I'm trying to create a custom lambda authorizer in API Gateway using the serverless framework.
The clients of my service may send either 'Authorization' or 'X-Custom' header (but not both). So what I need is a custom authorizer without an identity source.
The serverless YAML sniped is as follows:
functions:
create:
handler: posts.create
events:
- http:
path: posts/create
method: post
authorizer:
arn: xxx:xxx:Lambda-Name
resultTtlInSeconds: 0
type: request
integration: lambda
cors: true
request:
template:
application/json: '{"method": "$context.httpMethod","body" : $input.json("$"),"headers": {#foreach($param in $input.params().header.keySet())"$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end#end},"queryParams": {#foreach($param in $input.params().querystring.keySet())"$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end#end},"pathParameters": {#foreach($param in $input.params().path.keySet())"$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end#end}}'
I'm using the following request template so that my lambda gets the headers and can perform the validation:
{"method": "$context.httpMethod","body" : $input.json("$"),"headers": {#foreach($param in $input.params().header.keySet())"$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end#end},"queryParams": {#foreach($param in $input.params().querystring.keySet())"$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end#end},"pathParameters": {#foreach($param in $input.params().path.keySet())"$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end#end}}
The problem is that when I run the serverless deploy command the authorizer is created with an 'Authorization' identity resource.
I based my code in the following resources:
- Serverless endpoints with custom authorizers.
- Cloudformation AWS API Gateway Authorizer.
- Cloudformation AWS API Gateway Authorizer V2.
This lead me to two questions:
- what is the conformation version that the serverless framework is using to deploy my authorizer?
- How do I specify a custom authorizer without resources?