Hi there, got the following scenario: my identity service returns a list of permissions for each tenant. My lambda authorizer calls an endpoint on identity service to check that the access token is valid and that it has the required permissions for the provided tenant. The tenant is passed via query string to the API Gateway endpoint but the authorizer has no way to know what the required permissions are, so for now I’ve been hardcoding them.
My function looks like this:
functions:
store:
handler: handlers/storer.handler
events:
- http:
path: data/services
method: post
authorizer:
arn: arn:aws:lambda:${env:REGION}:${env:ACCOUNT_ID}:function:${env:STAGE}-authorizer
identitySource: method.request.header.Authorization
type: request
Is there any way to pass a parameter from the API Gateway endpoint to the Lambda Authorizer other than the usual pathParameters or queryString? I was thinking to add them to the authorizer like this:
authorizer:
arn: arn:aws:lambda:${env:REGION}:${env:ACCOUNT_ID}:function:${env:STAGE}-authorizer
identitySource: method.request.header.Authorization
type: request
requiredActions: an:action:write
But I can’t see the requiredAction parameter anywhere in the event object of the Lambda Authorizer.