Merge pull request #4999 from hgiasac/cognito-authorizerid-documentation

Update AWS API Gateway Share Authorizer Documentation
2026-01-18 14:58:43 +00:00 · 2018-06-13 01:57:30 +09:00 · 2018-06-13 01:57:30 +09:00 · 421d809646
commit 421d809646
parent 9f0ff90caf 0d6bd71b52
1 changed files with 79 additions and 27 deletions
--- a/docs/providers/aws/events/apigateway.md
+++ b/docs/providers/aws/events/apigateway.md
@ -12,31 +12,37 @@ layout: Doc

 # API Gateway

- [Lambda Proxy Integration](#lambda-proxy-integration)
-  - [Simple HTTP Endpoint](#simple-http-endpoint)
-  - [Example "LAMBDA-PROXY" event (default)](#example-lambda-proxy-event-default)
-  - [HTTP Endpoint with Extended Options](#http-endpoint-with-extended-options)
-  - [Enabling CORS](#enabling-cors)
-  - [HTTP Endpoints with `AWS_IAM` Authorizers](#http-endpoints-with-aws_iam-authorizers)
-  - [HTTP Endpoints with Custom Authorizers](#http-endpoints-with-custom-authorizers)
-  - [Catching Exceptions In Your Lambda Function](#catching-exceptions-in-your-lambda-function)
-  - [Setting API keys for your Rest API](#setting-api-keys-for-your-rest-api)
-  - [Request Parameters](#request-parameters)
- [Lambda Integration](#lambda-integration)
-  - [Example "LAMBDA" event (before customization)](#example-lambda-event-before-customization)
-  - [Request templates](#request-templates)
-    - [Default Request Templates](#default-request-templates)
-    - [Custom Request Templates](#custom-request-templates)
-    - [Pass Through Behavior](#pass-through-behavior)
-  - [Responses](#responses)
-    - [Custom Response Headers](#custom-response-headers)
-  - [Custom Response Templates](#custom-response-templates)
-  - [Status codes](#status-codes)
-    - [Available Status Codes](#available-status-codes)
-    - [Using Status Codes](#using-status-codes)
-    - [Custom Status Codes](#custom-status-codes)
- [Setting an HTTP Proxy on API Gateway](#setting-an-http-proxy-on-api-gateway)
- [Share API Gateway and API Resources](#share-api-gateway-and-api-resources)
+- [API Gateway](#api-gateway)
+  - [Lambda Proxy Integration](#lambda-proxy-integration)
+    - [Simple HTTP Endpoint](#simple-http-endpoint)
+    - [Example "LAMBDA-PROXY" event (default)](#example-lambda-proxy-event-default)
+    - [HTTP Endpoint with Extended Options](#http-endpoint-with-extended-options)
+    - [Enabling CORS](#enabling-cors)
+    - [HTTP Endpoints with `AWS_IAM` Authorizers](#http-endpoints-with-aws-iam-authorizers)
+    - [HTTP Endpoints with Custom Authorizers](#http-endpoints-with-custom-authorizers)
+    - [Catching Exceptions In Your Lambda Function](#catching-exceptions-in-your-lambda-function)
+    - [Setting API keys for your Rest API](#setting-api-keys-for-your-rest-api)
+    - [Configuring endpoint types](#configuring-endpoint-types)
+    - [Request Parameters](#request-parameters)
+  - [Lambda Integration](#lambda-integration)
+    - [Example "LAMBDA" event (before customization)](#example-lambda-event-before-customization)
+    - [Request templates](#request-templates)
+      - [Default Request Templates](#default-request-templates)
+      - [Custom Request Templates](#custom-request-templates)
+      - [Pass Through Behavior](#pass-through-behavior)
+    - [Responses](#responses)
+      - [Custom Response Headers](#custom-response-headers)
+    - [Custom Response Templates](#custom-response-templates)
+    - [Status Codes](#status-codes)
+      - [Available Status Codes](#available-status-codes)
+      - [Using Status Codes](#using-status-codes)
+      - [Custom Status Codes](#custom-status-codes)
+  - [Setting an HTTP Proxy on API Gateway](#setting-an-http-proxy-on-api-gateway)
+  - [Share API Gateway and API Resources](#share-api-gateway-and-api-resources)
+    - [Easiest and CI/CD friendly example of using shared API Gateway and API Resources.](#easiest-and-ci-cd-friendly-example-of-using-shared-api-gateway-and-api-resources)
+    - [Manually Configuring shared API Gateway](#manually-configuring-shared-api-gateway)
+      - [Note while using authorizers with shared API Gateway](#note-while-using-authorizers-with-shared-api-gateway)
+  - [Share Authorizer](#share-authorizer)

