Documentation ¶
Index ¶
- func NewHttpIamAuthorizer_Override(h HttpIamAuthorizer)
- func NewHttpJwtAuthorizer_Override(h HttpJwtAuthorizer, id *string, jwtIssuer *string, ...)
- func NewHttpLambdaAuthorizer_Override(h HttpLambdaAuthorizer, id *string, handler awslambda.IFunction, ...)
- func NewHttpUserPoolAuthorizer_Override(h HttpUserPoolAuthorizer, id *string, pool awscognito.IUserPool, ...)
- func NewWebSocketIamAuthorizer_Override(w WebSocketIamAuthorizer)
- func NewWebSocketLambdaAuthorizer_Override(w WebSocketLambdaAuthorizer, id *string, handler awslambda.IFunction, ...)
- type HttpIamAuthorizer
- type HttpJwtAuthorizer
- type HttpJwtAuthorizerProps
- type HttpLambdaAuthorizer
- type HttpLambdaAuthorizerProps
- type HttpLambdaResponseType
- type HttpUserPoolAuthorizer
- type HttpUserPoolAuthorizerProps
- type WebSocketIamAuthorizer
- type WebSocketLambdaAuthorizer
- type WebSocketLambdaAuthorizerProps
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewHttpIamAuthorizer_Override ¶
func NewHttpIamAuthorizer_Override(h HttpIamAuthorizer)
func NewHttpJwtAuthorizer_Override ¶
func NewHttpJwtAuthorizer_Override(h HttpJwtAuthorizer, id *string, jwtIssuer *string, props *HttpJwtAuthorizerProps)
Initialize a JWT authorizer to be bound with HTTP route.
func NewHttpLambdaAuthorizer_Override ¶
func NewHttpLambdaAuthorizer_Override(h HttpLambdaAuthorizer, id *string, handler awslambda.IFunction, props *HttpLambdaAuthorizerProps)
Initialize a lambda authorizer to be bound with HTTP route.
func NewHttpUserPoolAuthorizer_Override ¶
func NewHttpUserPoolAuthorizer_Override(h HttpUserPoolAuthorizer, id *string, pool awscognito.IUserPool, props *HttpUserPoolAuthorizerProps)
Initialize a Cognito user pool authorizer to be bound with HTTP route.
func NewWebSocketIamAuthorizer_Override ¶
func NewWebSocketIamAuthorizer_Override(w WebSocketIamAuthorizer)
func NewWebSocketLambdaAuthorizer_Override ¶
func NewWebSocketLambdaAuthorizer_Override(w WebSocketLambdaAuthorizer, id *string, handler awslambda.IFunction, props *WebSocketLambdaAuthorizerProps)
Types ¶
type HttpIamAuthorizer ¶
type HttpIamAuthorizer interface { awsapigatewayv2.IHttpRouteAuthorizer // The authorizationType used for IAM Authorizer. AuthorizationType() awsapigatewayv2.HttpAuthorizerType // Bind this authorizer to a specified Http route. Bind(_options *awsapigatewayv2.HttpRouteAuthorizerBindOptions) *awsapigatewayv2.HttpRouteAuthorizerConfig }
Authorize HTTP API Routes with IAM.
Example:
import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var principal anyPrincipal authorizer := awscdk.NewHttpIamAuthorizer() httpApi := apigwv2.NewHttpApi(this, jsii.String("HttpApi"), &HttpApiProps{ DefaultAuthorizer: authorizer, }) routes := httpApi.AddRoutes(&AddRoutesOptions{ Integration: awscdk.NewHttpUrlIntegration(jsii.String("BooksIntegration"), jsii.String("https://get-books-proxy.example.com")), Path: jsii.String("/books/{book}"), }) routes[0].GrantInvoke(principal)
func NewHttpIamAuthorizer ¶
func NewHttpIamAuthorizer() HttpIamAuthorizer
type HttpJwtAuthorizer ¶
type HttpJwtAuthorizer interface { awsapigatewayv2.IHttpRouteAuthorizer // The authorizationType used for JWT Authorizer. AuthorizationType() *string // Return the id of the authorizer if it's been constructed. AuthorizerId() *string // Bind this authorizer to a specified Http route. Bind(options *awsapigatewayv2.HttpRouteAuthorizerBindOptions) *awsapigatewayv2.HttpRouteAuthorizerConfig }
Authorize Http Api routes on whether the requester is registered as part of an AWS Cognito user pool.
