amazon-web-servicesaws-cloudformationserverless

Why is CloudFormation saying AlreadyExists when creating a AWS::ApiGateway::Authorizer


I have an existing Lambda function called My-Authorizer. I'm trying to deploy an API Gateway using Serverless, with CloudFormation (CF) resources, one of which is an authorizer that targets this Lambda.

Resources:
  ApiGateway:
    Type: AWS::ApiGateway::RestApi
    Properties:
      Name: "${self:service}-test"

  # other resources

  MyAuthorizer:
    Type: AWS::ApiGateway::Authorizer
    DependsOn: ApiGateway
    Properties:
      Name: My-Authorizer
      Type: REQUEST
      RestApiId:
        Ref: ApiGateway
      AuthorizerUri: "arn:aws:apigateway:${self:custom.aws_region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${self:custom.aws_region}:${self:custom.aws_account_id}:function:My-Authorizer/invocations"

But CF gives a CREATE_FAILED for MyAuthorizer with the following Status reason:

Resource handler returned message: "Invalid request input (Service: ApiGateway, Status Code: 400, Request ID: <some-request-id>)" (RequestToken: <some-request-token>, HandlerErrorCode: AlreadyExists)

I've checked that MyAuthorizer is not already a resource in this stack.

Question: Why am I getting this error?


Solution

  • I managed to find a solution that works.

    I don't think there is a way to achieve this using AWS::ApiGateway::Authorizer and a Lambda function that already exists in your account. If you are deploying a new function however, then this may work.

    Instead, I exported a dummy API Gateway (Export as Swagger + API Gateway Extensions) that I created via the console, which has all the authorisation configuration I require. I then did this:

    Resources:
      ApiGateway:
        Type: AWS::ApiGateway::RestApi
        Properties:
          Name: "${self:service}-test"
          Body:
            # <exported YAML from above>