LambdaAuthorizerConfig
A LambdaAuthorizerConfig
specifies how to authorize Amazon AppSync API access when
using the AWS_LAMBDA
authorizer mode. Be aware that an Amazon AppSync API can have only
one Amazon Lambda authorizer configured at a time.
Contents
-
The Amazon Resource Name (ARN) of the Lambda function to be called for authorization. This can be a standard Lambda ARN, a version ARN (
.../v3
), or an alias ARN.Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To use the Amazon Command Line Interface (Amazon CLI), run the following:
aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal appsync.amazonaws.com --action lambda:InvokeFunction
Type: String
Required: Yes
-
The number of seconds a response should be cached for. The default is 0 seconds, which disables caching. If you don't specify a value for
authorizerResultTtlInSeconds
, the default value is used. The maximum value is one hour (3600 seconds). The Lambda function can override this by returning attlOverride
key in its response.Type: Integer
Valid Range: Minimum value of 0. Maximum value of 3600.
Required: No
- identityValidationExpression
-
A regular expression for validation of tokens before the Lambda function is called.
Type: String
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: