How to deploy an API Gateway custom authorizer without identity sources using serverless?

1
votes

I'm trying to create a custom lambda authorizer in API Gateway using the serverless framework.

The clients of my service may send either 'Authorization' or 'X-Custom' header (but not both). So what I need is a custom authorizer without an identity source.

The serverless YAML sniped is as follows:

functions:
  create:
    handler: posts.create
    events:
      - http:
          path: posts/create
          method: post
          authorizer:
            arn: xxx:xxx:Lambda-Name
            resultTtlInSeconds: 0
            type: request
          integration: lambda
          cors: true
          request:
            template:
              application/json: '{"method": "$context.httpMethod","body" : $input.json("$"),"headers": {#foreach($param in $input.params().header.keySet())"$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end#end},"queryParams": {#foreach($param in $input.params().querystring.keySet())"$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end#end},"pathParameters": {#foreach($param in $input.params().path.keySet())"$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end#end}}'

I'm using the following request template so that my lambda gets the headers and can perform the validation:

{"method": "$context.httpMethod","body" : $input.json("$"),"headers": {#foreach($param in $input.params().header.keySet())"$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end#end},"queryParams": {#foreach($param in $input.params().querystring.keySet())"$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end#end},"pathParameters": {#foreach($param in $input.params().path.keySet())"$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end#end}}

The problem is that when I run the serverless deploy command the authorizer is created with an 'Authorization' identity resource.

I based my code in the following resources:

This lead me to two questions:

  1. what is the conformation version that the serverless framework is using to deploy my authorizer?
  2. How do I specify a custom authorizer without resources?
2
amazon-web-servicesaws-api-gatewayserverlesslambda-authorizer

2 Answers

1
votes

This worked for me.

  identitySource: '',
  resultTtlInSeconds: 0 // You have to set this to 0.

Hope this saves people the pain I have just been through! :P

0
votes

My guess is that the serverless framework is conforming to the first version, since it complained when i tried to set the value to an empty list. Using and empty string solved it for me.

identitySource: ''