# CognitoAuthorizer Define a Amazon Cognito User Pool authorizer. For more information and examples, see [Control API access with your AWS SAM template](serverless-controlling-access-to-apis.md). ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [AuthorizationScopes](#sam-api-cognitoauthorizer-authorizationscopes): List [Identity](#sam-api-cognitoauthorizer-identity): CognitoAuthorizationIdentity [UserPoolArn](#sam-api-cognitoauthorizer-userpoolarn): String | List ``` ## Properties `AuthorizationScopes` List of authorization scopes for this authorizer. *Type*: List *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `Identity` This property can be used to specify an `IdentitySource` in an incoming request for an authorizer. *Type*: [CognitoAuthorizationIdentity](sam-property-api-cognitoauthorizationidentity.md) *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `UserPoolArn` The Amazon Cognito user pool ARN(s) to use for authorization. Specify a single ARN as a string, or multiple ARNs as a list to use multiple user pools. *Type*: String \$1 List *Required*: Yes *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### CognitoAuth Cognito Auth Example #### YAML ``` Auth: Authorizers: MyCognitoAuth: AuthorizationScopes: - scope1 - scope2 UserPoolArn: Fn::GetAtt: - MyCognitoUserPool - Arn Identity: Header: MyAuthorizationHeader ValidationExpression: myauthvalidationexpression ``` # CognitoAuthorizationIdentity This property can be used to specify an IdentitySource in an incoming request for an authorizer. For more information about IdentitySource see the [ApiGateway Authorizer OpenApi extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-authorizer.html). ## Syntax To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax. ### YAML ``` [Header](#sam-api-cognitoauthorizationidentity-header): String [ReauthorizeEvery](#sam-api-cognitoauthorizationidentity-reauthorizeevery): Integer [ValidationExpression](#sam-api-cognitoauthorizationidentity-validationexpression): String ``` ## Properties `Header` Specify the header name for Authorization in the OpenApi definition. *Type*: String *Required*: No *Default*: Authorization *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `ReauthorizeEvery` The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. If you specify a value greater than 0, API Gateway caches the authorizer responses. By default, API Gateway sets this property to 300. The maximum value is 3600, or 1 hour. *Type*: Integer *Required*: No *Default*: 300 *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. `ValidationExpression` Specify a validation expression for validating the incoming Identity *Type*: String *Required*: No *CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent. ## Examples ### CognitoAuthIdentity #### YAML ``` Identity: Header: MyCustomAuthHeader ValidationExpression: Bearer.* ReauthorizeEvery: 30 ```