruption

Tags

Metadata which can be used to manage the custom authorizer.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

Required: No

Type: Array of Tag

Update requires: No interruption

TokenKeyName

The key used to extract the token from the HTTP headers.

Required: No

Type: String

Pattern: [a-zA-Z0-9_-]+

Minimum: 1

Maximum: 128

Update requires: No interruption

TokenSigningPublicKeys

The public keys used to validate the token signature returned by your custom authentication service.

Required: No

Type: Object of String

Pattern: [a-zA-Z0-9:_-]+

Maximum: 5120

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the authorizer name. For example:

{ "Ref": "MyAuthorizer" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn: The Amazon Resource Name (ARN) of the authorizer.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AuditNotificationTargetConfigurations

Tag