AWS SDK for C++  1.8.182
AWS SDK for C++
Public Member Functions | List of all members
Aws::APIGateway::Model::Authorizer Class Reference

#include <Authorizer.h>

Public Member Functions

 Authorizer ()
 
 Authorizer (Aws::Utils::Json::JsonView jsonValue)
 
Authorizeroperator= (Aws::Utils::Json::JsonView jsonValue)
 
Aws::Utils::Json::JsonValue Jsonize () const
 
const Aws::StringGetId () const
 
bool IdHasBeenSet () const
 
void SetId (const Aws::String &value)
 
void SetId (Aws::String &&value)
 
void SetId (const char *value)
 
AuthorizerWithId (const Aws::String &value)
 
AuthorizerWithId (Aws::String &&value)
 
AuthorizerWithId (const char *value)
 
const Aws::StringGetName () const
 
bool NameHasBeenSet () const
 
void SetName (const Aws::String &value)
 
void SetName (Aws::String &&value)
 
void SetName (const char *value)
 
AuthorizerWithName (const Aws::String &value)
 
AuthorizerWithName (Aws::String &&value)
 
AuthorizerWithName (const char *value)
 
const AuthorizerTypeGetType () const
 
bool TypeHasBeenSet () const
 
void SetType (const AuthorizerType &value)
 
void SetType (AuthorizerType &&value)
 
AuthorizerWithType (const AuthorizerType &value)
 
AuthorizerWithType (AuthorizerType &&value)
 
const Aws::Vector< Aws::String > & GetProviderARNs () const
 
bool ProviderARNsHasBeenSet () const
 
void SetProviderARNs (const Aws::Vector< Aws::String > &value)
 
void SetProviderARNs (Aws::Vector< Aws::String > &&value)
 
AuthorizerWithProviderARNs (const Aws::Vector< Aws::String > &value)
 
AuthorizerWithProviderARNs (Aws::Vector< Aws::String > &&value)
 
AuthorizerAddProviderARNs (const Aws::String &value)
 
AuthorizerAddProviderARNs (Aws::String &&value)
 
AuthorizerAddProviderARNs (const char *value)
 
const Aws::StringGetAuthType () const
 
bool AuthTypeHasBeenSet () const
 
void SetAuthType (const Aws::String &value)
 
void SetAuthType (Aws::String &&value)
 
void SetAuthType (const char *value)
 
AuthorizerWithAuthType (const Aws::String &value)
 
AuthorizerWithAuthType (Aws::String &&value)
 
AuthorizerWithAuthType (const char *value)
 
const Aws::StringGetAuthorizerUri () const
 
bool AuthorizerUriHasBeenSet () const
 
void SetAuthorizerUri (const Aws::String &value)
 
void SetAuthorizerUri (Aws::String &&value)
 
void SetAuthorizerUri (const char *value)
 
AuthorizerWithAuthorizerUri (const Aws::String &value)
 
AuthorizerWithAuthorizerUri (Aws::String &&value)
 
AuthorizerWithAuthorizerUri (const char *value)
 
const Aws::StringGetAuthorizerCredentials () const
 
bool AuthorizerCredentialsHasBeenSet () const
 
void SetAuthorizerCredentials (const Aws::String &value)
 
void SetAuthorizerCredentials (Aws::String &&value)
 
void SetAuthorizerCredentials (const char *value)
 
AuthorizerWithAuthorizerCredentials (const Aws::String &value)
 
AuthorizerWithAuthorizerCredentials (Aws::String &&value)
 
AuthorizerWithAuthorizerCredentials (const char *value)
 
const Aws::StringGetIdentitySource () const
 
bool IdentitySourceHasBeenSet () const
 
void SetIdentitySource (const Aws::String &value)
 
void SetIdentitySource (Aws::String &&value)
 
void SetIdentitySource (const char *value)
 
AuthorizerWithIdentitySource (const Aws::String &value)
 
AuthorizerWithIdentitySource (Aws::String &&value)
 
AuthorizerWithIdentitySource (const char *value)
 
const Aws::StringGetIdentityValidationExpression () const
 
bool IdentityValidationExpressionHasBeenSet () const
 
void SetIdentityValidationExpression (const Aws::String &value)
 
void SetIdentityValidationExpression (Aws::String &&value)
 
void SetIdentityValidationExpression (const char *value)
 
AuthorizerWithIdentityValidationExpression (const Aws::String &value)
 
AuthorizerWithIdentityValidationExpression (Aws::String &&value)
 
AuthorizerWithIdentityValidationExpression (const char *value)
 
int GetAuthorizerResultTtlInSeconds () const
 
bool AuthorizerResultTtlInSecondsHasBeenSet () const
 
void SetAuthorizerResultTtlInSeconds (int value)
 
AuthorizerWithAuthorizerResultTtlInSeconds (int value)
 

Detailed Description

Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.

