LambdaAuthorizerConfig - Amazon AppSync
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

LambdaAuthorizerConfig

A LambdaAuthorizerConfig specifies how to authorize Amazon AppSync API access when using the AWS_LAMBDA authorizer mode. Be aware that an Amazon AppSync API can have only one Amazon Lambda authorizer configured at a time.

Contents

authorizerUri

The Amazon Resource Name (ARN) of the Lambda function to be called for authorization. This can be a standard Lambda ARN, a version ARN (.../v3), or an alias ARN.

Note: This Lambda function must have the following resource-based policy assigned to it. When configuring Lambda authorizers in the console, this is done for you. To use the Amazon Command Line Interface (Amazon CLI), run the following:

aws lambda add-permission --function-name "arn:aws:lambda:us-east-2:111122223333:function:my-function" --statement-id "appsync" --principal appsync.amazonaws.com --action lambda:InvokeFunction

Type: String

Required: Yes

authorizerResultTtlInSeconds

The number of seconds a response should be cached for. The default is 0 seconds, which disables caching. If you don't specify a value for authorizerResultTtlInSeconds, the default value is used. The maximum value is one hour (3600 seconds). The Lambda function can override this by returning a ttlOverride key in its response.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 3600.

Required: No

identityValidationExpression

A regular expression for validation of tokens before the Lambda function is called.

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: