Share authorizer with TOKEN type

Serverless Framework
, ,
9

Ok i quite solved my problem by making the 2 stacks (serverless service) share a unique Api Gateway. Here is my final code :

service: authorizer-stack

functions:
 authorizer:
   handler: authorizer.handler

 hello:
   handler: hello.handler
   events:
     - http:
         path: hello
         method: get
         authorizer:
           type: CUSTOM
           authorizerId:
             Ref: Authorizer

resources:
 Resources:
   AuthorizerPermission:
     Type: AWS::Lambda::Permission
     Properties:
         FunctionName:
             Fn::GetAtt: AuthorizerLambdaFunction.Arn
         Action: lambda:InvokeFunction
         Principal:
           Fn::Join: ["",["apigateway.", { Ref: "AWS::URLSuffix"}]]
   Authorizer:
     DependsOn:
       - ApiGatewayRestApi
     Type: AWS::ApiGateway::Authorizer
     Properties: 
       Name: ${self:provider.stage}-Authorizer
       RestApiId: { "Ref" : "ApiGatewayRestApi" }
       Type: TOKEN
       IdentitySource: method.request.header.Authorization
       AuthorizerResultTtlInSeconds: 300
       AuthorizerUri:
         Fn::Join:
           - ''
           - 
             - 'arn:aws:apigateway:'
             - Ref: "AWS::Region"
             - ':lambda:path/2015-03-31/functions/'
             - Fn::GetAtt: "AuthorizerLambdaFunction.Arn"
             - "/invocations"

 Outputs:
   AuthorizerId:
     Value:
       Ref: Authorizer
     Export:
       Name: ${self:service}-${self:provider.stage}-authorizerId
   apiGatewayRestApiId:
     Value:
       Ref: ApiGatewayRestApi
     Export:
       Name: ${self:service}-${self:provider.stage}-restApiId
   apiGatewayRestApiRootResourceId:
     Value:
        Fn::GetAtt:
         - ApiGatewayRestApi
         - RootResourceId
     Export:
       Name: ${self:service}-${self:provider.stage}-rootResourceId

And then import it

provider:
  # Next lines enable same api gateway usage but different cloudformation stacks
  apiGateway:
    restApiId:
      Fn::ImportValue: authorizer-stack-${self:provider.stage}-restApiId
    restApiRootResourceId:
      Fn::ImportValue: authorizer-stack-${self:provider.stage}-rootResourceId
functions:
  helloWorld:
    handler: hello.handler
    events:
      - http:
          path: hello-world
          method: get
          authorizer:
            type: CUSTOM
            authorizerId: !ImportValue authorizer-stack-${self:provider.stage}-authorizerId

Nevertheless this solution doesn’t fit my needs. I would like to have different Apis of ApiGateway sharing the same authorizer so when i change the configuration of the authorizer, all Apis are affected.

Do you think it could be possible, even inside the aws console ? Otherwise i will submit a feature request to AWS :wink:

In all cases, thanks for your very generous help !

3 Likes