github.com/adrian-bl/terraform@v0.7.0-rc2.0.20160705220747-de0a34fc3517/website/source/docs/providers/aws/r/api_gateway_authorizer.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "AWS: aws_api_gateway_authorizer" 4 sidebar_current: "docs-aws-resource-api-gateway-authorizer" 5 description: |- 6 Provides an API Gateway Authorizer. 7 --- 8 9 # aws\_api\_gateway\_authorizer 10 11 Provides an API Gateway Authorizer. 12 13 ## Example Usage 14 15 ``` 16 resource "aws_api_gateway_authorizer" "demo" { 17 name = "demo" 18 rest_api_id = "${aws_api_gateway_rest_api.demo.id}" 19 authorizer_uri = "arn:aws:apigateway:region:lambda:path/2015-03-31/functions/${aws_lambda_function.authorizer.arn}/invocations" 20 authorizer_credentials = "${aws_iam_role.invocation_role.arn}" 21 } 22 23 resource "aws_api_gateway_rest_api" "demo" { 24 name = "auth-demo" 25 } 26 27 resource "aws_iam_role" "invocation_role" { 28 name = "api_gateway_auth_invocation" 29 path = "/" 30 assume_role_policy = <<EOF 31 { 32 "Version": "2012-10-17", 33 "Statement": [ 34 { 35 "Action": "sts:AssumeRole", 36 "Principal": { 37 "Service": "apigateway.amazonaws.com" 38 }, 39 "Effect": "Allow", 40 "Sid": "" 41 } 42 ] 43 } 44 EOF 45 } 46 47 resource "aws_iam_role_policy" "invocation_policy" { 48 name = "default" 49 role = "${aws_iam_role.invocation_role.id}" 50 policy = <<EOF 51 { 52 "Version": "2012-10-17", 53 "Statement": [ 54 { 55 "Action": "lambda:InvokeFunction", 56 "Effect": "Allow", 57 "Resource": "${aws_lambda_function.authorizer.arn}" 58 } 59 ] 60 } 61 EOF 62 } 63 64 resource "aws_iam_role" "lambda" { 65 name = "demo-lambda" 66 assume_role_policy = <<EOF 67 { 68 "Version": "2012-10-17", 69 "Statement": [ 70 { 71 "Action": "sts:AssumeRole", 72 "Principal": { 73 "Service": "lambda.amazonaws.com" 74 }, 75 "Effect": "Allow", 76 "Sid": "" 77 } 78 ] 79 } 80 EOF 81 } 82 83 resource "aws_lambda_function" "authorizer" { 84 filename = "lambda-function.zip" 85 source_code_hash = "${base64sha256(file("lambda-function.zip"))}" 86 function_name = "api_gateway_authorizer" 87 role = "${aws_iam_role.lambda.arn}" 88 handler = "exports.example" 89 } 90 ``` 91 92 ## Argument Reference 93 94 The following arguments are supported: 95 96 * `authorizer_uri` - (Required) The authorizer's Uniform Resource Identifier (URI). 97 For `TOKEN` type, this must be a well-formed Lambda function URI in the form of 98 `arn:aws:apigateway:{region}:lambda:path/{service_api}`. e.g. `arn:aws:apigateway:region:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations` 99 * `name` - (Required) The name of the authorizer 100 * `rest_api_id` - (Required) The ID of the associated REST API 101 * `identity_source` - (Optional) The source of the identity in an incoming request. 102 Defaults to `method.request.header.Authorization`. 103 * `type` - (Optional) The type of the authorizer. `TOKEN` is currently the only allowed value. 104 Defaults to `TOKEN`. 105 * `authorizer_credentials` - (Optional) The credentials required for the authorizer. 106 To specify an IAM Role for API Gateway to assume, use the IAM Role ARN. 107 * `authorizer_result_ttl_in_seconds` - (Optional) The TTL of cached authorizer results in seconds. 108 Defaults to `300`. 109 * `identity_validation_expression` - (Optional) A validation expression for the incoming identity. 110 For `TOKEN` type, this value should be a regular expression. The incoming token from the client is matched 111 against this expression, and will proceed if the token matches. If the token doesn't match, 112 the client receives a 401 Unauthorized response.