# AWS::Serverless::HttpApi
<a name="sam-resource-httpapi"></a>

Creates an Amazon API Gateway HTTP API, which enables you to create RESTful APIs with lower latency and lower costs than REST APIs. For more information, see [Working with HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html) in the *API Gateway Developer Guide*.

We recommend that you use CloudFormation hooks or IAM policies to verify that API Gateway resources have authorizers attached to them to control access to them.

For more information about using CloudFormation hooks, see [Registering hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/registering-hook-python.html) in the *CloudFormation CLI user guide* and the [apigw-enforce-authorizer](https://github.com/aws-cloudformation/aws-cloudformation-samples/tree/main/hooks/python-hooks/apigw-enforce-authorizer/) GitHub repository.

For more information about using IAM policies, see [Require that API routes have authorization](https://docs.aws.amazon.com/apigateway/latest/developerguide/security_iam_id-based-policy-examples.html#security_iam_id-based-policy-examples-require-authorization) in the *API Gateway Developer Guide*.

**Note**  
When you deploy to AWS CloudFormation, AWS SAM transforms your AWS SAM resources into CloudFormation resources. For more information, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).

## Syntax
<a name="sam-resource-httpapi-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-resource-httpapi-syntax.yaml"></a>

```
Type: AWS::Serverless::HttpApi
Properties:
  [AccessLogSettings](#sam-httpapi-accesslogsettings): [AccessLogSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-accesslogsettings)
  [Auth](#sam-httpapi-auth): HttpApiAuth
  [CorsConfiguration](#sam-httpapi-corsconfiguration): String | HttpApiCorsConfiguration
  [DefaultRouteSettings](#sam-httpapi-defaultroutesettings): [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)
  [DefinitionBody](#sam-httpapi-definitionbody): JSON
  [DefinitionUri](#sam-httpapi-definitionuri): String | HttpApiDefinition
  [Description](#sam-httpapi-description): String
  [DisableExecuteApiEndpoint](#sam-httpapi-disableexecuteapiendpoint): Boolean
  [Domain](#sam-httpapi-domain): HttpApiDomainConfiguration
  [FailOnWarnings](#sam-httpapi-failonwarnings): Boolean
  Name: String
  PropagateTags: Boolean
  [RouteSettings](#sam-httpapi-routesettings): [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)
  [StageName](#sam-httpapi-stagename): String
  [StageVariables](#sam-httpapi-stagevariables): [Json](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-stagevariables)
  [Tags](#sam-httpapi-tags): Map
```

## Properties
<a name="sam-resource-httpapi-properties"></a>

 `AccessLogSettings`   <a name="sam-httpapi-accesslogsettings"></a>
The settings for access logging in a stage.  
*Type*: [AccessLogSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-accesslogsettings)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[AccessLogSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-accesslogsettings)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `Auth`   <a name="sam-httpapi-auth"></a>
Configures authorization for controlling access to your API Gateway HTTP API.  
For more information, see [Controlling access to HTTP APIs with JWT authorizers](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html) in the *API Gateway Developer Guide*.  
*Type*: [HttpApiAuth](sam-property-httpapi-httpapiauth.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `CorsConfiguration`   <a name="sam-httpapi-corsconfiguration"></a>
Manages cross-origin resource sharing (CORS) for all your API Gateway HTTP APIs. Specify the domain to allow as a string, or specify an `HttpApiCorsConfiguration` object. Note that CORS requires AWS SAM to modify your OpenAPI definition, so CORS works only if the `DefinitionBody` property is specified.  
For more information, see [Configuring CORS for an HTTP API](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html) in the *API Gateway Developer Guide*.  
If `CorsConfiguration` is set both in an OpenAPI definition and at the property level, then AWS SAM merges both configuration sources with the properties taking precedence. If this property is set to `true`, then all origins are allowed.
*Type*: String \$1 [HttpApiCorsConfiguration](sam-property-httpapi-httpapicorsconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `DefaultRouteSettings`   <a name="sam-httpapi-defaultroutesettings"></a>
The default route settings for this HTTP API. These settings apply to all routes unless overridden by the `RouteSettings` property for certain routes.  
*Type*: [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `DefinitionBody`   <a name="sam-httpapi-definitionbody"></a>
The OpenAPI definition that describes your HTTP API. If you don't specify a `DefinitionUri` or a `DefinitionBody`, AWS SAM generates a `DefinitionBody` for you based on your template configuration.  
*Type*: JSON  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[Body](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-body)` property of an `AWS::ApiGatewayV2::Api` resource. If certain properties are provided, AWS SAM may insert content into or modify the `DefinitionBody` before it is passed to CloudFormation. Properties include `Auth` and an `EventSource` of type HttpApi for a corresponding `AWS::Serverless::Function` resource.

 `DefinitionUri`   <a name="sam-httpapi-definitionuri"></a>
The Amazon Simple Storage Service (Amazon S3) URI, local file path, or location object of the the OpenAPI definition that defines the HTTP API. The Amazon S3 object that this property references must be a valid OpenAPI definition file. If you don't specify a `DefinitionUri` or a `DefinitionBody` are specified, AWS SAM generates a `DefinitionBody` for you based on your template configuration.  
If you provide a local file path, the template must go through the workflow that includes the `sam deploy` or `sam package` command for the definition to be transformed properly.  
Intrinsic functions are not supported in external OpenApi definition files that you reference with `DefinitionUri`. To import an OpenApi definition into the template, use the `DefinitionBody` property with the [Include transform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html).  
*Type*: String \$1 [HttpApiDefinition](sam-property-httpapi-httpapidefinition.md)  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[BodyS3Location](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-bodys3location)` property of an `AWS::ApiGatewayV2::Api` resource. The nested Amazon S3 properties are named differently.

