Serverless-application-model: Rebase and refactor ApiKeyRequired feature

Created on 22 Mar 2019 · 5Comments · Source: aws/serverless-application-model

This feature (https://github.com/awslabs/serverless-application-model/pull/444/files) was merged into a feature branch (https://github.com/awslabs/serverless-application-model/tree/feat/auth) while we worked on the design for Auth as a whole. Now that we have that, we should rebase this change and refactor it to use the Auth property so that we can get this merged into develop.

areserverless-api v1.14.0

Source

brettstack

Most helpful comment

This has come up at my company so I'd like to jump in on this.

Here is what I'm proposing to do:
Update the Auth property to include a new sub-property ApiKeyRequired: <boolean>. This will be supported on both the Api Auth Method and the Function Auth Method. The function level specification will override the API level.

For example:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: API Gateway with AWS IAM Authorizer
Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        ApiKeyRequired: true
        DefaultAuthorizer: AWS_IAM
        InvokeRole: CALLER_CREDENTIALS

  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs8.10
      Events:
        GetRoot:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /
            Method: get
            # This is a public endpoint
            Auth:
              Authorizer: NONE
              ApiKeyRequired: false
        GetOther:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /other
            Method: get

Outputs:
  ApiURL:
    Description: "API URL"
Value: !Sub 'https://${MyApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/'

cfbarbero on 20 May 2019

🎉2

All 5 comments

@tylersouthwick Would you be willing to do this? We'd love to get this out into an official release!

jlhood on 22 Mar 2019

👍1

This has come up at my company so I'd like to jump in on this.

For example:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: API Gateway with AWS IAM Authorizer
Resources:
  MyApi:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod
      Auth:
        ApiKeyRequired: true
        DefaultAuthorizer: AWS_IAM
        InvokeRole: CALLER_CREDENTIALS

  MyFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: .
      Handler: index.handler
      Runtime: nodejs8.10
      Events:
        GetRoot:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /
            Method: get
            # This is a public endpoint
            Auth:
              Authorizer: NONE
              ApiKeyRequired: false
        GetOther:
          Type: Api
          Properties:
            RestApiId: !Ref MyApi
            Path: /other
            Method: get

Outputs:
  ApiURL:
    Description: "API URL"
Value: !Sub 'https://${MyApi}.execute-api.${AWS::Region}.amazonaws.com/Prod/'

cfbarbero on 20 May 2019

🎉2

@cfbarbero Awesome!! What you're proposing looks like what we're expecting. Looking forward to seeing your PR! Feel free to reach out on this issue if you have questions.

jlhood on 21 May 2019

Pending v1.14.0 release

jlhood on 3 Jul 2019

Closing this issue as this is released in v1.14.0