See Also:

AWS API Reference

Definition at line 39 of file Authorizer.h.

Constructor & Destructor Documentation

◆ Authorizer() [1/2]

Aws::APIGateway::Model::Authorizer::Authorizer ( )

◆ Authorizer() [2/2]

Aws::APIGateway::Model::Authorizer::Authorizer ( Aws::Utils::Json::JsonView  jsonValue)

Member Function Documentation

◆ AddProviderARNs() [1/3]

Authorizer& Aws::APIGateway::Model::Authorizer::AddProviderARNs ( Aws::String &&  value)
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 249 of file Authorizer.h.

◆ AddProviderARNs() [2/3]

Authorizer& Aws::APIGateway::Model::Authorizer::AddProviderARNs ( const Aws::String value)
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 240 of file Authorizer.h.

◆ AddProviderARNs() [3/3]

Authorizer& Aws::APIGateway::Model::Authorizer::AddProviderARNs ( const char *  value)
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 258 of file Authorizer.h.

◆ AuthorizerCredentialsHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::AuthorizerCredentialsHasBeenSet ( ) const
inline

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Definition at line 445 of file Authorizer.h.

◆ AuthorizerResultTtlInSecondsHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::AuthorizerResultTtlInSecondsHasBeenSet ( ) const
inline

The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.

Definition at line 800 of file Authorizer.h.

◆ AuthorizerUriHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::AuthorizerUriHasBeenSet ( ) const
inline

Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations.

Definition at line 338 of file Authorizer.h.

◆ AuthTypeHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::AuthTypeHasBeenSet ( ) const
inline

Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Definition at line 271 of file Authorizer.h.

◆ GetAuthorizerCredentials()

const Aws::String& Aws::APIGateway::Model::Authorizer::GetAuthorizerCredentials ( ) const
inline

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Definition at line 437 of file Authorizer.h.

◆ GetAuthorizerResultTtlInSeconds()

int Aws::APIGateway::Model::Authorizer::GetAuthorizerResultTtlInSeconds ( ) const
inline

The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.

Definition at line 792 of file Authorizer.h.

◆ GetAuthorizerUri()

const Aws::String& Aws::APIGateway::Model::Authorizer::GetAuthorizerUri ( ) const
inline

Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations.

Definition at line 323 of file Authorizer.h.

◆ GetAuthType()

const Aws::String& Aws::APIGateway::Model::Authorizer::GetAuthType ( ) const
inline

Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Definition at line 265 of file Authorizer.h.

◆ GetId()

const Aws::String& Aws::APIGateway::Model::Authorizer::GetId ( ) const
inline

The identifier for the authorizer resource.

Definition at line 51 of file Authorizer.h.

◆ GetIdentitySource()

const Aws::String& Aws::APIGateway::Model::Authorizer::GetIdentitySource ( ) const
inline

The identity source for which authorization is requested.

  • For a TOKEN or COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is Auth, the header mapping expression is method.request.header.Auth.
  • For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is method.request.header.Auth, method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

Definition at line 518 of file Authorizer.h.

◆ GetIdentityValidationExpression()

const Aws::String& Aws::APIGateway::Model::Authorizer::GetIdentityValidationExpression ( ) const
inline

A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.

Definition at line 699 of file Authorizer.h.

◆ GetName()

const Aws::String& Aws::APIGateway::Model::Authorizer::GetName ( ) const
inline

[Required] The name of the authorizer.

Definition at line 92 of file Authorizer.h.

◆ GetProviderARNs()

const Aws::Vector<Aws::String>& Aws::APIGateway::Model::Authorizer::GetProviderARNs ( ) const
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 186 of file Authorizer.h.

◆ GetType()

const AuthorizerType& Aws::APIGateway::Model::Authorizer::GetType ( ) const
inline

The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.

Definition at line 136 of file Authorizer.h.

