What WebSocket API custom lambda authorizer should return in AWS API Gateway?
I'm trying to add a custom Lambda authorizer to my WebSocket API, but I'm stuck on what response needs to be returned.
My custom Lambda authorizer for the HTTP API looks like this. Based on the event, I simply return a result object, as shown in the example below.
function customHttpLambdaAuthorizer(event) {
const isValid = validate(event);
const result = {
isAuthorized: isValid === true,
context: {
message: "User authenticated"
}
};
return result;
}
When I tried to add a custom authorizer for a WebSocket and attempted to return a similar result, it didn't work. I found this example in the AWS documentation, but they use a policy, which I don't fully understand. I also have a feeling that the example is outdated because it uses callbacks, etc.
function customWebSocketLambdaAuthorizer(event) {
const isValid = validate(event);
const result = /* ? */;
return result;
}
Could someone clearly explain what a custom WebSocket Lambda authorizer should return, and why?
Thanks!
That documentation you listed is correct and shows the correct example for what it should return. When an authorizer is configured, AWS will add a processing step in the request pipeline that will call the authorizer and evaluate the result. It needs a policy to do this evaluation--that is just how the behind-the-scenes logic works to evaluate if something is authorized. If the returned policy indicates that the request is allowed, then the request continues through the rest of the pipeline.
From https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html:
This documentation talks about the output of the authorizer lambda and shows the response, such as this example:
{
"principalId": "user",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Deny",
"Resource": "arn:aws:execute-api:us-west-2:123456789012:ymy8tbxw7b/dev/GET/"
}
]
}
}
- When using the AWS CLI lambda invoke, is there a way to pass environment variables?
- error: failed to solve: failed commit on ref : unexpected status: 400 Bad Request
- Is the fanout pattern using AWS SNS ans SQS reliable?
- API Gateway: JSON 5+ MB Gives error "413, Request Too Long"
- What are the deployment tools used in hybrid cloud
- Delete/Update DynamoDB entries with AWS API
- aws cli ec2 describe-instances table output
- Deploying a microservice with Tensorflow at AWS Lambda
- Issue when using Terraform to manage credentials that access RDS database
- Predictive Auto Scaling for AWS ECS Services
- vitejs build with jsx returning MIME error on aws amplify
- AWS API Gateway : Execution failed due to configuration error: No match for output mapping and no default output mapping configured
- Is there any way to Block request from Postman or other apps to call Restful API
- EC2 user permissions for var/www directory
- How can I recover deleted AWS Lambda code?
- How to discard changes in AWS lambda function inline editor?
- AWS equivalent for Azure Resourcegroup
- Lambda Function to Delete Object after interrogation of file, triggered by S3 Create event not deleting file
- AWS Java SDK v2.0: How to handle providing indexNames at runtime rather than using annotation
- How can I get all thing names from a thing group in AWS IoT Core using a Lambda function?
- AWS CloudFormation is stuck on DELETED_FAILED status
- count value depends on resource attributes that cannot be determined until apply in module
- GraphQL documentation strings (""") not showing up in AWS AppSync Documentation Explorer
- How to check if Python app is running within AWS lambda function?
- how to add raster data using mapbox gl js?
- AWS Application Load Balancer transforms all headers to lower case
- Aws cross-account backup copy and restoration failing due to insufficient privileges
- CDK - S3 notification causing cyclic reference error
- aws beanstalk 403 error while deploying
- Docker commands hanging with no response