LambdaAuthorizerConfig

class aws_cdk.aws_appsync.LambdaAuthorizerConfig(*, handler, results_cache_ttl=None, validation_regex=None)

Bases: object

(experimental) Configuration for Lambda authorization in AppSync.

Note that you can only have a single AWS Lambda function configured to authorize your API.

Parameters:

  • handler (IFunction) – (experimental) The authorizer lambda function. Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To do so with the AWS CLI, run the following: aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal appsync.amazonaws.com --action lambda:InvokeFunction

  • results_cache_ttl (Optional[Duration]) – (experimental) How long the results are cached. Disable caching by setting this to 0. Default: Duration.minutes(5)

  • validation_regex (Optional[str]) – (experimental) A regular expression for validation of tokens before the Lambda function is called. Default: - no regex filter will be applied.

Stability:

experimental

ExampleMetadata:

infused

Example:

import aws_cdk.aws_lambda as lambda_
# auth_function: lambda.Function


appsync.GraphqlApi(self, "api",
    name="api",
    schema=appsync.Schema.from_asset(path.join(__dirname, "appsync.test.graphql")),
    authorization_config=appsync.AuthorizationConfig(
        default_authorization=appsync.AuthorizationMode(
            authorization_type=appsync.AuthorizationType.LAMBDA,
            lambda_authorizer_config=appsync.LambdaAuthorizerConfig(
                handler=auth_function
            )
        )
    )
)

Attributes

handler

(experimental) The authorizer lambda function.

Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To do so with the AWS CLI, run the following:

aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal appsync.amazonaws.com --action lambda:InvokeFunction

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appsync-graphqlapi-lambdaauthorizerconfig.html

Stability:

experimental

results_cache_ttl

(experimental) How long the results are cached.

Disable caching by setting this to 0.

Default:

Duration.minutes(5)

Stability:

experimental

validation_regex

(experimental) A regular expression for validation of tokens before the Lambda function is called.

Default:

  • no regex filter will be applied.

Stability:

experimental