 `Description`   <a name="sam-httpapi-description"></a>
The description of the HTTP API resource.  
When you specify `Description`, AWS SAM will modify the HTTP API resource's OpenApi definition by setting the `description` field. The following scenarios will result in an error:  
+ The `DefinitionBody` property is specified with the `description` field set in the Open API definition – This results in a conflict of the `description` field that AWS SAM won't resolve.
+ The `DefinitionUri` property is specified – AWS SAM won't modify an Open API definition that is retrieved from Amazon S3.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `DisableExecuteApiEndpoint`   <a name="sam-httpapi-disableexecuteapiendpoint"></a>
Specifies whether clients can invoke your HTTP API by using the default `execute-api` endpoint `https://{api_id}.execute-api.{region}.amazonaws.com`. By default, clients can invoke your API with the default endpoint. To require that clients only use a custom domain name to invoke your API, disable the default endpoint.  
To use this property, you must specify the `DefinitionBody` property instead of the `DefinitionUri` property or define `x-amazon-apigateway-endpoint-configuration` with `disableExecuteApiEndpoint` in your OpenAPI definition.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is similar to the `[ DisableExecuteApiEndpoint](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-disableexecuteapiendpoint)` property of an `AWS::ApiGatewayV2::Api` resource. It is passed directly to the `disableExecuteApiEndpoint` property of an `[ x-amazon-apigateway-endpoint-configuration](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html)` extension, which gets added to the ` [ Body](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-body)` property of an `AWS::ApiGatewayV2::Api` resource.

 `Domain`   <a name="sam-httpapi-domain"></a>
Configures a custom domain for this API Gateway HTTP API.  
*Type*: [HttpApiDomainConfiguration](sam-property-httpapi-httpapidomainconfiguration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FailOnWarnings`   <a name="sam-httpapi-failonwarnings"></a>
Specifies whether to roll back the HTTP API creation (`true`) or not (`false`) when a warning is encountered. The default value is `false`.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[FailOnWarnings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-api.html#cfn-apigatewayv2-api-failonwarnings)` property of an `AWS::ApiGatewayV2::Api` resource.

`Name`  <a name="sam-httpapi-name"></a>
The name of the HTTP API resource.  
When you specify `Name`, AWS SAM will modify the HTTP API resource's OpenAPI definition by setting the `title` field. The following scenarios will result in an error:  
+ The `DefinitionBody` property is specified with the `title` field set in the Open API definition – This results in a conflict of the `title` field that AWS SAM won't resolve.
+ The `DefinitionUri` property is specified – AWS SAM won't modify an Open API definition that is retrieved from Amazon S3.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`PropagateTags`  <a name="sam-httpapi-propagatetags"></a>
Indicate whether or not to pass tags from the `Tags` property to your [AWS::Serverless::HttpApi](sam-specification-generated-resources-httpapi.md) generated resources. Specify `True` to propagate tags in your generated resources.  
*Type*: Boolean  
*Required*: No  
*Default*: `False`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `RouteSettings`   <a name="sam-httpapi-routesettings"></a>
The route settings, per route, for this HTTP API. For more information, see [Working with routes for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html) in the *API Gateway Developer Guide*.  
*Type*: [RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[RouteSettings](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-routesettings)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `StageName`   <a name="sam-httpapi-stagename"></a>
The name of the API stage. If no name is specified, AWS SAM uses the `$default` stage from API Gateway.  
*Type*: String  
*Required*: No  
*Default*: \$1default  
*CloudFormation compatibility*: This property is passed directly to the `[StageName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-stagename)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `StageVariables`   <a name="sam-httpapi-stagevariables"></a>
A map that defines the stage variables. Variable names can have alphanumeric and underscore characters. The values must match [A-Za-z0-9-.\$1\$1:/?\$1&=,]\$1.  
*Type*: [Json](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-stagevariables)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[StageVariables](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-stage.html#cfn-apigatewayv2-stage-stagevariables)` property of an `AWS::ApiGatewayV2::Stage` resource.

 `Tags`   <a name="sam-httpapi-tags"></a>
A map (string to string) that specifies the tags to add to this API Gateway stage. Keys can be 1 to 128 Unicode characters in length and cannot include the prefix `aws:`. You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_`, `.`, `/`, `=`, `+`, and `-`. Values can be 1 to 256 Unicode characters in length.  
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: The `Tags` property requires AWS SAM to modify your OpenAPI definition, so tags are added only if the `DefinitionBody` property is specified—no tags are added if the `DefinitionUri` property is specified. AWS SAM automatically adds an `httpapi:createdBy:SAM` tag. Tags are also added to the `AWS::ApiGatewayV2::Stage` resource and the `AWS::ApiGatewayV2::DomainName` resource (if `DomainName` is specified).

