Serverless framework plugin which allows to configure API Gateway authorizer globally and applies it for all http/httpApi lambda function events
Report Bug
·
Request Feature
Currently, serverless framework does not allow to specify authorizer globally for all API Gateway endpoints. This leads to configuration duplication and potential security issue in case someone forgot to apply authorizer to a new lambda function.
With this plugin you can configure authorizer globally, and it will be automatically
applied to all your http
or httpApi
lambda function events.
- Serverless framework >= 2.32
- Node.js >= 12
First you need to install it using your package manager.
npm install serverless-global-authorizer --save-dev
Then add it to plugins
section of your serverless configuration file.
plugins:
- serverless-global-authorizer
And the last thing is configuration of API Gateway authorizer
custom:
globalAuthorizer:
# if you use REST API Gateway
restApi:
authorizer: # configuration of authorizer looks the same as in serverless framework e.g. for lambda authorizer https://www.serverless.com/framework/docs/providers/aws/events/apigateway#http-endpoints-with-custom-authorizers
name: customAuthorizerRestApi
type: request
resultTtlInSeconds: 0
arn: arn:aws:lambda:us-east-1:11111111111:function:external
# if you use HTTP API Gateway
httpApi:
authorizer:
name: customAuthorizerHttpApi
provider:
name: aws
# if you use HTTP API Gateway
httpApi:
authorizers:
customAuthorizerHttpApi: # configuration of authorizer looks the same as in serverless framework e.g. for lambda authorizer https://www.serverless.com/framework/docs/providers/aws/events/http-api
type: request
functionArn: arn:aws:lambda:us-east-1:11111111111:function:external
After you define global authorizer under
custom.globalAuthorizer.restApi.authorizer
key - for REST API Gatewaycustom.globalAuthorizer.httpApi.authorizer
key - for HTTP API Gateway
plugin will apply iit for all http
or httpApi
events of your lambda functions.
If you don't want to apply global authorizer for given endpoint,
simply set globalAuthorizerEnabled
event property to false
.
e.g.
functions:
unprotected:
handler: src/function/open/handler.handle
events:
- http:
path: /open
method: get
globalAuthorizerEnabled: false
If your endpoint has authorizer specified in its config, plugin won't overwrite it
e.g.
functions:
iamProtected:
handler: src/function/iam-protected/handler.handle
events:
- http:
path: /open
method: get
authorizer:
type: aws_iam # IAM authorizer will be applied to this endpoint, plugin won't apply global authorizer here
Distributed under the MIT License. See LICENSE
for more information.