Example:
import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" issuer := "https://test.us.auth0.com" authorizer := awscdk.NewHttpJwtAuthorizer(jsii.String("BooksAuthorizer"), issuer, &HttpJwtAuthorizerProps{ JwtAudience: []*string{ jsii.String("3131231"), }, }) api := apigwv2.NewHttpApi(this, jsii.String("HttpApi")) api.AddRoutes(&AddRoutesOptions{ Integration: awscdk.NewHttpUrlIntegration(jsii.String("BooksIntegration"), jsii.String("https://get-books-proxy.example.com")), Path: jsii.String("/books"), Authorizer: Authorizer, })
func NewHttpJwtAuthorizer ¶
func NewHttpJwtAuthorizer(id *string, jwtIssuer *string, props *HttpJwtAuthorizerProps) HttpJwtAuthorizer
Initialize a JWT authorizer to be bound with HTTP route.
type HttpJwtAuthorizerProps ¶
type HttpJwtAuthorizerProps struct { // A list of the intended recipients of the JWT. // // A valid JWT must provide an aud that matches at least one entry in this list. JwtAudience *[]*string `field:"required" json:"jwtAudience" yaml:"jwtAudience"` // The name of the authorizer. // Default: - same value as `id` passed in the constructor. // AuthorizerName *string `field:"optional" json:"authorizerName" yaml:"authorizerName"` // The identity source for which authorization is requested. // Default: ['$request.header.Authorization'] // IdentitySource *[]*string `field:"optional" json:"identitySource" yaml:"identitySource"` }
Properties to initialize HttpJwtAuthorizer.
Example:
import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" issuer := "https://test.us.auth0.com" authorizer := awscdk.NewHttpJwtAuthorizer(jsii.String("BooksAuthorizer"), issuer, &HttpJwtAuthorizerProps{ JwtAudience: []*string{ jsii.String("3131231"), }, }) api := apigwv2.NewHttpApi(this, jsii.String("HttpApi")) api.AddRoutes(&AddRoutesOptions{ Integration: awscdk.NewHttpUrlIntegration(jsii.String("BooksIntegration"), jsii.String("https://get-books-proxy.example.com")), Path: jsii.String("/books"), Authorizer: Authorizer, })
type HttpLambdaAuthorizer ¶
type HttpLambdaAuthorizer interface { awsapigatewayv2.IHttpRouteAuthorizer // The authorizationType used for Lambda Authorizer. AuthorizationType() *string // Return the id of the authorizer if it's been constructed. AuthorizerId() *string // Bind this authorizer to a specified Http route. Bind(options *awsapigatewayv2.HttpRouteAuthorizerBindOptions) *awsapigatewayv2.HttpRouteAuthorizerConfig }
Authorize Http Api routes via a lambda function.
Example:
import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" // This function handles your auth logic var authHandler function authorizer := awscdk.NewHttpLambdaAuthorizer(jsii.String("BooksAuthorizer"), authHandler, &HttpLambdaAuthorizerProps{ ResponseTypes: []httpLambdaResponseType{ awscdk.HttpLambdaResponseType_SIMPLE, }, }) api := apigwv2.NewHttpApi(this, jsii.String("HttpApi")) api.AddRoutes(&AddRoutesOptions{ Integration: awscdk.NewHttpUrlIntegration(jsii.String("BooksIntegration"), jsii.String("https://get-books-proxy.example.com")), Path: jsii.String("/books"), Authorizer: Authorizer, })
func NewHttpLambdaAuthorizer ¶
func NewHttpLambdaAuthorizer(id *string, handler awslambda.IFunction, props *HttpLambdaAuthorizerProps) HttpLambdaAuthorizer
Initialize a lambda authorizer to be bound with HTTP route.
type HttpLambdaAuthorizerProps ¶
type HttpLambdaAuthorizerProps struct { // Friendly authorizer name. // Default: - same value as `id` passed in the constructor. // AuthorizerName *string `field:"optional" json:"authorizerName" yaml:"authorizerName"` // The identity source for which authorization is requested. // Default: ['$request.header.Authorization'] // IdentitySource *[]*string `field:"optional" json:"identitySource" yaml:"identitySource"` // The types of responses the lambda can return. // // If HttpLambdaResponseType.SIMPLE is included then // response format 2.0 will be used. // See: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html#http-api-lambda-authorizer.payload-format-response // // Default: [HttpLambdaResponseType.IAM] // ResponseTypes *[]HttpLambdaResponseType `field:"optional" json:"responseTypes" yaml:"responseTypes"` // How long APIGateway should cache the results. // // Max 1 hour. // Disable caching by setting this to `Duration.seconds(0)`. // Default: Duration.minutes(5) // ResultsCacheTtl awscdk.Duration `field:"optional" json:"resultsCacheTtl" yaml:"resultsCacheTtl"` }
Properties to initialize HttpTokenAuthorizer.