## Return Values
<a name="sam-resource-httpapi-return-values"></a>

### Ref
<a name="sam-resource-httpapi-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the API ID of the underlying `AWS::ApiGatewayV2::Api` resource, for example, `a1bcdef2gh`.

For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) in the *AWS CloudFormation User Guide*. 

## Examples
<a name="sam-resource-httpapi--examples"></a>

### Simple HttpApi
<a name="sam-resource-httpapi--examples--simple-httpapi"></a>

The following example shows the minimum needed to set up an HTTP API endpoint backed by an Lambda function. This example uses the default HTTP API that AWS SAM creates.

#### YAML
<a name="sam-resource-httpapi--examples--simple-httpapi--yaml"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS SAM template with a simple API definition
Resources:
  ApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      Events:
        ApiEvent:
          Type: HttpApi
      Handler: index.handler
      InlineCode: |
        def handler(event, context):
            return {'body': 'Hello World!', 'statusCode': 200}
      Runtime: python3.7
Transform: AWS::Serverless-2016-10-31
```

### HttpApi with Auth
<a name="sam-resource-httpapi--examples--httpapi-with-auth"></a>

The following example shows how to set up authorization on HTTP API endpoints.

#### YAML
<a name="sam-resource-httpapi--examples--httpapi-with-auth--yaml"></a>

```
Properties:
  FailOnWarnings: true
  Auth:
    DefaultAuthorizer: OAuth2
    Authorizers:
      OAuth2:
        AuthorizationScopes:
          - scope4
        JwtConfiguration:
          issuer: "https://www.example.com/v1/connect/oauth2"
          audience:
            - MyApi
        IdentitySource: "$request.querystring.param"
```

### HttpApi with OpenAPI definition
<a name="sam-resource-httpapi--examples--httpapi-with-openapi-definition"></a>

The following example shows how to add an OpenAPI definition to the template.

Note that AWS SAM fills in any missing Lambda integrations for HttpApi events that reference this HTTP API. AWS SAM also also adds any missing paths that HttpApi events reference.

#### YAML
<a name="sam-resource-httpapi--examples--httpapi-with-openapi-definition--yaml"></a>

```
Properties:
  FailOnWarnings: true
  DefinitionBody:
    info:
      version: '1.0'
      title:
        Ref: AWS::StackName
    paths:
      "/":
        get:
          security:
          - OpenIdAuth:
            - scope1
            - scope2
          responses: {}
    openapi: 3.0.1
    securitySchemes:
      OpenIdAuth:
        type: openIdConnect
        x-amazon-apigateway-authorizer:
          identitySource: "$request.querystring.param"
          type: jwt
          jwtConfiguration:
            audience:
            - MyApi
            issuer: https://www.example.com/v1/connect/oidc
          openIdConnectUrl: https://www.example.com/v1/connect/oidc/.well-known/openid-configuration
```

### HttpApi with configuration settings
<a name="sam-resource-httpapi--examples--httpapi-with-configuration-settings"></a>

The following example shows how to add HTTP API and stage configurations to the template.

#### YAML
<a name="sam-resource-httpapi--examples--httpapi-with-configuration-settings--yaml"></a>

```
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Parameters:
  StageName:
    Type: String
    Default: Prod
    
Resources:
  HttpApiFunction:
    Type: AWS::Serverless::Function
    Properties:
      InlineCode: |
          def handler(event, context):
              import json
              return {
                  "statusCode": 200,
                  "body": json.dumps(event),
              }
      Handler: index.handler
      Runtime: python3.7
      Events:
        ExplicitApi: # warning: creates a public endpoint
          Type: HttpApi
          Properties:
            ApiId: !Ref HttpApi
            Method: GET
            Path: /path
            TimeoutInMillis: 15000
            PayloadFormatVersion: "2.0"
            RouteSettings:
              ThrottlingBurstLimit: 600

  HttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      StageName: !Ref StageName
      Tags:
        Tag: Value
      AccessLogSettings:
        DestinationArn: !GetAtt AccessLogs.Arn
        Format: $context.requestId
      DefaultRouteSettings:
        ThrottlingBurstLimit: 200
      RouteSettings:
        "GET /path":
          ThrottlingBurstLimit: 500 # overridden in HttpApi Event
      StageVariables:
        StageVar: Value
      FailOnWarnings: true

  AccessLogs:
    Type: AWS::Logs::LogGroup

Outputs:
  HttpApiUrl:
    Description: URL of your API endpoint
    Value:
      Fn::Sub: 'https://${HttpApi}.execute-api.${AWS::Region}.${AWS::URLSuffix}/${StageName}/'
  HttpApiId:
    Description: Api id of HttpApi
    Value:
      Ref: HttpApi
```

# HttpApiAuth
<a name="sam-property-httpapi-httpapiauth"></a>

Configure authorization to control access to your Amazon API Gateway HTTP API.

For more information about configuring access to HTTP APIs, see [Controlling and managing access to an HTTP API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-access-control.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-httpapi-httpapiauth-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-httpapiauth-syntax.yaml"></a>

