README
¶
CDK Lambda TokenAuthorizer JWT
Add a lambda function to your project which can be used as a apigateway token authorizer
Install
TypeScript
npm install @cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt
yarn add @cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt
Python
pip install cloudy-with-a-chance-of-meatballs.cdk-lambda-token-authorizer-jwt
Usage
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as apigateway from 'aws-cdk-lib/aws-apigateway';
//### EXAMPLE: import the function
import { TokenAuthorizerJwtFunction } from "@cloudy-with-a-chance-of-meatballs/cdk-lambda-token-authorizer-jwt";
//### END
export class HelloworldStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const api = new apigateway.RestApi(this, 'ApiName', {});
//### EXAMPLE: init the function
const tokenAuthFunction = new TokenAuthorizerJwtFunction(this, 'lambdaFunctionName', {
environment: {
// PROVIDE VARIABLES
TOKEN_AUTHORIZER_JWKS_URI: 'https://example.auth0.com/.well-known/jwks.json',
TOKEN_AUTHORIZER_JWKS_KID: 'SOME_KID_FROM_JWKS_RESPONSE',
// OR
TOKEN_AUTHORIZER_JWT_VERIFICATION_SECRET: 'A_PUBLIC_KEY_OR_SYMETRIC_SECRET'
}
});
//### END
const tokenAuthorizer = new apigateway.TokenAuthorizer(this, 'tokenAuthorizerName', {
//### EXAMPLE: use as handler
handler: tokenAuthFunction
//### END
});
// ...
const someMethod = SOMEAPIRESOURCE.addMethod("GET", SOMETARGETINTEGRATION, { authorizer: tokenAuthorizer });
}
}
Documentation
¶
Overview ¶
cdk-lambda-token-authorizer-jwt
cdk-lambda-token-authorizer-jwt
Index ¶
- func NewTokenAuthorizerJwtFunction_Override(t TokenAuthorizerJwtFunction, scope constructs.Construct, id *string, ...)
- func TokenAuthorizerJwtFunction_ClassifyVersionProperty(propertyName *string, locked *bool)
- func TokenAuthorizerJwtFunction_FromFunctionArn(scope constructs.Construct, id *string, functionArn *string) awslambda.IFunction
- func TokenAuthorizerJwtFunction_FromFunctionAttributes(scope constructs.Construct, id *string, attrs *awslambda.FunctionAttributes) awslambda.IFunction
- func TokenAuthorizerJwtFunction_IsConstruct(x interface{}) *bool
- func TokenAuthorizerJwtFunction_IsResource(construct constructs.IConstruct) *bool
- func TokenAuthorizerJwtFunction_MetricAll(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
- func TokenAuthorizerJwtFunction_MetricAllConcurrentExecutions(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
- func TokenAuthorizerJwtFunction_MetricAllDuration(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
- func TokenAuthorizerJwtFunction_MetricAllErrors(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
- func TokenAuthorizerJwtFunction_MetricAllInvocations(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
- func TokenAuthorizerJwtFunction_MetricAllThrottles(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
- func TokenAuthorizerJwtFunction_MetricAllUnreservedConcurrentExecutions(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
- type TokenAuthorizerJwtFunction
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewTokenAuthorizerJwtFunction_Override ¶
func NewTokenAuthorizerJwtFunction_Override(t TokenAuthorizerJwtFunction, scope constructs.Construct, id *string, props *awslambda.FunctionOptions)
Experimental.
func TokenAuthorizerJwtFunction_ClassifyVersionProperty ¶
Record whether specific properties in the `AWS::Lambda::Function` resource should also be associated to the Version resource.
