How To

• How do I attach my custom Lambda function to authenticate my API Gateway requests?
• How do I stream my logs to Splunk?

How do I attach my custom Lambda function to authenticate my API Gateway requests?

• You can leverage AWS API Gateway's Custom Authorizer feature to enable Authentication and Authorization for your API resource. This can easily be done for APIs created using Jazz by updating your API's swagger.
• Lets see this through an example:
  • Using Jazz, create a Lambda function that will handle authentication. In this example, let's say we gave namespace as myNamespace and service name as myAuthorizer while choosing service type of function.
  • Now lets start updating the swagger (swagger/swagger.json) of your service (API).
  • Add a security definition node at the root (similar to here)

    "securityDefinitions": {
        "{envPrefix}-myNamespace-myAuthorizer": {
        "type": "apiKey",
        "name": "Authorization",
        "in": "header",
        "x-amazon-apigateway-authtype": "custom",
        "x-amazon-apigateway-authorizer": {
            "authorizerCredentials": "{conf-role}",
            "authorizerResultTtlInSeconds": 300,
            "authorizerUri": "arn:aws:apigateway:{conf-region}:lambda:path/2015-03-31/functions/arn:aws:lambda:{conf-region}:{conf-accId}:function:{envPrefix}-myNamespace-myAuthorizer-{envmnt}/invocations",
            "type": "token"
        }
        }
    }
    

  • For each API resource, that you want to protect, you will add a security section (similar to here). If you are enabling CORS, you don't want to add protection to your OPTIONS request.

    "security": [
        {
            "{envPrefix}-myNamespace-myAuthorizer": []
        }
    ]
    

How do I stream my logs to Splunk?