HttpApiAuth
Configure authorization to control access to your Amazon API Gateway HTTP API.
For more information about configuring access to HTTP APIs, see Controlling and managing access to an HTTP API in API Gateway in the API Gateway Developer Guide.
Syntax
To declare this entity in your Amazon Serverless Application Model (Amazon SAM) template, use the following syntax.
YAML
Authorizers:
OAuth2Authorizer | LambdaAuthorizer
DefaultAuthorizer:String
EnableIamAuthorizer:Boolean
Properties
-
The authorizer used to control access to your API Gateway API.
Type: OAuth2Authorizer | LambdaAuthorizer
Required: No
Default: None
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
Additional notes: Amazon SAM adds the authorizers to the OpenAPI definition.
-
Specify the default authorizer to use for authorizing API calls to your API Gateway API. You can specify
AWS_IAM
as a default authorizer ifEnableIamAuthorizer
is set totrue
. Otherwise, specify an authorizer that you've defined inAuthorizers
.Type: String
Required: No
Default: None
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
-
Specify whether to use IAM authorization for the API route.
Type: Boolean
Required: No
Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.
Examples
OAuth 2.0 Authorizer
OAuth 2.0 authorizer example
YAML
Auth: Authorizers: OAuth2Authorizer: AuthorizationScopes: - scope1 - scope2 JwtConfiguration: issuer: "https://www.example.com/v1/connect/oauth2" audience: - MyApi IdentitySource: "$request.querystring.param" DefaultAuthorizer: OAuth2Authorizer
IAM authorizer
IAM authorizer example
YAML
Auth: EnableIamAuthorizer: true DefaultAuthorizer: AWS_IAM