AWS::IoT::Authorizer - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::IoT::Authorizer

Specifies an authorizer.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::IoT::Authorizer", "Properties" : { "AuthorizerFunctionArn" : String, "AuthorizerName" : String, "EnableCachingForHttp" : Boolean, "SigningDisabled" : Boolean, "Status" : String, "Tags" : [ Tag, ... ], "TokenKeyName" : String, "TokenSigningPublicKeys" : {Key: Value, ...} } }

YAML

Type: AWS::IoT::Authorizer Properties: AuthorizerFunctionArn: String AuthorizerName: String EnableCachingForHttp: Boolean SigningDisabled: Boolean Status: String Tags: - Tag TokenKeyName: String TokenSigningPublicKeys: Key: Value

Properties

AuthorizerFunctionArn

The authorizer's Lambda function ARN.

Required: Yes

Type: String

Update requires: No interruption

AuthorizerName

The authorizer name.

Required: No

Type: String

Pattern: [\w=,@-]+

Minimum: 1

Maximum: 128

Update requires: Replacement

EnableCachingForHttp

When true, the result from the authorizer's Lambda function is cached for clients that use persistent HTTP connections. The results are cached for the time specified by the Lambda function in refreshAfterInSeconds. This value doesn't affect authorization of clients that use MQTT connections.

Required: No

Type: Boolean

Update requires: No interruption

SigningDisabled

Specifies whether Amazon IoT validates the token signature in an authorization request.

Required: No

Type: Boolean

Update requires: Replacement

Status

The status of the authorizer.

Valid values: ACTIVE | INACTIVE

Required: No

Type: String

Allowed values: ACTIVE | INACTIVE

Update requires: No interruption

Tags

Metadata which can be used to manage the custom authorizer.

Note

For URI Request parameters use format: ...key1=value1&key2=value2...

For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."

For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."

Required: No

Type: Array of Tag

Update requires: No interruption

TokenKeyName

The key used to extract the token from the HTTP headers.

Required: No

Type: String

Update requires: No interruption

TokenSigningPublicKeys

The public keys used to validate the token signature returned by your custom authentication service.

Required: No

Type: Object of String

Pattern: [a-zA-Z0-9:_-]+

Maximum: 5120

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the authorizer name. For example:

{ "Ref": "MyAuthorizer" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The Amazon Resource Name (ARN) of the authorizer.