```
  [Authorizers](#sam-httpapi-httpapiauth-authorizers): OAuth2Authorizer | LambdaAuthorizer
  [DefaultAuthorizer](#sam-httpapi-httpapiauth-defaultauthorizer): String
  [EnableIamAuthorizer](#sam-httpapi-httpapiauth-enableiamauthorizer): Boolean
```

## Properties
<a name="sam-property-httpapi-httpapiauth-properties"></a>

 `Authorizers`   <a name="sam-httpapi-httpapiauth-authorizers"></a>
The authorizer used to control access to your API Gateway API.  
*Type*: [OAuth2Authorizer](sam-property-httpapi-oauth2authorizer.md) \$1 [LambdaAuthorizer](sam-property-httpapi-lambdaauthorizer.md)  
*Required*: No  
*Default*: None  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.  
*Additional notes*: AWS SAM adds the authorizers to the OpenAPI definition.

 `DefaultAuthorizer`   <a name="sam-httpapi-httpapiauth-defaultauthorizer"></a>
Specify the default authorizer to use for authorizing API calls to your API Gateway API. You can specify `AWS_IAM` as a default authorizer if `EnableIamAuthorizer` is set to `true`. Otherwise, specify an authorizer that you've defined in `Authorizers`.  
*Type*: String  
*Required*: No  
*Default*: None  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `EnableIamAuthorizer`   <a name="sam-httpapi-httpapiauth-enableiamauthorizer"></a>
Specify whether to use IAM authorization for the API route.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-httpapiauth--examples"></a>

### OAuth 2.0 Authorizer
<a name="sam-property-httpapi-httpapiauth--examples--oauth-2.0-authorizer"></a>

OAuth 2.0 authorizer example

#### YAML
<a name="sam-property-httpapi-httpapiauth--examples--oauth-2.0-authorizer--yaml"></a>

```
Auth:
  Authorizers:
    OAuth2Authorizer:
      AuthorizationScopes:
        - scope1
        - scope2
      JwtConfiguration:
        issuer: "https://www.example.com/v1/connect/oauth2"
        audience:
          - MyApi
      IdentitySource: "$request.querystring.param"
  DefaultAuthorizer: OAuth2Authorizer
```

### IAM authorizer
<a name="sam-property-httpapi-httpapiauth--examples--iam-authorizer"></a>

IAM authorizer example

#### YAML
<a name="sam-property-httpapi-httpapiauth--examples--iam-authorizer--yaml"></a>

```
Auth:
  EnableIamAuthorizer: true
  DefaultAuthorizer: AWS_IAM
```

# LambdaAuthorizer
<a name="sam-property-httpapi-lambdaauthorizer"></a>

Configure a Lambda authorizer to control access to your Amazon API Gateway HTTP API with an AWS Lambda function.

For more information and examples, see [Working with AWS Lambda authorizers for HTTP APIs](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-httpapi-lambdaauthorizer-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-lambdaauthorizer-syntax.yaml"></a>

```
  [AuthorizerPayloadFormatVersion](#sam-httpapi-lambdaauthorizer-authorizerpayloadformatversion): String
  EnableFunctionDefaultPermissions: Boolean
  [EnableSimpleResponses](#sam-httpapi-lambdaauthorizer-enablesimpleresponses): Boolean
  [FunctionArn](#sam-httpapi-lambdaauthorizer-functionarn): String
  [FunctionInvokeRole](#sam-httpapi-lambdaauthorizer-functioninvokerole): String
  [Identity](#sam-httpapi-lambdaauthorizer-identity): LambdaAuthorizationIdentity
```

## Properties
<a name="sam-property-httpapi-lambdaauthorizer-properties"></a>

 `AuthorizerPayloadFormatVersion`   <a name="sam-httpapi-lambdaauthorizer-authorizerpayloadformatversion"></a>
Specifies the format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers.  
This is passed through to the `authorizerPayloadFormatVersion` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
*Valid values*: `1.0` or `2.0`  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `EnableFunctionDefaultPermissions`   <a name="sam-httpapi-lambdaauthorizer-enablefunctiondefaultpermissions"></a>
By default, the HTTP API resource is not granted permission to invoke the Lambda authorizer. Specify this property as `true` to automatically create permissions between your HTTP API resource and your Lambda authorizer.  
*Type*: Boolean  
*Required*: No  
*Default value*: `false`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `EnableSimpleResponses`   <a name="sam-httpapi-lambdaauthorizer-enablesimpleresponses"></a>
Specifies whether a Lambda authorizer returns a response in a simple format. By default, a Lambda authorizer must return an AWS Identity and Access Management (IAM) policy. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy.  
This is passed through to the `enableSimpleResponses` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionArn`   <a name="sam-httpapi-lambdaauthorizer-functionarn"></a>
The Amazon Resource Name (ARN) of the Lambda function that provides authorization for the API.  
This is passed through to the `authorizerUri` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `FunctionInvokeRole`   <a name="sam-httpapi-lambdaauthorizer-functioninvokerole"></a>
The ARN of the IAM role that has the credentials required for API Gateway to invoke the authorizer function. Specify this parameter if your function's resource-based policy doesn't grant API Gateway `lambda:InvokeFunction` permission.  
This is passed through to the `authorizerCredentials` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
For more information, see [Create a Lambda authorizer](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html#http-api-lambda-authorizer.example-create) in the *API Gateway Developer Guide*.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Identity`   <a name="sam-httpapi-lambdaauthorizer-identity"></a>
Specifies an `IdentitySource` in an incoming request for an authorizer.  
This is passed through to the `identitySource` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
*Type*: [LambdaAuthorizationIdentity](sam-property-httpapi-lambdaauthorizationidentity.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-lambdaauthorizer--examples"></a>

### LambdaAuthorizer
<a name="sam-property-httpapi-lambdaauthorizer--examples--lambdaauthorizer"></a>

LambdaAuthorizer example

#### YAML
<a name="sam-property-httpapi-lambdaauthorizer--examples--lambdaauthorizer--yaml"></a>