◆ IdentitySourceHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::IdentitySourceHasBeenSet ( ) const
inline

The identity source for which authorization is requested.

  • For a TOKEN or COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is Auth, the header mapping expression is method.request.header.Auth.
  • For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is method.request.header.Auth, method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

Definition at line 542 of file Authorizer.h.

◆ IdentityValidationExpressionHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::IdentityValidationExpressionHasBeenSet ( ) const
inline

A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.

Definition at line 711 of file Authorizer.h.

◆ IdHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::IdHasBeenSet ( ) const
inline

The identifier for the authorizer resource.

Definition at line 56 of file Authorizer.h.

◆ Jsonize()

Aws::Utils::Json::JsonValue Aws::APIGateway::Model::Authorizer::Jsonize ( ) const

◆ NameHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::NameHasBeenSet ( ) const
inline

[Required] The name of the authorizer.

Definition at line 97 of file Authorizer.h.

◆ operator=()

Authorizer& Aws::APIGateway::Model::Authorizer::operator= ( Aws::Utils::Json::JsonView  jsonValue)

◆ ProviderARNsHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::ProviderARNsHasBeenSet ( ) const
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 195 of file Authorizer.h.

◆ SetAuthorizerCredentials() [1/3]

void Aws::APIGateway::Model::Authorizer::SetAuthorizerCredentials ( Aws::String &&  value)
inline

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Definition at line 461 of file Authorizer.h.

◆ SetAuthorizerCredentials() [2/3]

void Aws::APIGateway::Model::Authorizer::SetAuthorizerCredentials ( const Aws::String value)
inline

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Definition at line 453 of file Authorizer.h.

◆ SetAuthorizerCredentials() [3/3]

void Aws::APIGateway::Model::Authorizer::SetAuthorizerCredentials ( const char *  value)
inline

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Definition at line 469 of file Authorizer.h.

◆ SetAuthorizerResultTtlInSeconds()

void Aws::APIGateway::Model::Authorizer::SetAuthorizerResultTtlInSeconds ( int  value)
inline

The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.

Definition at line 808 of file Authorizer.h.

◆ SetAuthorizerUri() [1/3]

void Aws::APIGateway::Model::Authorizer::SetAuthorizerUri ( Aws::String &&  value)
inline

Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations.

Definition at line 368 of file Authorizer.h.

◆ SetAuthorizerUri() [2/3]

void Aws::APIGateway::Model::Authorizer::SetAuthorizerUri ( const Aws::String value)
inline

Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations.

Definition at line 353 of file Authorizer.h.

◆ SetAuthorizerUri() [3/3]

void Aws::APIGateway::Model::Authorizer::SetAuthorizerUri ( const char *  value)
inline

Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations.

Definition at line 383 of file Authorizer.h.

◆ SetAuthType() [1/3]

void Aws::APIGateway::Model::Authorizer::SetAuthType ( Aws::String &&  value)
inline

Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Definition at line 283 of file Authorizer.h.

◆ SetAuthType() [2/3]

void Aws::APIGateway::Model::Authorizer::SetAuthType ( const Aws::String value)
inline

Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Definition at line 277 of file Authorizer.h.

◆ SetAuthType() [3/3]

void Aws::APIGateway::Model::Authorizer::SetAuthType ( const char *  value)
inline

Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Definition at line 289 of file Authorizer.h.

◆ SetId() [1/3]

void Aws::APIGateway::Model::Authorizer::SetId ( Aws::String &&  value)
inline

The identifier for the authorizer resource.

Definition at line 66 of file Authorizer.h.

◆ SetId() [2/3]

void Aws::APIGateway::Model::Authorizer::SetId ( const Aws::String value)
inline

The identifier for the authorizer resource.

Definition at line 61 of file Authorizer.h.

◆ SetId() [3/3]

void Aws::APIGateway::Model::Authorizer::SetId ( const char *  value)
inline

The identifier for the authorizer resource.

Definition at line 71 of file Authorizer.h.

◆ SetIdentitySource() [1/3]

void Aws::APIGateway::Model::Authorizer::SetIdentitySource ( Aws::String &&  value)
inline

The identity source for which authorization is requested.

  • For a TOKEN or COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is Auth, the header mapping expression is method.request.header.Auth.
  • For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is method.request.header.Auth, method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

Definition at line 590 of file Authorizer.h.

