如何为 AWS API Gateway 自定义授权方提供 Lambda 权限？

Question

我有一个 AWS Lambda 函数，在成功将其设置为授权方后，我试图为其提供权限。

基本上我想在 CloudFromation 中实现以下目标 -

以下是我的 CloudFormation 资源，无法设置权限 -

GWAuthPermission:
    Type: "AWS::Lambda::Permission"
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt AuthTest.Arn
      Principal: "apigateway.amazonaws.com"
      SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayRestApi}/authorizers/${AuthTest}"

ApiGatewayRestApi - 是网关
AuthTest的逻辑 Id - 是自定义 Auth lambda 函数的逻辑 Id

Answer 1

我能够通过以下方式解决它 -

添加了AWS::ApiGateway::Authorizer资源，
并将其引用AWS::Lambda::Permission

代码 -

GWAuth:
    Type: AWS::ApiGateway::Authorizer
    Properties: 
      AuthorizerUri: !Sub "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AuthLambda.Arn}/invocations"
      RestApiId: !Ref ApiGatewayRestApi
      Type: "REQUEST"
      IdentitySource: method.request.header.authorization
      Name: custom_auth

  GWAuthPermission:
    Type: "AWS::Lambda::Permission"
    Properties:
      Action: lambda:InvokeFunction
      FunctionName: !GetAtt AuthLambda.Arn
      Principal: "apigateway.amazonaws.com"
      SourceArn: !Sub "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ApiGatewayRestApi}/authorizers/${GWAuth}"