ApiGatewayV2Authorizer

Reference doc for the `sst.aws.ApiGatewayV2Authorizer` component.

The ApiGatewayV2Authorizer component is internally used by the ApiGatewayV2 component to add authorizers to Amazon API Gateway HTTP API.

You’ll find this component returned by the addAuthorizer method of the ApiGatewayV2 component.

Constructor

new ApiGatewayV2Authorizer(name, args, opts?)

Parameters

name string
args AuthorizerArgs
opts? ComponentResourceOptions

Properties

id

Type Output<string>

The ID of the authorizer.

nodes

Type Object

authorizer

The underlying resources this component creates.

nodes.authorizer

Type Authorizer

The API Gateway V2 authorizer.

AuthorizerArgs

api

Type Input<Object>

executionArn
id
name

The API Gateway to use for the route.

api.executionArn

Type Input<string>

The execution ARN of the API Gateway.

api.id

Type Input<string>

The ID of the API Gateway.

api.name

Type Input<string>

The name of the API Gateway.

jwt?

Type Input<Object>

audiences
identitySource?
issuer

Create a JWT or JSON Web Token authorizer that can be used by the routes.

Configure JWT auth.

{
  jwt: {
    issuer: "https://issuer.com/",
    audiences: ["https://api.example.com"],
    identitySource: "$request.header.AccessToken"
  }
}

You can also use Cognito as the identity provider.

{
  jwt: {
    audiences: [userPoolClient.id],
    issuer: $interpolate`https://cognito-idp.${aws.getArnOutput(userPool).region}.amazonaws.com/${userPool.id}`,
  }
}

Where userPool and userPoolClient are:

const userPool = new aws.cognito.UserPool();
const userPoolClient = new aws.cognito.UserPoolClient();

jwt.audiences

Type Input<Input<string>[]>

List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.

jwt.identitySource?

Type Input<string>

Default “$request.header.Authorization”

Specifies where to extract the JWT from the request.

jwt.issuer

Type Input<string>

Base domain of the identity provider that issues JSON Web Tokens.

{
  issuer: "https://issuer.com/"
}

lambda?

Type Input<Object>

function
identitySources?
payload?
response?
ttl?

Create a Lambda authorizer that can be used by the routes.

Configure Lambda auth.

{
  lambda: {
    function: "src/authorizer.index"
  }
}

lambda.function

Type Input<string | FunctionArgs>

The Lambda authorizer function. Takes the handler path or the function args.

Add a simple authorizer.

{
  function: "src/authorizer.index"
}

Customize the authorizer handler.

{
  function: {
    handler: "src/authorizer.index",
    memory: "2048 MB"
  }
}

lambda.identitySources?

Type Input<Input<string>[]>

Default [“$request.header.Authorization”]

Specifies where to extract the identity from.

{
  identitySources: ["$request.header.RequestToken"]
}

lambda.payload?

Type Input<“1.0” | “2.0”>

Default “2.0”

The JWT payload version.

{
  payload: "2.0"
}

lambda.response?

Type Input<“simple” | “iam”>

Default “simple”

The response type.

{
  response: "iam"
}

lambda.ttl?

Type Input<“${number} minute” | “${number} minutes” | “${number} hour” | “${number} hours” | “${number} second” | “${number} seconds”>

Default Not cached

The time to live (TTL) for the authorizer.

{
  ttl: "300 seconds"
}

name

Type string

The name of the authorizer.

{
  name: "myAuthorizer"
}

transform?

Type Object

authorizer?

Transform how this component creates its underlying resources.

transform.authorizer?

Type AuthorizerArgs | (args: AuthorizerArgs, opts: ComponentResourceOptions, name: string) => void

Transform the API Gateway authorizer resource.