@pulumi/awsx
Version:
[](https://github.com/pulumi/pulumi-awsx/actions) [](https://slack.pulumi.com) [ of the authorizer Lambda function. The Lambda may also
* be passed directly, in which cases the URI will be obtained for you.
*/
uri: pulumi.Input<string> | aws.lambda.Function;
/**
* Credentials required for invoking the authorizer in the form of an ARN of an IAM execution role.
* For example, "arn:aws:iam::account-id:IAM_role".
*/
credentials: pulumi.Input<string> | aws.iam.Role;
}
/**
* Simplifies creating an AuthorizerResponse.
*
* @param principalId - unique identifier for the user
* @param effect - whether to "Allow" or "Deny" the request
* @param resource - the API method to be invoked (typically event.methodArn)
* @param context - key-value pairs that are passed from the authorizer to the backend Lambda
* @param apiKey - if the API uses a usage plan, this must be set to one of the usage plan's API keys
*/
export declare function authorizerResponse(principalId: string, effect: Effect, resource: string, context?: AuthResponseContext, apiKey?: string): AuthorizerResponse;
export type Effect = "Allow" | "Deny";
/**
* The set of arguments for constructing a token LambdaAuthorizer resource.
*/
export interface TokenAuthorizerArgs {
/**
* The name for the Authorizer to be referenced as. This must be unique for each unique
* authorizer within the API. If no name if specified, a name will be generated for you.
*/
authorizerName?: string;
/**
* The request header for the authorization token. If not set, this defaults to
* Authorization.
*/
header?: string;
/**
* The authorizerHandler specifies information about the authorizing Lambda. You can either set
* up the Lambda separately and just provide the required information or you can define the
* Lambda inline using a JavaScript function.
*/
handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>;
/**
* A regular expression for validating the token as the incoming identity.
* Example: "^x-[a-z]+"
*/
identityValidationExpression?: string;
/**
* The number of seconds during which the resulting IAM policy is cached. Default is 300s. You
* can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an
* authorizer across more than one route you will want to disable the cache or else it will
* cause problems for you.
*/
authorizerResultTtlInSeconds?: number;
}
/**
* getTokenLambdaAuthorizer is a helper function to generate a token LambdaAuthorizer.
* @param name - the name for the authorizer. This must be unique for each unique authorizer in the API.
* @param args - configuration information for the token Lambda.
*/
export declare function getTokenLambdaAuthorizer(args: TokenAuthorizerArgs): LambdaAuthorizer;
/**
* The set of arguments for constructing a request LambdaAuthorizer resource.
*/
export interface RequestAuthorizerArgs {
/**
* The name for the Authorizer to be referenced as. This must be unique for each unique authorizer
* within the API. If no name if specified, a name will be generated for you.
*/
authorizerName?: string;
/**
* queryParameters is an array of the expected query parameter keys used to authorize a request.
* While this argument is optional, at least one queryParameter or one header must be defined.
* */
queryParameters?: string[];
/**
* headers is an array of the expected header keys used to authorize a request.
* While this argument is optional, at least one queryParameter or one header must be defined.
* */
headers?: string[];
/**
* The authorizerHandler specifies information about the authorizing Lambda. You can either set
* up the Lambda separately and just provide the required information or you can define the
* Lambda inline using a JavaScript function.
*/
handler: LambdaAuthorizerInfo | aws.lambda.EventHandler<AuthorizerEvent, AuthorizerResponse>;
/**
* The number of seconds during which the resulting IAM policy is cached. Default is 300s. You
* can set this value to 0 to disable caching. Max value is 3600s. Note - if you are sharing an
* authorizer across more than one route you will want to disable the cache or else it will
* cause problems for you.
*/
authorizerResultTtlInSeconds?: number;
}
/**
* getRequestLambdaAuthorizer is a helper function to generate a request LambdaAuthorizer.
*
* @param name - the name for the authorizer. This must be unique for each unique authorizer in the
* API.
* @param args - configuration information for the token Lambda.
*/
export declare function getRequestLambdaAuthorizer(args: RequestAuthorizerArgs): LambdaAuthorizer;
//# sourceMappingURL=lambdaAuthorizer.d.ts.map