CognitoAuthorizer

Define a Amazon Cognito User Pool authorizer.

For more information and examples, see Control API access with your AWS SAM template.

Syntax

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

YAML


  AuthorizationScopes: List
  Identity: CognitoAuthorizationIdentity
  UserPoolArn: String | List

Properties

AuthorizationScopes

List of authorization scopes for this authorizer.

Type: List

Required: No

CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

Identity

This property can be used to specify an IdentitySource in an incoming request for an authorizer.

Type: CognitoAuthorizationIdentity

Required: No

CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

UserPoolArn

The Amazon Cognito user pool ARN(s) to use for authorization. Specify a single ARN as a string, or multiple ARNs as a list to use multiple user pools.

Type: String | List

Required: Yes

CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

Examples

CognitoAuth

Cognito Auth Example

YAML


Auth:
  Authorizers:
    MyCognitoAuth:
      AuthorizationScopes:
        - scope1
        - scope2
      UserPoolArn:
        Fn::GetAtt:
          - MyCognitoUserPool
          - Arn
      Identity:
        Header: MyAuthorizationHeader
        ValidationExpression: myauthvalidationexpression

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ApiUsagePlan

CognitoAuthorizationIdentity