```
Auth:
  Authorizers:
    MyLambdaAuthorizer:
      AuthorizerPayloadFormatVersion: 2.0
      FunctionArn:
        Fn::GetAtt:
          - MyAuthFunction
          - Arn
      FunctionInvokeRole:
        Fn::GetAtt:
          - LambdaAuthInvokeRole
          - Arn
      Identity:
        Headers:
          - Authorization
```

# LambdaAuthorizationIdentity
<a name="sam-property-httpapi-lambdaauthorizationidentity"></a>

Use property can be used to specify an IdentitySource in an incoming request for a Lambda authorizer. For more information about identity sources, see [Identity sources](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html#http-api-lambda-authorizer.identity-sources) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-httpapi-lambdaauthorizationidentity-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-lambdaauthorizationidentity-syntax.yaml"></a>

```
  [Context](#sam-httpapi-lambdaauthorizationidentity-context): List
  [Headers](#sam-httpapi-lambdaauthorizationidentity-headers): List
  [QueryStrings](#sam-httpapi-lambdaauthorizationidentity-querystrings): List
  [ReauthorizeEvery](#sam-httpapi-lambdaauthorizationidentity-reauthorizeevery): Integer
  [StageVariables](#sam-httpapi-lambdaauthorizationidentity-stagevariables): List
```

## Properties
<a name="sam-property-httpapi-lambdaauthorizationidentity-properties"></a>

 `Context`   <a name="sam-httpapi-lambdaauthorizationidentity-context"></a>
Converts the given context strings to a list of mapping expressions in the format `$context.contextString`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `Headers`   <a name="sam-httpapi-lambdaauthorizationidentity-headers"></a>
Converts the headers to a list of mapping expressions in the format `$request.header.name`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `QueryStrings`   <a name="sam-httpapi-lambdaauthorizationidentity-querystrings"></a>
Converts the given query strings to a list of mapping expressions in the format `$request.querystring.queryString`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ReauthorizeEvery`   <a name="sam-httpapi-lambdaauthorizationidentity-reauthorizeevery"></a>
The time-to-live (TTL) period, in seconds, that specifies how long API Gateway caches authorizer results. If you specify a value greater than 0, API Gateway caches the authorizer responses. The maximum value is 3600, or 1 hour.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `StageVariables`   <a name="sam-httpapi-lambdaauthorizationidentity-stagevariables"></a>
Converts the given stage variables to a list of mapping expressions in the format `$stageVariables.stageVariable`.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-lambdaauthorizationidentity--examples"></a>

### LambdaRequestIdentity
<a name="sam-property-httpapi-lambdaauthorizationidentity--examples--lambdarequestidentity"></a>

Lambda request identity example

#### YAML
<a name="sam-property-httpapi-lambdaauthorizationidentity--examples--lambdarequestidentity--yaml"></a>

```
Identity:
  QueryStrings:
    - auth
  Headers:
    - Authorization
  StageVariables:
    - VARIABLE
  Context:
    - authcontext
  ReauthorizeEvery: 100
```

# OAuth2Authorizer
<a name="sam-property-httpapi-oauth2authorizer"></a>

Definition for an OAuth 2.0 authorizer, also known to as a JSON Web Token (JWT) authorizer.

For more information, see [Controlling access to HTTP APIs with JWT authorizers](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html) in the *API Gateway Developer Guide*.

## Syntax
<a name="sam-property-httpapi-oauth2authorizer-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-oauth2authorizer-syntax.yaml"></a>

```
  [AuthorizationScopes](#sam-httpapi-oauth2authorizer-authorizationscopes): List
  [IdentitySource](#sam-httpapi-oauth2authorizer-identitysource): String
  [JwtConfiguration](#sam-httpapi-oauth2authorizer-jwtconfiguration): Map
```

## Properties
<a name="sam-property-httpapi-oauth2authorizer-properties"></a>

 `AuthorizationScopes`   <a name="sam-httpapi-oauth2authorizer-authorizationscopes"></a>
List of authorization scopes for this authorizer.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `IdentitySource`   <a name="sam-httpapi-oauth2authorizer-identitysource"></a>
Identity source expression for this authorizer.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `JwtConfiguration`   <a name="sam-httpapi-oauth2authorizer-jwtconfiguration"></a>
JWT configuration for this authorizer.  
This is passed through to the `jwtConfiguration` section of an `x-amazon-apigateway-authorizer` in the `securitySchemes` section of an OpenAPI definition.  
Properties `issuer` and `audience` are case insensitive and can be used either lowercase as in OpenAPI or uppercase `Issuer` and `Audience` as in [ AWS::ApiGatewayV2::Authorizer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-authorizer-jwtconfiguration.html). 
*Type*: Map  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-oauth2authorizer--examples"></a>

### OAuth 2.0 authorizer
<a name="sam-property-httpapi-oauth2authorizer--examples--oauth-2.0-authorizer"></a>

OAuth 2.0 authorizer Example

#### YAML
<a name="sam-property-httpapi-oauth2authorizer--examples--oauth-2.0-authorizer--yaml"></a>

