AWS::AppSync::GraphQLApi LambdaAuthorizerConfig - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::AppSync::GraphQLApi LambdaAuthorizerConfig

Configuration for Amazon Lambda function authorization.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "AuthorizerResultTtlInSeconds" : Double,
  "AuthorizerUri" : String,
  "IdentityValidationExpression" : String
}

Properties

AuthorizerResultTtlInSeconds

The number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses.

Required: No

Type: Double

Update requires: No interruption

AuthorizerUri

The ARN of the Lambda function to be called for authorization. This may be a standard Lambda ARN, a version ARN (.../v3) or alias ARN.

Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To do so with the Amazon CLI, run the following:

aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal appsync.amazonaws.com --action lambda:InvokeFunction

Required: No

Type: String

Update requires: No interruption

IdentityValidationExpression

A regular expression for validation of tokens before the Lambda function is called.

Required: No

Type: String

Update requires: No interruption