Is it possible to have an Authorizer Lambda and a Proxy Lambda in the API Gateway?
Yes, it is possible to have API Gateway wire up an authorizer Lambda to a proxy Lambda, but, it sounds like you also want to have the proxy Lambda wired up to a separate Lambda. (Perhaps you're looking for "request filters" à la the Spring model.) API Gateway and Lambda do not support this structure as well as one would hope.
If you want to implement a service-level separation of concerns, you may want to look into Lambda to Lambda invocation. In the model you propose, this would look something like...
Gateway Authorizer λ -> Gateway Proxy λ (perform routing) -> "backend" λ
What this buys you is the ability to have custom routing and validation logic at the proxy level. However, I should issue the following notes of caution:
- The proxy Lambda will need to wait for the backend Lambda to finish processing to return a result back to the gateway, meaning that you will essentially be billed double for every request (this is simplified, since you may have different Lambda sizes with different billing rates, but you get my point)
- You are moving configuration out of the AWS Console and into a more managed solution. This may not be an issue in your case, but it is something to keep in mind as your application grows if the scalability of your routing solution becomes a bottleneck
One feature of AWS Lambda which you may be interested in is Lambda Layers. This will be more of a code-level separation than a service-level separation, which may or may not be sufficient in your case.
In practice, my team used the API Gateway Authorizer only to solve AuthN (as it sounds like you are doing). We then had each Lambda handle its specific input validation (query parameters, request bodies, etc.) and handle AuthZ by querying a custom service.
Hope this helps. Good luck :).
