Allow for Custom Authorizers

[anderson-0]

One limitation that I am facing is that for the generated API gateway based on the openapi spec I would like to add an existing lambda function that exists in my serverless.yml.

For example, I have this lambda that check for authorization:

functions:
  authorizerHandler:
    name: ${self:service}-authorizer-${sls:stage}
    description: Authorizer handler to check incoming requests
    handler: src/handler.authorizerHandler

I've also added the code required by the package like below:

openApiIntegration:
  inputFile: src/openapi_specs/custom.yml
  package: true
  cors: true
  apiResourceName: ApiGatewayRestApiCustom
  mapping:
    - stage: [dev, stage, prod] #multiple stages
    - path: myPath

And the resource section:

resources:
  Resources:
    ApiGatewayRestApiCustom: # This resource name must match the default naming
      Type: AWS::ApiGateway::RestApi
      Properties:
        Name: "Custom_openapi"
        FailOnWarnings: "true"
        Body: ${file(src/openapi_specs/custom.yml)}

I've tried to add an api gateway authorizer like below:

ApiGatewayAuthorizer:  # Define an API Gateway Authorizer
      Type: AWS::ApiGateway::Authorizer
      Properties:
        Name: 'custom-authorizer'
        Type: TOKEN
        IdentitySource: method.request.header.Authorization
        AuthorizerUri: 
          Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${self:service}-authorizer-${self:provider.stage}/invocations
        RestApiId: 
          Ref: ApiGatewayRestApiCustom  # Reference to our defined ApiGatewayRestApi

But even with that it generates my api gateway without adding this lambda as the authorizer.
Can you tell me if this is supported in any way by the package?

[SinnoSong]

@anderson-0 Hello, I have same problem, maybe you can watch this link

[SinnoSong]

@anderson-0 Hello, I find how to define the custom authorizer. You can define an authorizer lambda, then define securitySchemes in open API file like this:

components:
  securitySchemes:
    myAuthorizer:
      type: apiKey
      in: header
      name: Authorization
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: token
        authorizerUri: 
          arn:aws:apigateway:<AWS-Region>:lambda:path/2015-03-31/functions/<AuthorizerARN>/invocations
        authorizerResultTtlInSeconds: 0

Then you can use this myAuthorizer in every endpoint:

  /test/v1:
    get:
      responses:
        '200':
          $ref: '#/components/responses/Standard200EmptyResponse'
      x-amazon-apigateway-integration:
        httpMethod: POST
        uri: 
          <LambdaARN>
        responses:
          default:
            statusCode: '200'
            responseParameters:
              method.response.header.Access-Control-Allow-Origin: "'*'"
        passthroughBehavior: when_no_match
        contentHandling: CONVERT_TO_TEXT
        type: aws_proxy
      security:
      - myAuthorizer: []