See 'currentVersion' section in the module README for more details. Experimental.
func TokenAuthorizerJwtFunction_FromFunctionArn ¶
func TokenAuthorizerJwtFunction_FromFunctionArn(scope constructs.Construct, id *string, functionArn *string) awslambda.IFunction
Import a lambda function into the CDK using its ARN. Experimental.
func TokenAuthorizerJwtFunction_FromFunctionAttributes ¶
func TokenAuthorizerJwtFunction_FromFunctionAttributes(scope constructs.Construct, id *string, attrs *awslambda.FunctionAttributes) awslambda.IFunction
Creates a Lambda function object which represents a function not defined within this stack. Experimental.
func TokenAuthorizerJwtFunction_IsConstruct ¶
func TokenAuthorizerJwtFunction_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead.
func TokenAuthorizerJwtFunction_IsResource ¶
func TokenAuthorizerJwtFunction_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func TokenAuthorizerJwtFunction_MetricAll ¶
func TokenAuthorizerJwtFunction_MetricAll(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
Return the given named metric for this Lambda. Experimental.
func TokenAuthorizerJwtFunction_MetricAllConcurrentExecutions ¶
func TokenAuthorizerJwtFunction_MetricAllConcurrentExecutions(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
Metric for the number of concurrent executions across all Lambdas. Experimental.
func TokenAuthorizerJwtFunction_MetricAllDuration ¶
func TokenAuthorizerJwtFunction_MetricAllDuration(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
Metric for the Duration executing all Lambdas. Experimental.
func TokenAuthorizerJwtFunction_MetricAllErrors ¶
func TokenAuthorizerJwtFunction_MetricAllErrors(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
Metric for the number of Errors executing all Lambdas. Experimental.
func TokenAuthorizerJwtFunction_MetricAllInvocations ¶
func TokenAuthorizerJwtFunction_MetricAllInvocations(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
Metric for the number of invocations of all Lambdas. Experimental.
func TokenAuthorizerJwtFunction_MetricAllThrottles ¶
func TokenAuthorizerJwtFunction_MetricAllThrottles(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
Metric for the number of throttled invocations of all Lambdas. Experimental.
func TokenAuthorizerJwtFunction_MetricAllUnreservedConcurrentExecutions ¶
func TokenAuthorizerJwtFunction_MetricAllUnreservedConcurrentExecutions(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
Metric for the number of unreserved concurrent executions across all Lambdas. Experimental.
Types ¶
type TokenAuthorizerJwtFunction ¶
type TokenAuthorizerJwtFunction interface {
awslambda.Function
// The architecture of this Lambda Function (this is an optional attribute and defaults to X86_64).
// Experimental.
Architecture() awslambda.Architecture
// Whether the addPermission() call adds any permissions.
//
// True for new Lambdas, false for version $LATEST and imported Lambdas
// from different accounts.
// Experimental.
CanCreatePermissions() *bool
// Access the Connections object.
//
// Will fail if not a VPC-enabled Lambda Function.
// Experimental.
Connections() awsec2.Connections
// Returns a `lambda.Version` which represents the current version of this Lambda function. A new version will be created every time the function's configuration changes.
//
// You can specify options for this version using the `currentVersionOptions`
// prop when initializing the `lambda.Function`.
// Experimental.
CurrentVersion() awslambda.Version
// The DLQ associated with this Lambda Function (this is an optional attribute).
// Experimental.
DeadLetterQueue() awssqs.IQueue
// The environment this resource belongs to.
//
// For resources that are created and managed by the CDK
// (generally, those created by creating new class instances like Role, Bucket, etc.),
// this is always the same as the environment of the stack they belong to;
// however, for imported resources
// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
// that might be different than the stack they were imported into.
// Experimental.
Env() *awscdk.ResourceEnvironment
// ARN of this function.
// Experimental.
FunctionArn() *string
// Name of this function.
// Experimental.
FunctionName() *string
// The principal this Lambda Function is running as.
// Experimental.
GrantPrincipal() awsiam.IPrincipal
// Whether or not this Lambda function was bound to a VPC.
//
// If this is is `false`, trying to access the `connections` object will fail.
// Experimental.
