AWS::IoT::Authorizer - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Specifies an authorizer.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::IoT::Authorizer", "Properties" : { "AuthorizerFunctionArn" : String, "AuthorizerName" : String, "EnableCachingForHttp" : Boolean, "SigningDisabled" : Boolean, "Status" : String, "Tags" : [ Tag, ... ], "TokenKeyName" : String, "TokenSigningPublicKeys" : {Key: Value, ...} } }


Type: AWS::IoT::Authorizer Properties: AuthorizerFunctionArn: String AuthorizerName: String EnableCachingForHttp: Boolean SigningDisabled: Boolean Status: String Tags: - Tag TokenKeyName: String TokenSigningPublicKeys: Key: Value



The authorizer's Lambda function ARN.

Required: Yes

Type: String

Update requires: No interruption


The authorizer name.

Required: No

Type: String

Pattern: [\w=,@-]+

Minimum: 1

Maximum: 128

Update requires: Replacement


When true, the result from the authorizer's Lambda function is cached for clients that use persistent HTTP connections. The results are cached for the time specified by the Lambda function in refreshAfterInSeconds. This value doesn't affect authorization of clients that use MQTT connections.

Required: No

Type: Boolean

Update requires: No interruption


Specifies whether Amazon IoT validates the token signature in an authorization request.

Required: No

Type: Boolean

Update requires: Replacement


The status of the authorizer.

Valid values: ACTIVE | INACTIVE

Required: No

Type: String

Allowed values: ACTIVE | INACTIVE

Update requires: No interruption


Metadata which can be used to manage the custom authorizer.


For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

Required: No

Type: Array of Tag

Update requires: No interruption


The key used to extract the token from the HTTP headers.

Required: No

Type: String

Update requires: No interruption


The public keys used to validate the token signature returned by your custom authentication service.

Required: No

Type: Object of String

Pattern: [a-zA-Z0-9:_-]+

Maximum: 5120

Update requires: No interruption

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the authorizer name. For example:

{ "Ref": "MyAuthorizer" }

For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The Amazon Resource Name (ARN) of the authorizer.