```
Auth:
  Authorizers:
    OAuth2Authorizer:
      AuthorizationScopes:
        - scope1
      JwtConfiguration:
        issuer: "https://www.example.com/v1/connect/oauth2"
        audience:
          - MyApi
      IdentitySource: "$request.querystring.param"
  DefaultAuthorizer: OAuth2Authorizer
```

# HttpApiCorsConfiguration
<a name="sam-property-httpapi-httpapicorsconfiguration"></a>

Manage cross-origin resource sharing (CORS) for your HTTP APIs. Specify the domain to allow as a string or specify a dictionary with additional Cors configuration. NOTE: Cors requires SAM to modify your OpenAPI definition, so it only works with inline OpenApi defined in the `DefinitionBody` property.

For more information about CORS, see [Configuring CORS for an HTTP API](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html) in the *API Gateway Developer Guide*.

Note: If HttpApiCorsConfiguration is set both in OpenAPI and at the property level, AWS SAM merges them with the properties taking precedence.

## Syntax
<a name="sam-property-httpapi-httpapicorsconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-httpapicorsconfiguration-syntax.yaml"></a>

```
  [AllowCredentials](#sam-httpapi-httpapicorsconfiguration-allowcredentials): Boolean
  [AllowHeaders](#sam-httpapi-httpapicorsconfiguration-allowheaders): List
  [AllowMethods](#sam-httpapi-httpapicorsconfiguration-allowmethods): List
  [AllowOrigins](#sam-httpapi-httpapicorsconfiguration-alloworigins): List
  [ExposeHeaders](#sam-httpapi-httpapicorsconfiguration-exposeheaders): List
  [MaxAge](#sam-httpapi-httpapicorsconfiguration-maxage): Integer
```

## Properties
<a name="sam-property-httpapi-httpapicorsconfiguration-properties"></a>

 `AllowCredentials`   <a name="sam-httpapi-httpapicorsconfiguration-allowcredentials"></a>
Specifies whether credentials are included in the CORS request.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowHeaders`   <a name="sam-httpapi-httpapicorsconfiguration-allowheaders"></a>
Represents a collection of allowed headers.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowMethods`   <a name="sam-httpapi-httpapicorsconfiguration-allowmethods"></a>
Represents a collection of allowed HTTP methods.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `AllowOrigins`   <a name="sam-httpapi-httpapicorsconfiguration-alloworigins"></a>
Represents a collection of allowed origins.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `ExposeHeaders`   <a name="sam-httpapi-httpapicorsconfiguration-exposeheaders"></a>
Represents a collection of exposed headers.  
*Type*: List  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `MaxAge`   <a name="sam-httpapi-httpapicorsconfiguration-maxage"></a>
The number of seconds that the browser should cache preflight request results.  
*Type*: Integer  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

## Examples
<a name="sam-property-httpapi-httpapicorsconfiguration--examples"></a>

### HttpApiCorsConfiguration
<a name="sam-property-httpapi-httpapicorsconfiguration--examples--httpapicorsconfiguration"></a>

HTTP API Cors Configuration example.

#### YAML
<a name="sam-property-httpapi-httpapicorsconfiguration--examples--httpapicorsconfiguration--yaml"></a>

```
CorsConfiguration:
  AllowOrigins:
    - "https://example.com"
  AllowHeaders:
    - x-apigateway-header
  AllowMethods:
    - GET
  MaxAge: 600
  AllowCredentials: true
```

# HttpApiDefinition
<a name="sam-property-httpapi-httpapidefinition"></a>

An OpenAPI document defining the API.

## Syntax
<a name="sam-property-httpapi-httpapidefinition-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-httpapidefinition-syntax.yaml"></a>

```
  [Bucket](#sam-httpapi-httpapidefinition-bucket): String
  [Key](#sam-httpapi-httpapidefinition-key): String
  [Version](#sam-httpapi-httpapidefinition-version): String
```

## Properties
<a name="sam-property-httpapi-httpapidefinition-properties"></a>

 `Bucket`   <a name="sam-httpapi-httpapidefinition-bucket"></a>
The name of the Amazon S3 bucket where the OpenAPI file is stored.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-api-bodys3location.html#cfn-apigatewayv2-api-bodys3location-bucket)` property of the `AWS::ApiGatewayV2::Api` `BodyS3Location` data type.

 `Key`   <a name="sam-httpapi-httpapidefinition-key"></a>
The Amazon S3 key of the OpenAPI file.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-api-bodys3location.html#cfn-apigatewayv2-api-bodys3location-key)` property of the `AWS::ApiGatewayV2::Api` `BodyS3Location` data type.

 `Version`   <a name="sam-httpapi-httpapidefinition-version"></a>
For versioned objects, the version of the OpenAPI file.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[Version](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-api-bodys3location.html#cfn-apigatewayv2-api-bodys3location-version)` property of the `AWS::ApiGatewayV2::Api` `BodyS3Location` data type.

## Examples
<a name="sam-property-httpapi-httpapidefinition--examples"></a>

### Definition Uri example
<a name="sam-property-httpapi-httpapidefinition--examples--definition-uri-example"></a>

API Definition example

#### YAML
<a name="sam-property-httpapi-httpapidefinition--examples--definition-uri-example--yaml"></a>