IsBoundToVpc() *bool
// The `$LATEST` version of this function.
//
// Note that this is reference to a non-specific AWS Lambda version, which
// means the function this version refers to can return different results in
// different invocations.
//
// To obtain a reference to an explicit version which references the current
// function configuration, use `lambdaFunction.currentVersion` instead.
// Experimental.
LatestVersion() awslambda.IVersion
// The LogGroup where the Lambda function's logs are made available.
//
// If either `logRetention` is set or this property is called, a CloudFormation custom resource is added to the stack that
// pre-creates the log group as part of the stack deployment, if it already doesn't exist, and sets the correct log retention
// period (never expire, by default).
//
// Further, if the log group already exists and the `logRetention` is not set, the custom resource will reset the log retention
// to never expire even if it was configured with a different value.
// Experimental.
LogGroup() awslogs.ILogGroup
// The tree node.
// Experimental.
Node() constructs.Node
// The construct node where permissions are attached.
// Experimental.
PermissionsNode() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
// Experimental.
PhysicalName() *string
// Execution role associated with this function.
// Experimental.
Role() awsiam.IRole
// The runtime configured for this lambda.
// Experimental.
Runtime() awslambda.Runtime
// The stack in which this resource is defined.
// Experimental.
Stack() awscdk.Stack
// The timeout configured for this lambda.
// Experimental.
Timeout() awscdk.Duration
// Adds an environment variable to this Lambda function.
//
// If this is a ref to a Lambda function, this operation results in a no-op.
// Experimental.
AddEnvironment(key *string, value *string, options *awslambda.EnvironmentOptions) awslambda.Function
// Adds an event source to this function.
//
// Event sources are implemented in the @aws-cdk/aws-lambda-event-sources module.
//
// The following example adds an SQS Queue as an event source:
// “`
// import { SqsEventSource } from '@aws-cdk/aws-lambda-event-sources';
// myFunction.addEventSource(new SqsEventSource(myQueue));
// “`.
// Experimental.
AddEventSource(source awslambda.IEventSource)
// Adds an event source that maps to this AWS Lambda function.
// Experimental.
AddEventSourceMapping(id *string, options *awslambda.EventSourceMappingOptions) awslambda.EventSourceMapping
// Adds one or more Lambda Layers to this Lambda function.
// Experimental.
AddLayers(layers ...awslambda.ILayerVersion)
// Adds a permission to the Lambda resource policy.
// See: Permission for details.
//
// Experimental.
AddPermission(id *string, permission *awslambda.Permission)
// Adds a statement to the IAM role assumed by the instance.
// Experimental.
AddToRolePolicy(statement awsiam.PolicyStatement)
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
// Experimental.
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
// Configures options for asynchronous invocation.
// Experimental.
ConfigureAsyncInvoke(options *awslambda.EventInvokeConfigOptions)
// Experimental.
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
// Experimental.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
// Experimental.
GetResourceNameAttribute(nameAttr *string) *string
// Grant the given identity permissions to invoke this Lambda.
// Experimental.
GrantInvoke(grantee awsiam.IGrantable) awsiam.Grant
// Return the given named metric for this Function.
// Experimental.
Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// How long execution of this Lambda takes.
//
// Average over 5 minutes.
// Experimental.
MetricDuration(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// How many invocations of this Lambda fail.
//
// Sum over 5 minutes.
// Experimental.
MetricErrors(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// How often this Lambda is invoked.
//
// Sum over 5 minutes.
// Experimental.
MetricInvocations(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// How often this Lambda is throttled.
//
// Sum over 5 minutes.
// Experimental.
MetricThrottles(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
// Returns a string representation of this construct.
// Experimental.
ToString() *string
}
Experimental.
func NewTokenAuthorizerJwtFunction ¶
func NewTokenAuthorizerJwtFunction(scope constructs.Construct, id *string, props *awslambda.FunctionOptions) TokenAuthorizerJwtFunction
Experimental.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.