Error while creating API Gateway authorizer using serverless

Serverless Framework
, ,
1 
```
service:
  name: ham-services-authorizer

custom:
  # Our stage is based on what is passed in when running serverless
  # commands. Or fallsback to what we have set in the provider section.
  stage: ${opt:stage, self:provider.stage}
  region: ${file(../config/config.${self:provider.stage}.yml):REGION}

provider:
  name: aws
  runtime: nodejs8.10
  stage: dev
  region: ${self:custom.region}

package:
  exclude:
   - node_modules/**/*

functions:
  HamAuthorizer:
    handler: ham-authorizer.HamAuthorizer

resources:
  Resources:
    ApiGatewayAuthorizer:
      Type: AWS::ApiGateway::Authorizer
      Properties:
        Name: api-${self:custom.stage}-authorizer
        Type: REQUEST
        AuthorizerUri:
          Fn::Join:
            - ''
            - 
              - 'arn:aws:apigateway:'
              - Ref: "AWS::Region"
              - ':lambda:path/2015-03-31/functions/'
              - Fn::GetAtt: "HamAuthorizerLambdaFunction.Arn"
              - "/invocations"
        RestApiId:
          'Fn::ImportValue': ${self:custom.stage}-ApiGatewayRestApiId
    ApiGatewayAuthorizerPermission:
      Type: AWS::Lambda::Permission
      Properties:
        FunctionName:
          Fn::GetAtt: HamAuthorizerLambdaFunction.Arn
        Action: lambda:InvokeFunction
        Principal:  
          Fn::Join: ["",["apigateway.", { Ref: "AWS::URLSuffix"}]]

  Outputs:
    HamAuthorizerRef:
      Value:
        Ref: ApiGatewayAuthorizer
      Export:
        Name: ham-authorizer-ref:${self:custom.stage}

plugins:
  - serverless-plugin-typescript
  - serverless-pseudo-parameters
```

This is how my serverless.yml file looks like for creating an authorizer for API Gateway. But when I deploy using sls deploy I am getting below error

Serverless Error --------------------------------------- An error occurred: ApiGatewayAuthorizer - Invalid request input (Service: AmazonApiGateway; Status Code: 400; Error Code: BadRequestException;

What could be wrong here?

1 Like
2

There isn’t any need to explicitly set the authorizer. You can do so when linking your handlers to the related http event instead as described here: https://serverless.com/framework/docs/providers/aws/events/apigateway/#http-endpoints-with-custom-authorizers

Serverless will automatically associate the authorizer to the endpoint triggering the Lambda function, even across services if you know the ARN of the authorizer function.

1 Like
3

Hi, Gareth:

Thanks for the tips. Following that I got my authorizer work with other services.
However by using ARN, each time if we redeployed authorizer, ARN’s value will change, then we have to update each service’s serverless.yml and redeploy each service. Do you have any suggestion to avoid this?

Thanks very much!

1 Like
4

I’ve recently encountered this same problem and discovered that even though the “IdentitySource” property is marked as optional in the CFN docs, it’s not. I was able to resolve my same problem by adding this property to my authorizer:

IdentitySource: method.request.header.Authorization

1 Like