◆ SetIdentitySource() [2/3]

void Aws::APIGateway::Model::Authorizer::SetIdentitySource ( const Aws::String value)
inline

The identity source for which authorization is requested.

  • For a TOKEN or COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is Auth, the header mapping expression is method.request.header.Auth.
  • For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is method.request.header.Auth, method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

Definition at line 566 of file Authorizer.h.

◆ SetIdentitySource() [3/3]

void Aws::APIGateway::Model::Authorizer::SetIdentitySource ( const char *  value)
inline

The identity source for which authorization is requested.

  • For a TOKEN or COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is Auth, the header mapping expression is method.request.header.Auth.
  • For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is method.request.header.Auth, method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

Definition at line 614 of file Authorizer.h.

◆ SetIdentityValidationExpression() [1/3]

void Aws::APIGateway::Model::Authorizer::SetIdentityValidationExpression ( Aws::String &&  value)
inline

A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.

Definition at line 735 of file Authorizer.h.

◆ SetIdentityValidationExpression() [2/3]

void Aws::APIGateway::Model::Authorizer::SetIdentityValidationExpression ( const Aws::String value)
inline

A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.

Definition at line 723 of file Authorizer.h.

◆ SetIdentityValidationExpression() [3/3]

void Aws::APIGateway::Model::Authorizer::SetIdentityValidationExpression ( const char *  value)
inline

A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.

Definition at line 747 of file Authorizer.h.

◆ SetName() [1/3]

void Aws::APIGateway::Model::Authorizer::SetName ( Aws::String &&  value)
inline

[Required] The name of the authorizer.

Definition at line 107 of file Authorizer.h.

◆ SetName() [2/3]

void Aws::APIGateway::Model::Authorizer::SetName ( const Aws::String value)
inline

[Required] The name of the authorizer.

Definition at line 102 of file Authorizer.h.

◆ SetName() [3/3]

void Aws::APIGateway::Model::Authorizer::SetName ( const char *  value)
inline

[Required] The name of the authorizer.

Definition at line 112 of file Authorizer.h.

◆ SetProviderARNs() [1/2]

void Aws::APIGateway::Model::Authorizer::SetProviderARNs ( Aws::Vector< Aws::String > &&  value)
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 213 of file Authorizer.h.

◆ SetProviderARNs() [2/2]

void Aws::APIGateway::Model::Authorizer::SetProviderARNs ( const Aws::Vector< Aws::String > &  value)
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 204 of file Authorizer.h.

◆ SetType() [1/2]

void Aws::APIGateway::Model::Authorizer::SetType ( AuthorizerType &&  value)
inline

The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.

Definition at line 160 of file Authorizer.h.

◆ SetType() [2/2]

void Aws::APIGateway::Model::Authorizer::SetType ( const AuthorizerType value)
inline

The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.

Definition at line 152 of file Authorizer.h.

◆ TypeHasBeenSet()

bool Aws::APIGateway::Model::Authorizer::TypeHasBeenSet ( ) const
inline

The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.

Definition at line 144 of file Authorizer.h.

◆ WithAuthorizerCredentials() [1/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthorizerCredentials ( Aws::String &&  value)
inline

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Definition at line 485 of file Authorizer.h.

◆ WithAuthorizerCredentials() [2/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthorizerCredentials ( const Aws::String value)
inline

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Definition at line 477 of file Authorizer.h.

◆ WithAuthorizerCredentials() [3/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthorizerCredentials ( const char *  value)
inline

Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer. To specify an IAM role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

Definition at line 493 of file Authorizer.h.

◆ WithAuthorizerResultTtlInSeconds()

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthorizerResultTtlInSeconds ( int  value)
inline

The TTL in seconds of cached authorizer results. If it equals 0, authorization caching is disabled. If it is greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.

Definition at line 816 of file Authorizer.h.

◆ WithAuthorizerUri() [1/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthorizerUri ( Aws::String &&  value)
inline

Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations.

Definition at line 413 of file Authorizer.h.

◆ WithAuthorizerUri() [2/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthorizerUri ( const Aws::String value)
inline

Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations.

Definition at line 398 of file Authorizer.h.

◆ WithAuthorizerUri() [3/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthorizerUri ( const char *  value)
inline

Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI, for example, arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations. In general, the URI has this form arn:aws:apigateway:{region}:lambda:path/{service_api}, where {region} is the same as the region hosting the Lambda function, path indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations.

