View a markdown version of this page

WebSocketApiAuth - Amazon Serverless Application Model
SyntaxPropertiesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

WebSocketApiAuth

Configure authorization to control access to your Amazon API Gateway WebSocket API.

For more information about configuring access to WebSocket APIs, see Controlling access to WebSocket APIs in the API Gateway Developer Guide.

Syntax

To declare this entity in your Amazon Serverless Application Model (Amazon SAM) template, use the following syntax.

YAML

AuthArn: String
AuthType: String
IdentitySource: List
InvokeRole: String
Name: String

Properties

AuthArn

The ARN of the Lambda function to use for authorization. Required when AuthType is CUSTOM.

Type: String

Required: Conditional

Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.

AuthType

The type of authorization. Valid values are NONE, AWS_IAM, or CUSTOM.

  • NONE - No authorization

  • AWS_IAM - IAM authorization

  • CUSTOM - Lambda authorizer

Type: String

Required: Yes

Amazon CloudFormation compatibility: This property is unique to Amazon SAM and doesn't have an Amazon CloudFormation equivalent.

IdentitySource

The identity source for which authorization is requested. For example, route.request.header.Authorization.

Type: List

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the IdentitySource property of an AWS::ApiGatewayV2::Authorizer resource.

InvokeRole

The ARN of the IAM role that API Gateway assumes when invoking the authorizer function. If not specified, Amazon SAM automatically creates a resource-based permission that allows API Gateway to invoke the authorizer function.

Type: String

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the AuthorizerCredentialsArn property of an AWS::ApiGatewayV2::Authorizer resource.

Name

The name of the authorizer.

Type: String

Required: No

Amazon CloudFormation compatibility: This property is passed directly to the Name property of an AWS::ApiGatewayV2::Authorizer resource.

Examples

Lambda Authorizer

The following example configures a Lambda authorizer for a WebSocket API.

Auth:
  AuthType: CUSTOM
  AuthArn: !GetAtt AuthorizerFunction.Arn
  IdentitySource:
    - route.request.header.Authorization

IAM Authorization

The following example configures IAM authorization for a WebSocket API.

Auth:
  AuthType: AWS_IAM