```
DefinitionUri:
  Bucket: sam-s3-demo-bucket-name
  Key: mykey-name
  Version: 121212
```

# HttpApiDomainConfiguration
<a name="sam-property-httpapi-httpapidomainconfiguration"></a>

Configures a custom domain for an API.

## Syntax
<a name="sam-property-httpapi-httpapidomainconfiguration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-httpapidomainconfiguration-syntax.yaml"></a>

```
  [BasePath](#sam-httpapi-httpapidomainconfiguration-basepath): List
  [CertificateArn](#sam-httpapi-httpapidomainconfiguration-certificatearn): String
  [DomainName](#sam-httpapi-httpapidomainconfiguration-domainname): String
  [EndpointConfiguration](#sam-httpapi-httpapidomainconfiguration-endpointconfiguration): String
  [MutualTlsAuthentication](#sam-httpapi-httpapidomainconfiguration-mutualtlsauthentication): [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html#cfn-apigatewayv2-domainname-mutualtlsauthentication)
  [OwnershipVerificationCertificateArn](#sam-httpapi-httpapidomainconfiguration-ownershipverificationcertificatearn): String
  [Route53](#sam-httpapi-httpapidomainconfiguration-route53): Route53Configuration
  [SecurityPolicy](#sam-httpapi-httpapidomainconfiguration-securitypolicy): String
```

## Properties
<a name="sam-property-httpapi-httpapidomainconfiguration-properties"></a>

 `BasePath`   <a name="sam-httpapi-httpapidomainconfiguration-basepath"></a>
A list of the basepaths to configure with the Amazon API Gateway domain name.  
*Type*: List  
*Required*: No  
*Default*: /  
*CloudFormation compatibility*: This property is similar to the `[ApiMappingKey](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-apimapping.html#cfn-apigatewayv2-apimapping-apimappingkey)` property of an `AWS::ApiGatewayV2::ApiMapping` resource. AWS SAM creates multiple `AWS::ApiGatewayV2::ApiMapping` resources, one per value specified in this property.

 `CertificateArn`   <a name="sam-httpapi-httpapidomainconfiguration-certificatearn"></a>
The Amazon Resource Name (ARN) of an AWS managed certificate for this domain name's endpoint. AWS Certificate Manager is the only supported source.  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[CertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-domainname-domainnameconfiguration.html#cfn-apigatewayv2-domainname-domainnameconfiguration-certificatearn)` property of an `AWS::ApiGateway2::DomainName DomainNameConfiguration` resource.

 `DomainName`   <a name="sam-httpapi-httpapidomainconfiguration-domainname"></a>
The custom domain name for your API Gateway API. Uppercase letters are not supported.  
AWS SAM generates an `AWS::ApiGatewayV2::DomainName` resource when this property is set. For information about this scenario, see [DomainName property is specified](sam-specification-generated-resources-httpapi.md#sam-specification-generated-resources-httpapi-domain-name). For information about generated CloudFormation resources, see [Generated CloudFormation resources for AWS SAM](sam-specification-generated-resources.md).  
*Type*: String  
*Required*: Yes  
*CloudFormation compatibility*: This property is passed directly to the `[DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html#cfn-apigatewayv2-domainname-domainname)` property of an `AWS::ApiGateway2::DomainName` resource.

 `EndpointConfiguration`   <a name="sam-httpapi-httpapidomainconfiguration-endpointconfiguration"></a>
Defines the type of API Gateway endpoint to map to the custom domain. The value of this property determines how the `CertificateArn` property is mapped in CloudFormation.  
The only valid value for HTTP APIs is `REGIONAL`.  
*Type*: String  
*Required*: No  
*Default*: `REGIONAL`  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `MutualTlsAuthentication`   <a name="sam-httpapi-httpapidomainconfiguration-mutualtlsauthentication"></a>
The mutual transport layer security (TLS) authentication configuration for a custom domain name.  
*Type*: [MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html#cfn-apigatewayv2-domainname-mutualtlsauthentication)  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[MutualTlsAuthentication](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html#cfn-apigatewayv2-domainname-mutualtlsauthentication)` property of an `AWS::ApiGatewayV2::DomainName` resource.

 `OwnershipVerificationCertificateArn`   <a name="sam-httpapi-httpapidomainconfiguration-ownershipverificationcertificatearn"></a>
The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Required only when you configure mutual TLS and you specify an ACM imported or private CA certificate ARN for the `CertificateArn`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[OwnershipVerificationCertificateArn](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-domainname-domainnameconfiguration.html#cfn-apigatewayv2-domainname-domainnameconfiguration-ownershipverificationcertificatearn)` property of the `AWS::ApiGatewayV2::DomainName` `DomainNameConfiguration` data type.

 `Route53`   <a name="sam-httpapi-httpapidomainconfiguration-route53"></a>
Defines an Amazon Route 53 configuration.  
*Type*: [Route53Configuration](sam-property-httpapi-route53configuration.md)  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

 `SecurityPolicy`   <a name="sam-httpapi-httpapidomainconfiguration-securitypolicy"></a>
The TLS version of the security policy for this domain name.  
The only valid value for HTTP APIs is `TLS_1_2`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[SecurityPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigatewayv2-domainname-domainnameconfiguration.html#cfn-apigatewayv2-domainname-domainnameconfiguration-securitypolicy)` property of the `AWS::ApiGatewayV2::DomainName` `DomainNameConfiguration` data type.

## Examples
<a name="sam-property-httpapi-httpapidomainconfiguration--examples"></a>

### DomainName
<a name="sam-property-httpapi-httpapidomainconfiguration--examples--domainname"></a>

DomainName example

#### YAML
<a name="sam-property-httpapi-httpapidomainconfiguration--examples--domainname--yaml"></a>