Definition at line 428 of file Authorizer.h.

◆ WithAuthType() [1/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthType ( Aws::String &&  value)
inline

Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Definition at line 301 of file Authorizer.h.

◆ WithAuthType() [2/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthType ( const Aws::String value)
inline

Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Definition at line 295 of file Authorizer.h.

◆ WithAuthType() [3/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithAuthType ( const char *  value)
inline

Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Definition at line 307 of file Authorizer.h.

◆ WithId() [1/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithId ( Aws::String &&  value)
inline

The identifier for the authorizer resource.

Definition at line 81 of file Authorizer.h.

◆ WithId() [2/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithId ( const Aws::String value)
inline

The identifier for the authorizer resource.

Definition at line 76 of file Authorizer.h.

◆ WithId() [3/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithId ( const char *  value)
inline

The identifier for the authorizer resource.

Definition at line 86 of file Authorizer.h.

◆ WithIdentitySource() [1/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithIdentitySource ( Aws::String &&  value)
inline

The identity source for which authorization is requested.

  • For a TOKEN or COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is Auth, the header mapping expression is method.request.header.Auth.
  • For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is method.request.header.Auth, method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

Definition at line 662 of file Authorizer.h.

◆ WithIdentitySource() [2/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithIdentitySource ( const Aws::String value)
inline

The identity source for which authorization is requested.

  • For a TOKEN or COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is Auth, the header mapping expression is method.request.header.Auth.
  • For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is method.request.header.Auth, method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

Definition at line 638 of file Authorizer.h.

◆ WithIdentitySource() [3/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithIdentitySource ( const char *  value)
inline

The identity source for which authorization is requested.

  • For a TOKEN or COGNITO_USER_POOLS authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is Auth, the header mapping expression is method.request.header.Auth.
  • For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is method.request.header.Auth, method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.

Definition at line 686 of file Authorizer.h.

◆ WithIdentityValidationExpression() [1/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithIdentityValidationExpression ( Aws::String &&  value)
inline

A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.

Definition at line 771 of file Authorizer.h.

◆ WithIdentityValidationExpression() [2/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithIdentityValidationExpression ( const Aws::String value)
inline

A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.

Definition at line 759 of file Authorizer.h.

◆ WithIdentityValidationExpression() [3/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithIdentityValidationExpression ( const char *  value)
inline

A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression. For COGNITO_USER_POOLS authorizers, API Gateway will match the aud field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the REQUEST authorizer.

Definition at line 783 of file Authorizer.h.

◆ WithName() [1/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithName ( Aws::String &&  value)
inline

[Required] The name of the authorizer.

Definition at line 122 of file Authorizer.h.

◆ WithName() [2/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithName ( const Aws::String value)
inline

[Required] The name of the authorizer.

Definition at line 117 of file Authorizer.h.

◆ WithName() [3/3]

Authorizer& Aws::APIGateway::Model::Authorizer::WithName ( const char *  value)
inline

[Required] The name of the authorizer.

Definition at line 127 of file Authorizer.h.

◆ WithProviderARNs() [1/2]

Authorizer& Aws::APIGateway::Model::Authorizer::WithProviderARNs ( Aws::Vector< Aws::String > &&  value)
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 231 of file Authorizer.h.

◆ WithProviderARNs() [2/2]

Authorizer& Aws::APIGateway::Model::Authorizer::WithProviderARNs ( const Aws::Vector< Aws::String > &  value)
inline

A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer. Each element is of this format: arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}. For a TOKEN or REQUEST authorizer, this is not defined.

Definition at line 222 of file Authorizer.h.

◆ WithType() [1/2]

Authorizer& Aws::APIGateway::Model::Authorizer::WithType ( AuthorizerType &&  value)
inline

The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.

Definition at line 176 of file Authorizer.h.

◆ WithType() [2/2]

Authorizer& Aws::APIGateway::Model::Authorizer::WithType ( const AuthorizerType value)
inline

The authorizer type. Valid values are TOKEN for a Lambda function using a single authorization token submitted in a custom header, REQUEST for a Lambda function using incoming request parameters, and COGNITO_USER_POOLS for using an Amazon Cognito user pool.

Definition at line 168 of file Authorizer.h.


The documentation for this class was generated from the following file: