AWS Papers

Creating custom authorizer using SAM AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources:   Api:     Type: AWS::Serverless::Api     Properties:       StageName: devtesting       DefinitionBody:         swagger: "2.0"         info:           title:             Ref: AWS::StackName         description: My API that uses custom authorizer         version: 1.0.0         paths:           "/getmesomething":             get:               x-amazon-apigateway-integration:                 httpMethod: GET                 type: aws_proxy         ...

Below snippet shows how to clean up a lambda resource and its associated ENI --- Resources:   LambdaFunction:     Type: "AWS::Lambda::Function"     Properties:       Handler: "index.lambda_handler"       Role: !GetAtt LambdaFunctionRole.Arn       Code:         ZipFile: !Sub |           def lambda_handler(event, context):             print('Hello World')       Runtime: "python2.7"       Timeout: "60"       VpcConfig:         SecurityGroupIds:           - !Ref SecurityGroup1           - !Ref SecurityGroup2         SubnetIds:           - !Ref Subnet1           - !Ref Subnet2   VPCLambdaCleanupCustomResource:     Type: Custom::...

Below is the sample snippet for get end point for pets based on id. For this endpoint pet id is passed as path parameter. In the below snippet few values need to be substituted for it to work. PetsByIdGetLambda.Arn refers to the lambda resource with name PetsByIdGetLambda. This resource needs to be available in the SAM template and reference should be valid. Alternatively we could use the acutal arn of the lambda but it will have to be substituted as part of the provisioning process. Alternative approaches involves using function import and export available in cloudformation. We could also use shell script to token replace the value based on parameters or hard code the value for manual testing purpose and use the console to import the API swagger: 2.0 basePath: /prod info:   title: Pet store API schemes:   - https paths:     '/api/v1/pets/{id}':           get:             produces:     ...

In this part of the blog we will cover the section  Integration Request  in detail. In the below screenshot we can see two kinds of integration request involving lambda as back end service. The first one uses lamba function where as second one uses lambda proxy There are multiple options in this section. Most commonly used ones are lambda and mock. Lambda is default option selected Mock option is used when we want API gateway to provide response based on mappings and transformation. It is also the choice when implementing options. Options http method invocation will be used to understand the various method the resource provides along with CORS details. HTTP option is used when we want to make request to another existing end point. We can provide the existing endpoint url in the text box available. This configuration also provides an option to use proxy setting. We could also make method transformations here. For example if the incoming request is a get ...

Let us look at request validation features in API gateway when user requests for an end point (resource) we could perform few validations before processing the request. For example, the end point might require one or more of the below fields query parameters path parameters  header body API gateway provides validation for these fields. There are multiple options available here. Default is none. Validate body is used if the request has a payload and that needs to be schema validated before processing. We could also use the option that validates for required query string parameters and headers. Names for the parameter that are applicable can be provided in the section as shown below If the parameters need to be part of the cache we need to enable caching so that parameter becomes part of the cache key. Also the request body section will need the name of the model and the content type of the body. We need to create models in the section below first and then re...

Let us look at the configuration of method request section The first setting is about authorization. Default option is none. The provided option is AWS IAM. But we can also use custom authorization if we need such a feature. We can create and add an authorizer to the section as shown below During the creation of authorizer several options are available. The first choice we have is the type of authorizer. Two possible values are lambda or cognito. If we choose lambda then we have a set of options. We need to provide the name of the lambda function.  This lambda function is responsible for validating the user and providing the necessary policy back. This policy will be evaluated and the user is either allowed or denied access to the resource.  For the lambda based authorization there are couple of options. We could use either token based approach or request based approach.  In the token based approach the user is expected to provide a valid token and th...