 _Are you looking for tutorials on using API Gateway? Check out the following resources:_

@ -1055,6 +1061,7 @@ Top Navbar should look like this
 Here xxxxxxxxx is your restApiId and yyyyyyyyyy the restApiRootResourceId.

 #### Note while using authorizers with shared API Gateway
+
 AWS API Gateway allows only 1 Authorizer for 1 ARN, This is okay when you use conventional serverless setup, because each stage and service will create different API Gateway. But this can cause problem when using authorizers with shared API Gateway. If we use the same authorizer directly in different services like this. 

 ```yml
@ -1097,5 +1104,50 @@ functions:
 ```

 we encounter error from cloudformation as reported [here](https://github.com/serverless/serverless/issues/4711).
-A proper fix for this is work in progress [here](https://github.com/serverless/serverless/pull/4197) and is marked under milestone for version 1.28.
-Until then you can either use the above PR as monkeypatch (as explained in the PR comments) or you can add a unique `name` attribute to `authorizer` in each function. This creates different API Gateway authorizer for each function, bound to the same API Gateway.
+
+A proper fix for this is work is using [Share Authorizer](#share-authorizer) or you can add a unique `name` attribute to `authorizer` in each function. This creates different API Gateway authorizer for each function, bound to the same API Gateway. However, there is a limit of 10 authorizers per RestApi, and they are forced to contact AWS to request a limit increase to unblock development. 
+
+## Share Authorizer
+
+Auto-created Authorizer is convenient for conventional setup. However, when you need to define your custom Authorizer, or use `COGNITO_USER_POOLS` authorizer with shared API Gateway, it is painful because of AWS limitation. Sharing Authorizer is a better way to do. 
+
+```yml
+functions:
+  createUser:
+     ...
+    events:
+      - http:
+          path: /users
+          ...     
+          authorizer:
+            # Provide both type and authorizerId
+            type: COGNITO_USER_POOLS # TOKEN or COGNITO_USER_POOLS, same as AWS Cloudformation documentation
+            authorizerId: 
+              Ref: ApiGatewayAuthorizer  # or hard-code Authorizer ID
+
+  deleteUser:
+     ...
+    events:
+      - http:
+          path: /users/{userId}
+          ...     
+          # Provide both type and authorizerId
+          type: COGNITO_USER_POOLS # TOKEN or COGNITO_USER_POOLS, same as AWS Cloudformation documentation
+          authorizerId: 
+            Ref: ApiGatewayAuthorizer # or hard-code Authorizer ID
+
+resources:
+  Resources:
+    ApiGatewayAuthorizer: 
+      Type: AWS::ApiGateway::Authorizer
+      Properties: 
+        AuthorizerResultTtlInSeconds: 300
+        IdentitySource: method.request.header.Authorization
+        Name: Cognito
+        RestApiId: 
+          Ref: YourApiGatewayName
+        Type: COGNITO_USER_POOLS
+        ProviderARNs: 
+          - arn:aws:cognito-idp:${self:provider.region}:xxxxxx:userpool/abcdef 
+          
+```