Reference an Authorizer definition in an API Gateway path

问题

I've defined a custom authorizer in my cloudformation template:

MyCustomAuthorizer:
  Type: AWS::ApiGateway::Authorizer
  Properties:
    Name: "MyCustomAuthorizer"
    Type: "TOKEN"
    AuthorizerUri: "arn:my_lambda"
    IdentitySource: "method.request.header.Auth"
    RestApiId:
      Ref: ApiGatewayApi

And I have a Api Gateway API:

  ApiGatewayApi:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Name: "ApiGatewayApi"
      Description: "Api gateway REST API"
      Body:
        basePath: "/prod"
        schemes:
        - "https"
        paths:
          /echo:
            get:
              consumes:
              - "application/json"
              produces:
              - "application/json"
              responses:
                "200":
                  description: "200 response"
                  schema:
                    $ref: "#/definitions/schema"
              security:
                - sigv4: []

How do I make specifically the /echo path use MyCustomAuthorizer?

I can do this on the console using the instructions here

回答1:

The documentation has an example. You need to add the custom authorizer in the 'security' property within the method

  "securityDefinitions" : {
    "test-authorizer" : {
      "type" : "apiKey",                         // Required and the value must be "apiKey" for an API Gateway API.
      "name" : "Authorization",                  // The source header name identifying this authorizer.
      "in" : "header",                           // Required and the value must be "header" for an AAPI Gateway API.
      "x-amazon-apigateway-authtype" : "oauth2", // Specifies the authorization mechanism for the client.
      "x-amazon-apigateway-authorizer" : {       // An API Gateway custom authorizer definition
        "type" : "token",                        // Required property and the value must "token"
        "authorizerUri" : "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:account-id:function:function-name/invocations",
        "authorizerCredentials" : "arn:aws:iam::account-id:role",
        "identityValidationExpression" : "^x-[a-z]+",
        "authorizerResultTtlInSeconds" : 60
      }
    }
  }


   "/http" : {
  "get" : {
    "responses" : { },
    "security" : [ {
      "test-authorizer" : [ ]
    } ],
    "x-amazon-apigateway-integration" : {
      "type" : "http",
      "responses" : {
        "default" : {
          "statusCode" : "200"
        }
      },
      "httpMethod" : "GET",
      "uri" : "http://api.example.com"
    }
  }
}

来源：https://stackoverflow.com/questions/42858424/reference-an-authorizer-definition-in-an-api-gateway-path