Example:
import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" // This function handles your auth logic var authHandler function authorizer := awscdk.NewHttpLambdaAuthorizer(jsii.String("BooksAuthorizer"), authHandler, &HttpLambdaAuthorizerProps{ ResponseTypes: []httpLambdaResponseType{ awscdk.HttpLambdaResponseType_SIMPLE, }, }) api := apigwv2.NewHttpApi(this, jsii.String("HttpApi")) api.AddRoutes(&AddRoutesOptions{ Integration: awscdk.NewHttpUrlIntegration(jsii.String("BooksIntegration"), jsii.String("https://get-books-proxy.example.com")), Path: jsii.String("/books"), Authorizer: Authorizer, })
type HttpLambdaResponseType ¶
type HttpLambdaResponseType string
Specifies the type responses the lambda returns.
const ( // Returns simple boolean response. HttpLambdaResponseType_SIMPLE HttpLambdaResponseType = "SIMPLE" // Returns an IAM Policy. HttpLambdaResponseType_IAM HttpLambdaResponseType = "IAM" )
type HttpUserPoolAuthorizer ¶
type HttpUserPoolAuthorizer interface { awsapigatewayv2.IHttpRouteAuthorizer // The authorizationType used for UserPool Authorizer. AuthorizationType() *string // Return the id of the authorizer if it's been constructed. AuthorizerId() *string // Bind this authorizer to a specified Http route. Bind(options *awsapigatewayv2.HttpRouteAuthorizerBindOptions) *awsapigatewayv2.HttpRouteAuthorizerConfig }
Authorize Http Api routes on whether the requester is registered as part of an AWS Cognito user pool.
Example:
import cognito "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" userPool := cognito.NewUserPool(this, jsii.String("UserPool")) authorizer := awscdk.NewHttpUserPoolAuthorizer(jsii.String("BooksAuthorizer"), userPool) api := apigwv2.NewHttpApi(this, jsii.String("HttpApi")) api.AddRoutes(&AddRoutesOptions{ Integration: awscdk.NewHttpUrlIntegration(jsii.String("BooksIntegration"), jsii.String("https://get-books-proxy.example.com")), Path: jsii.String("/books"), Authorizer: Authorizer, })
func NewHttpUserPoolAuthorizer ¶
func NewHttpUserPoolAuthorizer(id *string, pool awscognito.IUserPool, props *HttpUserPoolAuthorizerProps) HttpUserPoolAuthorizer
Initialize a Cognito user pool authorizer to be bound with HTTP route.
type HttpUserPoolAuthorizerProps ¶
type HttpUserPoolAuthorizerProps struct { // Friendly name of the authorizer. // Default: - same value as `id` passed in the constructor. // AuthorizerName *string `field:"optional" json:"authorizerName" yaml:"authorizerName"` // The identity source for which authorization is requested. // Default: ['$request.header.Authorization'] // IdentitySource *[]*string `field:"optional" json:"identitySource" yaml:"identitySource"` // The user pool clients that should be used to authorize requests with the user pool. // Default: - a new client will be created for the given user pool. // UserPoolClients *[]awscognito.IUserPoolClient `field:"optional" json:"userPoolClients" yaml:"userPoolClients"` // The AWS region in which the user pool is present. // Default: - same region as the Route the authorizer is attached to. // UserPoolRegion *string `field:"optional" json:"userPoolRegion" yaml:"userPoolRegion"` }
Properties to initialize HttpUserPoolAuthorizer.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" var userPoolClient userPoolClient httpUserPoolAuthorizerProps := &HttpUserPoolAuthorizerProps{ AuthorizerName: jsii.String("authorizerName"), IdentitySource: []*string{ jsii.String("identitySource"), }, UserPoolClients: []iUserPoolClient{ userPoolClient, }, UserPoolRegion: jsii.String("userPoolRegion"), }
type WebSocketIamAuthorizer ¶
type WebSocketIamAuthorizer interface { awsapigatewayv2.IWebSocketRouteAuthorizer // Bind this authorizer to a specified WebSocket route. Bind(_options *awsapigatewayv2.WebSocketRouteAuthorizerBindOptions) *awsapigatewayv2.WebSocketRouteAuthorizerConfig }
Authorize WebSocket API Routes with IAM.
