aws-apigw-authorizer
Advanced tools
Readme
It can be used as-is, in which case a default AWS IAM policy is used that allows access to all resources in the API using any HTTP method.
Configure through Lambda environment variables (see below).
const lambdaAuthorizer = new (require('aws-apigw-authorizer')).ApiGatewayAuthorizer();
exports.handler = lambdaAuthorizer.handler.bind(lambdaAuthorizer);
Optionally, a custom function can be provided (as constructor argument) for building custom AWS IAM policies. The custom function will be called after succesfull authentication.
function customPolicyBuilder(event, principal, decodedJwt) {
// event: the raw event that the authorizer lambda function receives from API Gateway
// principal: the username of the authenticated user
// decodedJwt: the decoded JWT. Only present if authentication was based on JWT
return {
"principalId": "your principal - just a name",
"policyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": [
"arn:aws:execute-api:eu-west-1:region:api-id/stage/*/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"213.149.225.141/32"
]
}
}
}
]
}
}
}
const lambdaAuthorizer = new (require('aws-apigw-authorizer')).ApiGatewayAuthorizer(customPolicyBuilder);
exports.handler = lambdaAuthorizer.handler.bind(lambdaAuthorizer);
Your lambda function should be configured using the following environment variables.
It is mandatory to explicitly specify which remote IP adresses/address rangers are allowed to access the API.
ALLOWED_IP_ADDRESSES can be set to 0.0.0.0/0 for public access.
Individual IP-addresses can be specified, or ranges using CIDR-notation, multiple entries separated bij comma's.
Example:
ALLOWED_IP_ADDRESSES=213.149.225.141/32,213.149.225.141
Users allowed access through HTTP Basic Authentication can be configured as follows:
BASIC_AUTH_USER_mike=mikespassword
BASIC_AUTH_USER_lisa=lisaspassword
This is an optional environment key, without which Basic Authentication is not enabled.
For JWT authentication provide a value for AUDIENCE_URI, ISSUER_URI and JWKS_URI
Example:
AUDIENCE_URI=123456cc-cd12-1234-ff66-7897fabcd12
ISSUER_URI=https://sts.yourserver.com/876abc-ab12-8765-ff43-75232abc/
JWKS_URI=https://login.yourserver.com/common/discovery/keys'
These are optional environment keys, without which JWT Authentication is not enabled.
FAQs
AWS Lambda Authorizer for API Gateway
The npm package aws-apigw-authorizer receives a total of 41 weekly downloads. As such, aws-apigw-authorizer popularity was classified as not popular.
We found that aws-apigw-authorizer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
ua-parser-js is set to drop the MIT license and adopt a controversial dual AGPLv3 + PRO licensing model in its upcoming v2.0 release, raising significant concerns among developers and enterprise users.
Security News
Researchers recently demonstrated that the npm Registry is vulnerable to cache poisoning combined with DoS, posing significant risks for package availability.
Security News
The June TC39 meeting wrapped up this week with eight proposals moving on to the next stage. Here's a quick roundup of the features that the committee approved to advance.