@pulumi/awsx

Version:

[![Actions Status](https://github.com/pulumi/pulumi-awsx/workflows/master/badge.svg)](https://github.com/pulumi/pulumi-awsx/actions) [![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fur

pulumi.com

pulumi/pulumi-awsx

166 lines (165 loc) • 7.92 kB

TypeScript

import * as aws from "@pulumi/aws"; import * as pulumi from "@pulumi/pulumi"; import type * as awslambda from "aws-lambda"; export type AuthorizerEvent = awslambda.CustomAuthorizerEvent; export type AuthorizerResponse = awslambda.CustomAuthorizerResult; export type AuthResponseContext = awslambda.AuthResponseContext; /** * LambdaAuthorizer provides the definition for a custom Authorizer for API Gateway. */ export interface LambdaAuthorizer { /** * The name for the Authorizer to be referenced as. This must be unique for each unique * authorizer within the API. If no name if specified, a name will be generated for you. */ authorizerName?: string; /** * parameterName is the name of the header or query parameter containing the authorization * token. Must be "Unused" for multiple identity sources. * */ parameterName: string; /** * Defines where in the request API Gateway should look for identity information. The value must * be "header" or "query". If there are multiple identity sources, the value must be "header". */ parameterLocation: "header" | "query"; /** * Specifies the authorization mechanism for the client. Typical values are "oauth2" or "custom". */ authType: string; /** * The type of the authorizer. This value must be one of the following: * - "token", for an authorizer with the caller identity embedded in an authorization token * - "request", for an authorizer with the caller identity contained in request parameters */ type: "token" | "request"; /** * The authorizerHandler specifies information about the authorizing Lambda. You can either set * up the Lambda separately and just provide the required information or you can define the * Lambda inline using a JavaScript function. */ handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>; /** * List of mapping expressions of the request parameters as the identity source. This indicates * where in the request identity information is expected. Applicable for the authorizer of the * "request" type only. Example: ["method.request.header.HeaderAuth1", * "method.request.querystring.QueryString1"] */ identitySource?: string[]; /** * A regular expression for validating the token as the incoming identity. It only invokes the * authorizer's lambda if there is a match, else it will return a 401. This does not apply to * REQUEST Lambda Authorizers. Example: "^x-[a-z]+" */ identityValidationExpression?: string; /** * The number of seconds during which the resulting IAM policy is cached. Default is 300s. You * can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an * authorizer across more than one route you will want to disable the cache or else it will * cause problems for you. */ authorizerResultTtlInSeconds?: number; } export interface LambdaAuthorizerInfo { /** * The Uniform Resource Identifier (URI) of the authorizer Lambda function. The Lambda may also * be passed directly, in which cases the URI will be obtained for you. */ uri: pulumi.Input<string> | aws.lambda.Function; /** * Credentials required for invoking the authorizer in the form of an ARN of an IAM execution role. * For example, "arn:aws:iam::account-id:IAM_role". */ credentials: pulumi.Input<string> | aws.iam.Role; } /** * Simplifies creating an AuthorizerResponse. * * @param principalId - unique identifier for the user * @param effect - whether to "Allow" or "Deny" the request * @param resource - the API method to be invoked (typically event.methodArn) * @param context - key-value pairs that are passed from the authorizer to the backend Lambda * @param apiKey - if the API uses a usage plan, this must be set to one of the usage plan's API keys */ export declare function authorizerResponse(principalId: string, effect: Effect, resource: string, context?: AuthResponseContext, apiKey?: string): AuthorizerResponse; export type Effect = "Allow" | "Deny"; /** * The set of arguments for constructing a token LambdaAuthorizer resource. */ export interface TokenAuthorizerArgs { /** * The name for the Authorizer to be referenced as. This must be unique for each unique * authorizer within the API. If no name if specified, a name will be generated for you. */ authorizerName?: string; /** * The request header for the authorization token. If not set, this defaults to * Authorization. */ header?: string; /** * The authorizerHandler specifies information about the authorizing Lambda. You can either set * up the Lambda separately and just provide the required information or you can define the * Lambda inline using a JavaScript function. */ handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>; /** * A regular expression for validating the token as the incoming identity. * Example: "^x-[a-z]+" */ identityValidationExpression?: string; /** * The number of seconds during which the resulting IAM policy is cached. Default is 300s. You * can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an * authorizer across more than one route you will want to disable the cache or else it will * cause problems for you. */ authorizerResultTtlInSeconds?: number; } /** * getTokenLambdaAuthorizer is a helper function to generate a token LambdaAuthorizer. * @param name - the name for the authorizer. This must be unique for each unique authorizer in the API. * @param args - configuration information for the token Lambda. */ export declare function getTokenLambdaAuthorizer(args: TokenAuthorizerArgs): LambdaAuthorizer; /** * The set of arguments for constructing a request LambdaAuthorizer resource. */ export interface RequestAuthorizerArgs { /** * The name for the Authorizer to be referenced as. This must be unique for each unique authorizer * within the API. If no name if specified, a name will be generated for you. */ authorizerName?: string; /** * queryParameters is an array of the expected query parameter keys used to authorize a request. * While this argument is optional, at least one queryParameter or one header must be defined. * */ queryParameters?: string[]; /** * headers is an array of the expected header keys used to authorize a request. * While this argument is optional, at least one queryParameter or one header must be defined. * */ headers?: string[]; /** * The authorizerHandler specifies information about the authorizing Lambda. You can either set * up the Lambda separately and just provide the required information or you can define the * Lambda inline using a JavaScript function. */ handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>; /** * The number of seconds during which the resulting IAM policy is cached. Default is 300s. You * can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an * authorizer across more than one route you will want to disable the cache or else it will * cause problems for you. */ authorizerResultTtlInSeconds?: number; } /** * getRequestLambdaAuthorizer is a helper function to generate a request LambdaAuthorizer. * * @param name - the name for the authorizer. This must be unique for each unique authorizer in the * API. * @param args - configuration information for the token Lambda. */ export declare function getRequestLambdaAuthorizer(args: RequestAuthorizerArgs): LambdaAuthorizer;