Skip to main content

aws_apigateway_authorizers resource

Use the aws_apigateway_authorizers InSpec audit resource to test properties of multiple AWS API Gateway authorizers.

The AWS::ApiGateway::Authorizer resource creates an authorization layer that API Gateway activates for methods that have authorization enabled. API Gateway activates the authorizer when a client calls those methods.

For additional information, including details on parameters and properties, see the AWS documentation on AWS APIGateway Authorizer..

Syntax

Ensure that the authorizer exists.

describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do
  it { should exist }
end

Parameters

rest_api_id (required)

The ID of the REST API.

Properties

ids
The identifier for the authorizer resource.

Field: id

names
The name of the authorizer.

Field: name

types
The authorizer type.

Field: type

provider_arns
A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer.

Field: provider_arns

auth_types
Optional customer-defined field, used in OpenAPI imports and exports without functional impact.

Field: auth_type

authorizer_uris
Specifies the authorizer’s Uniform Resource Identifier (URI).

Field: authorizer_uri

authorizer_credentials
Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer.

Field: authorizer_credentials

identity_sources
The identity source for which authorization is requested.

Field: identity_source

identity_validation_expressions
A validation expression for the incoming identity token.

Field: identity_validation_expression

authorizer_result_ttl_in_seconds
The TTL in seconds of cached authorizer results.

Field: authorizer_result_ttl_in_seconds

Examples

Test that an ID is available:

describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do
  its('ids') { should include 'AUTHORIZER_ID' }
end

Test that a name is available:

describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do
  its('names') { should include 'AUTHORIZER_NAME' }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exist

Use should to test that the entity exists.

describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do
  it { should exist }
end

Use should_not to test the entity does not exist.

describe aws_apigateway_authorizers(rest_api_id: 'REST_API_ID') do
  it { should_not exist }
end

AWS Permissions

Your AWS principal will need the APIGateway:Client:Authorizers action with Effect set to Allow.

Thank you for your feedback!

×