AWS::AppSync::GraphQLApi LambdaAuthorizerConfig
Configuration for Amazon Lambda function authorization.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "AuthorizerResultTtlInSeconds" :
Double
, "AuthorizerUri" :String
, "IdentityValidationExpression" :String
}
YAML
AuthorizerResultTtlInSeconds:
Double
AuthorizerUri:String
IdentityValidationExpression:String
Properties
AuthorizerResultTtlInSeconds
-
The number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a
ttlOverride
key in its response. A value of 0 disables caching of responses.Required: No
Type: Double
Update requires: No interruption
AuthorizerUri
-
The ARN of the Lambda function to be called for authorization. This may be a standard Lambda ARN, a version ARN (
.../v3
) or alias ARN.Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To do so with the Amazon CLI, run the following:
aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal appsync.amazonaws.com --action lambda:InvokeFunction
Required: No
Type: String
Update requires: No interruption
IdentityValidationExpression
-
A regular expression for validation of tokens before the Lambda function is called.
Required: No
Type: String
Update requires: No interruption