I am creating an API that has endpoints both secured and unsecured. I was able to add a Cognito User Pool Authorizer, but it seems to authenticate all endpoints and I cant figure out how to whitelist certain endpoints, while others use the Authorizer.
My Authorizer is defined in my resources:
resources: Resources: ApiGatewayAuthorizer: Type: AWS::ApiGatewayV2::Authorizer Properties: Name: Authorizer ApiId: Ref: HttpApi AuthorizerType: JWT JwtConfiguration: Audience: - users - admins Issuer: 'Fn::GetAtt': [ CognitoUserPool, ProviderURL ] IdentitySource: [ $request.header.Authorization ]
but I have a login endpoint and a profile endpoint, the later of which should authorize whilst the former should not.
functions: auth: handler: src/auth/app.handler role: ApiLambdaRole events: - httpApi: path: /auth/profile method: get authorizer: type: jwt id: Ref: ApiGatewayAuthorizer - httpApi: path: /auth/login method: put
The functions above do not validate
Event references external authorizer '[object Object]', but httpApi is part of the current stack., but I’m not sure what this actually means. If i remove the authorizer the entire API is protected, but I want to allow anonymous use of Login as it is the entry point to retrieve the JWT.
Am I supposed to implement a Custom Authorizer (that is explicitly permissive) to whitelist the login endpoint? I have found information on multiple authorizers, but not mixed Authenticated and Anonymous access. Any guidance would be greatly appreciated