aws
diff --git a/‎samtranslator/model/api/api_generator.py‎
Lines changed: 9 additions & 5 deletions b/‎samtranslator/model/api/api_generator.py‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎samtranslator/swagger/swagger.py‎
Lines changed: 9 additions & 4 deletions b/‎samtranslator/swagger/swagger.py‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml‎
Lines changed: 48 additions & 0 deletions b/‎tests/translator/input/api_with_cors_and_auth_no_preflight_auth.yaml‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml‎
Lines changed: 47 additions & 0 deletions b/‎tests/translator/input/api_with_cors_and_auth_preflight_auth.yaml‎
Lines changed: 47 additions & 0 deletions
@@ -20,8 +20,9 @@
 # Default the Cors Properties to '*' wildcard and False AllowCredentials. Other properties are actually Optional
 CorsProperties.__new__.__defaults__ = (None, None, _CORS_WILDCARD, None, False)
 
-AuthProperties = namedtuple("_AuthProperties", ["Authorizers", "DefaultAuthorizer", "InvokeRole"])
-AuthProperties.__new__.__defaults__ = (None, None, None)
+AuthProperties = namedtuple("_AuthProperties",
+                            ["Authorizers", "DefaultAuthorizer", "InvokeRole", "AddDefaultAuthorizerToCorsPreflight"])
+AuthProperties.__new__.__defaults__ = (None, None, None, True)
 
 GatewayResponseProperties = ["ResponseParameters", "ResponseTemplates", "StatusCode"]
 
@@ -308,7 +309,8 @@ def _add_auth(self):
 
         if authorizers:
             swagger_editor.add_authorizers(authorizers)
-            self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer)
+            self._set_default_authorizer(swagger_editor, authorizers, auth_properties.DefaultAuthorizer,
+                                         auth_properties.AddDefaultAuthorizerToCorsPreflight)
 
         # Assign the Swagger back to template
 
@@ -508,7 +510,8 @@ def _construct_authorizer_lambda_permission(self):
 
         return permissions
 
-    def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer):
+    def _set_default_authorizer(self, swagger_editor, authorizers, default_authorizer,
+                                add_default_auth_to_preflight=True):
         if not default_authorizer:
             return
 
@@ -517,7 +520,8 @@ def _set_default_authorizer(self, swagger_editor, authorizers, default_authorize
                                            default_authorizer + "' was not defined in 'Authorizers'")
 
         for path in swagger_editor.iter_on_path():
-            swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers)
+            swagger_editor.set_path_default_authorizer(path, default_authorizer, authorizers=authorizers,
+                                                       add_default_auth_to_preflight=add_default_auth_to_preflight)
 
     def _set_endpoint_configuration(self, rest_api, value):
         """
 
@@ -400,7 +400,8 @@ def add_authorizers(self, authorizers):
         for authorizer_name, authorizer in authorizers.items():
             self.security_definitions[authorizer_name] = authorizer.generate_swagger()
 
-    def set_path_default_authorizer(self, path, default_authorizer, authorizers):
+    def set_path_default_authorizer(self, path, default_authorizer, authorizers,
+                                    add_default_auth_to_preflight=True):
         """
         Sets the DefaultAuthorizer for each method on this path. The DefaultAuthorizer won't be set if an Authorizer
         was defined at the Function/Path/Method level
@@ -409,14 +410,18 @@ def set_path_default_authorizer(self, path, default_authorizer, authorizers):
         :param string default_authorizer: Name of the authorizer to use as the default. Must be a key in the
             authorizers param.
         :param list authorizers: List of Authorizer configurations defined on the related Api.
+        :param bool add_default_auth_to_preflight: Bool of whether to add the default
+            authorizer to OPTIONS preflight requests.
         """
 
         for method_name, method in self.get_path(path).items():
+            normalized_method_name = self._normalize_method_name(method_name)
             # Excluding paramters section
-            if method_name == "parameters":
+            if normalized_method_name == "parameters":
                 continue
-            self.set_method_authorizer(path, method_name, default_authorizer, authorizers,
-                                       default_authorizer=default_authorizer, is_default=True)
+            if add_default_auth_to_preflight or normalized_method_name != "options":
+                self.set_method_authorizer(path, method_name, default_authorizer, authorizers,
+                                           default_authorizer=default_authorizer, is_default=True)
 
     def add_auth_to_method(self, path, method_name, auth, api):
         """
 
@@ -0,0 +1,48 @@
+Globals:
+  Api:
+    Cors: "origins"
+
+Resources:
+  ApiFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/member_portal.zip
+      Handler: index.gethtml
+      Runtime: nodejs4.3
+      Events:
+        GetHtml:
+          Type: Api
+          Properties:
+            Path: /
+            Method: get
+            RestApiId: !Ref ServerlessApi
+
+        PostHtml:
+          Type: Api
+          Properties:
+            Path: /
+            Method: post
+            RestApiId: !Ref ServerlessApi
+
+
+  ServerlessApi:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      Auth:
+        AddDefaultAuthorizerToCorsPreflight: False
+        DefaultAuthorizer: MyLambdaRequestAuth
+        Authorizers:
+          MyLambdaRequestAuth:
+            FunctionPayloadType: REQUEST
+            FunctionArn: !GetAtt MyAuthFn.Arn
+            Identity:
+              Headers:
+                - Authorization1
+
+  MyAuthFn:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://bucket/key
+      Handler: index.handler
+      Runtime: nodejs8.10
@@ -0,0 +1,47 @@
+Globals:
+  Api:
+    Cors: "origins"
+
+Resources:
+  ApiFunction:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://sam-demo-bucket/member_portal.zip
+      Handler: index.gethtml
+      Runtime: nodejs4.3
+      Events:
+        GetHtml:
+          Type: Api
+          Properties:
+            Path: /
+            Method: get
+            RestApiId: !Ref ServerlessApi
+
+        PostHtml:
+          Type: Api
+          Properties:
+            Path: /
+            Method: post
+            RestApiId: !Ref ServerlessApi
+
+
+  ServerlessApi:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      Auth:
+        DefaultAuthorizer: MyLambdaRequestAuth
+        Authorizers:
+          MyLambdaRequestAuth:
+            FunctionPayloadType: REQUEST
+            FunctionArn: !GetAtt MyAuthFn.Arn
+            Identity:
+              Headers:
+                - Authorization1
+
+  MyAuthFn:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://bucket/key
+      Handler: index.handler
+      Runtime: nodejs8.10