I am creating an API that has endpoints both secured and unsecured. I was able to add a Cognito User Pool Authorizer, but it seems to authenticate all endpoints and I cant figure out how to whitelist certain endpoints, while others use the Authorizer.
My Authorizer is defined in my resources:
resources:
Resources:
ApiGatewayAuthorizer:
Type: AWS::ApiGatewayV2::Authorizer
Properties:
Name: Authorizer
ApiId:
Ref: HttpApi
AuthorizerType: JWT
JwtConfiguration:
Audience:
- users
- admins
Issuer:
'Fn::GetAtt': [ CognitoUserPool, ProviderURL ]
IdentitySource: [ $request.header.Authorization ]
but I have a login endpoint and a profile endpoint, the later of which should authorize whilst the former should not.
functions:
auth:
handler: src/auth/app.handler
role: ApiLambdaRole
events:
- httpApi:
path: /auth/profile
method: get
authorizer:
type: jwt
id:
Ref: ApiGatewayAuthorizer
- httpApi:
path: /auth/login
method: put
The functions above do not validate Event references external authorizer '[object Object]', but httpApi is part of the current stack., but I’m not sure what this actually means. If i remove the authorizer the entire API is protected, but I want to allow anonymous use of Login as it is the entry point to retrieve the JWT.
Am I supposed to implement a Custom Authorizer (that is explicitly permissive) to whitelist the login endpoint? I have found information on multiple authorizers, but not mixed Authenticated and Anonymous access. Any guidance would be greatly appreciated 