```
Domain:
  DomainName: www.example.com
  CertificateArn: arn-example
  EndpointConfiguration: REGIONAL
  Route53:
    HostedZoneId: Z1PA6795UKMFR9
  BasePath:
    - foo
    - bar
```

# Route53Configuration
<a name="sam-property-httpapi-route53configuration"></a>

Configures the Route53 record sets for an API.

## Syntax
<a name="sam-property-httpapi-route53configuration-syntax"></a>

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

### YAML
<a name="sam-property-httpapi-route53configuration-syntax.yaml"></a>

```
  [DistributionDomainName](#sam-httpapi-route53configuration-distributiondomainname): String
  [EvaluateTargetHealth](#sam-httpapi-route53configuration-evaluatetargethealth): Boolean
  [HostedZoneId](#sam-httpapi-route53configuration-hostedzoneid): String
  [HostedZoneName](#sam-httpapi-route53configuration-hostedzonename): String
  [IpV6](#sam-httpapi-route53configuration-ipv6): Boolean
  Region: String
  SetIdentifier: String
```

## Properties
<a name="sam-property-httpapi-route53configuration-properties"></a>

 `DistributionDomainName`   <a name="sam-httpapi-route53configuration-distributiondomainname"></a>
Configures a custom distribution of the API custom domain name.  
*Type*: String  
*Required*: No  
*Default*: Use the API Gateway distribution.  
*CloudFormation compatibility*: This property is passed directly to the `[DNSName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget-1.html#cfn-route53-aliastarget-dnshostname)` property of an `AWS::Route53::RecordSetGroup AliasTarget` resource.  
*Additional notes*: The domain name of a [CloudFront distribution](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html).

 `EvaluateTargetHealth`   <a name="sam-httpapi-route53configuration-evaluatetargethealth"></a>
When EvaluateTargetHealth is true, an alias record inherits the health of the referenced AWS resource, such as an Elastic Load Balancing load balancer or another record in the hosted zone.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[EvaluateTargetHealth](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-aliastarget.html#cfn-route53-aliastarget-evaluatetargethealth)` property of an `AWS::Route53::RecordSetGroup AliasTarget` resource.  
*Additional notes*: You can't set EvaluateTargetHealth to true when the alias target is a CloudFront distribution.

 `HostedZoneId`   <a name="sam-httpapi-route53configuration-hostedzoneid"></a>
The ID of the hosted zone that you want to create records in.  
Specify either `HostedZoneName` or `HostedZoneId`, but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[HostedZoneId](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-hostedzoneid)` property of an `AWS::Route53::RecordSetGroup RecordSet` resource.

 `HostedZoneName`   <a name="sam-httpapi-route53configuration-hostedzonename"></a>
The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.`) as part of the `HostedZoneName`.  
Specify either `HostedZoneName` or `HostedZoneId`, but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId`.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[HostedZoneName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-hostedzonename)` property of an `AWS::Route53::RecordSetGroup RecordSet` resource.

 `IpV6`   <a name="sam-httpapi-route53configuration-ipv6"></a>
When this property is set, AWS SAM creates a `AWS::Route53::RecordSet` resource and sets [Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-type) to `AAAA` for the provided HostedZone.  
*Type*: Boolean  
*Required*: No  
*CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an CloudFormation equivalent.

`Region`  <a name="sam-httpapi-route53configuration-region"></a>
*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.  
When Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.  
Note the following:  
+ You can only specify one `ResourceRecord` per latency resource record set.
+ You can only create one latency resource record set for each Amazon EC2 Region.
+ You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.
+ You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ Region](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-region)` property of an `AWS::Route53::RecordSetGroup` `RecordSet` data type.

`SetIdentifier`  <a name="sam-httpapi-route53configuration-setidentifier"></a>
*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.  
For information about routing policies, see [Choosing a routing policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide*.  
*Type*: String  
*Required*: No  
*CloudFormation compatibility*: This property is passed directly to the `[ SetIdentifier](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset-1.html#cfn-route53-recordset-setidentifier)` property of an `AWS::Route53::RecordSetGroup` `RecordSet` data type.

## Examples
<a name="sam-property-httpapi-route53configuration--examples"></a>

### Route 53 Configuration Example
<a name="sam-property-httpapi-route53configuration--examples--route-53-configuration-example"></a>

This example shows how to configure Route 53.

#### YAML
<a name="sam-property-httpapi-route53configuration--examples--route-53-configuration-example--yaml"></a>

```
Domain:
  DomainName: www.example.com
  CertificateArn: arn-example
  EndpointConfiguration: EDGE
  Route53:
    HostedZoneId: Z1PA6795UKMFR9
    EvaluateTargetHealth: true
    DistributionDomainName: xyz
```