Search code examples
amazon-web-servicesaws-api-gatewayopenapi

Defining authorizer and using it in API Gateway using Open API

I am trying to define an authorizer and use it in a method using Open API Specification. For some reason the authorizer does not appear in the API Gateway Console after I deploy the template. Here's my template shortened:

    Type: AWS::Serverless::Api
    Properties:
      Name: !Sub "API Gateway"
      EndpointConfiguration:
        Type: REGIONAL
      DefinitionBody:
        openapi: 3.0.3
        info:
          title: 'APIs'
          version: 1.0.0
        paths:
          /callHistoryAsync:
            post:
              parameters:
              - name: 'xxxxx'
                in: 'query'
                required: true
                schema:
                  type: 'string'
              x-amazon-apigateway-integration:
                type: aws
                requestParameters:
                  integration.request.header.X-Amz-Invocation-Type: '''Event'''
                  integration.request.querystring.store_id: "method.request.querystring.xxxxx"
                httpMethod: POST
                uri: !Sub 'arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Function.Arn}/invocations'
                responses:
                  '202':
                    statusCode: '202'
                    selectionPattern: ""
              responses:
                '202':
                  description: successfully saved
              security:
                - Authorizer: []
 
        components:
          securitySchemes:
            Authorizer:
              type: 'request'
              name: 'Authorization'
              in: 'header'
              x-amazon-apigateway-authorizer:
                authorizerUri: !FindInMap [ !Ref StageName, !Ref "AWS::Region", AuthArn ]
                identitySource: 'method.request.header.X-Authorization,method.request.header.X-Date'
                type: 'request'

I defined the authorizer in components under securitySchemes and I am using it in the POST method specified under security.

But the authorizer does not appear in the console and neither does it appear under the method. What am I doing wrong?

Solution

  • I figured this out using the export property of the stage tab in API Gateway. I used an existing API Gateway that was defined using CloudFormation and exported it using Export as Swagger + API Gateway Extensions. This basically shows you all the syntax you want. Here's the screenshot where is this option in the console.

    enter image description here

    From that export I could see that I need to change my securitySchemes to this:

    components:
  securitySchemes:
    Authorizer:
      type: "apiKey"
      name: "Unused"
      in: "header"
      x-amazon-apigateway-authtype: "custom"
      x-amazon-apigateway-authorizer:
        authorizerUri: "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:xxxxxx:function:xxxxxxx/invocations"
        authorizerResultTtlInSeconds: 300
        identitySource: "method.request.header.Authorization, method.request.header.Date"
        type: "request"