AuthProvider - Amazon Serverless Application Model
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AuthProvider

Optional authorization configuration for your additional GraphQL API authorization types.

Syntax

To declare this entity in your Amazon Serverless Application Model (Amazon SAM) template, use the following syntax.

YAML

LambdaAuthorizer: LambdaAuthorizerConfig
OpenIDConnect: OpenIDConnectConfig
Type: String
UserPool: UserPoolConfig

Properties

LambdaAuthorizer

Specify the optional authorization configuration for your Amazon Lambda function authorizer. You can configure this optional property when Type is specified as AWS_LAMBDA.

Type: LambdaAuthorizerConfig

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the LambdaAuthorizerConfig property of an AWS::AppSync::GraphQLApi AdditionalAuthenticationProvider object.

OpenIDConnect

Specify the optional authorization configuration for your OpenID Connect compliant service. You can configure this optional property when Type is specified as OPENID_CONNECT.

Type: OpenIDConnectConfig

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the OpenIDConnectConfig property of an AWS::AppSync::GraphQLApi AdditionalAuthenticationProvider object.

Type

The default authorization type between applications and your Amazon AppSync GraphQL API.

For a list and description of allowed values, see Authorization and authentication in the Amazon AppSync Developer Guide.

When you specify a Lambda authorizer (AWS_LAMBDA), Amazon SAM creates an Amazon Identity and Access Management (IAM) policy to provision permissions between your GraphQL API and Lambda function.

Type: String

Required: Yes

Amazon CloudFormation compatibility: This property is passed directly to the AuthenticationType property of an AWS::AppSync::GraphQLApi AdditionalAuthenticationProvider object.

UserPool

Specify the optional authorization configuration for using Amazon Cognito user pools. You can configure this optional property when Type is specified as AMAZON_COGNITO_USER_POOLS.

Type: UserPoolConfig

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the UserPoolConfig property of an AWS::AppSync::GraphQLApi AdditionalAuthenticationProvider object.