Example:
import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" // This function handles your connect route var connectHandler function webSocketApi := apigwv2.NewWebSocketApi(this, jsii.String("WebSocketApi")) webSocketApi.AddRoute(jsii.String("$connect"), &WebSocketRouteOptions{ Integration: awscdk.NewWebSocketLambdaIntegration(jsii.String("Integration"), connectHandler), Authorizer: awscdk.NewWebSocketIamAuthorizer(), }) // Create an IAM user (identity) user := iam.NewUser(this, jsii.String("User")) webSocketArn := awscdk.stack_Of(this).FormatArn(&ArnComponents{ Service: jsii.String("execute-api"), Resource: webSocketApi.ApiId, }) // Grant access to the IAM user user.AttachInlinePolicy(iam.NewPolicy(this, jsii.String("AllowInvoke"), &PolicyProps{ Statements: []policyStatement{ iam.NewPolicyStatement(&PolicyStatementProps{ Actions: []*string{ jsii.String("execute-api:Invoke"), }, Effect: iam.Effect_ALLOW, Resources: []*string{ webSocketArn, }, }), }, }))
func NewWebSocketIamAuthorizer ¶
func NewWebSocketIamAuthorizer() WebSocketIamAuthorizer
type WebSocketLambdaAuthorizer ¶
type WebSocketLambdaAuthorizer interface { awsapigatewayv2.IWebSocketRouteAuthorizer // Bind this authorizer to a specified WebSocket route. Bind(options *awsapigatewayv2.WebSocketRouteAuthorizerBindOptions) *awsapigatewayv2.WebSocketRouteAuthorizerConfig }
Authorize WebSocket Api routes via a lambda function.
Example:
import "github.com/aws/aws-cdk-go/awscdk" import "github.com/aws/aws-cdk-go/awscdk" // This function handles your auth logic var authHandler function // This function handles your WebSocket requests var handler function authorizer := awscdk.NewWebSocketLambdaAuthorizer(jsii.String("Authorizer"), authHandler) integration := awscdk.NewWebSocketLambdaIntegration(jsii.String("Integration"), handler) apigwv2.NewWebSocketApi(this, jsii.String("WebSocketApi"), &WebSocketApiProps{ ConnectRouteOptions: &WebSocketRouteOptions{ Integration: *Integration, Authorizer: *Authorizer, }, })
func NewWebSocketLambdaAuthorizer ¶
func NewWebSocketLambdaAuthorizer(id *string, handler awslambda.IFunction, props *WebSocketLambdaAuthorizerProps) WebSocketLambdaAuthorizer
type WebSocketLambdaAuthorizerProps ¶
type WebSocketLambdaAuthorizerProps struct { // The name of the authorizer. // Default: - same value as `id` passed in the constructor. // AuthorizerName *string `field:"optional" json:"authorizerName" yaml:"authorizerName"` // The identity source for which authorization is requested. // // Request parameter match `'route.request.querystring|header.[a-zA-z0-9._-]+'`. // Staged variable match `'stageVariables.[a-zA-Z0-9._-]+'`. // Context parameter match `'context.[a-zA-Z0-9._-]+'`. // Default: ['route.request.header.Authorization'] // IdentitySource *[]*string `field:"optional" json:"identitySource" yaml:"identitySource"` }
Properties to initialize WebSocketTokenAuthorizer.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" webSocketLambdaAuthorizerProps := &WebSocketLambdaAuthorizerProps{ AuthorizerName: jsii.String("authorizerName"), IdentitySource: []*string{ jsii.String("identitySource"), }, }
Source Files ¶
- HttpIamAuthorizer.go
- HttpIamAuthorizer__checks.go
- HttpJwtAuthorizer.go
- HttpJwtAuthorizerProps.go
- HttpJwtAuthorizer__checks.go
- HttpLambdaAuthorizer.go
- HttpLambdaAuthorizerProps.go
- HttpLambdaAuthorizer__checks.go
- HttpLambdaResponseType.go
- HttpUserPoolAuthorizer.go
- HttpUserPoolAuthorizerProps.go
- HttpUserPoolAuthorizer__checks.go
- WebSocketIamAuthorizer.go
- WebSocketIamAuthorizer__checks.go
- WebSocketLambdaAuthorizer.go
- WebSocketLambdaAuthorizerProps.go
- WebSocketLambdaAuthorizer__checks.go
- main.go