I have an existing Lambda function called My-Authorizer. I'm trying to deploy an API Gateway using Serverless, with CloudFormation (CF) resources, one of which is an authorizer that targets this Lambda.
Resources:
ApiGateway:
Type: AWS::ApiGateway::RestApi
Properties:
Name: "${self:service}-test"
# other resources
MyAuthorizer:
Type: AWS::ApiGateway::Authorizer
DependsOn: ApiGateway
Properties:
Name: My-Authorizer
Type: REQUEST
RestApiId:
Ref: ApiGateway
AuthorizerUri: "arn:aws:apigateway:${self:custom.aws_region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${self:custom.aws_region}:${self:custom.aws_account_id}:function:My-Authorizer/invocations"
But CF gives a CREATE_FAILED for MyAuthorizer with the following Status reason:
Resource handler returned message: "Invalid request input (Service: ApiGateway, Status Code: 400, Request ID: <some-request-id>)" (RequestToken: <some-request-token>, HandlerErrorCode: AlreadyExists)
I've checked that MyAuthorizer is not already a resource in this stack.
Question: Why am I getting this error?
I managed to find a solution that works.
I don't think there is a way to achieve this using AWS::ApiGateway::Authorizer and a Lambda function that already exists in your account. If you are deploying a new function however, then this may work.
Instead, I exported a dummy API Gateway (Export as Swagger + API Gateway Extensions) that I created via the console, which has all the authorisation configuration I require. I then did this:
Resources:
ApiGateway:
Type: AWS::ApiGateway::RestApi
Properties:
Name: "${self:service}-test"
Body:
<exported YAML from above>