Unable to use DefaultAuthorizer: IAM for AWS::Serverless::HttpApi #1731
Description
Description:
IAM Authorization configuration is supported by API GW [1], however not seems to be supported by CFN/SAM [2] yet.
Steps to reproduce the issue:
1.
Sample template:
Sample SAM Template for sam-app
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
sam-app
Globals:
Function:
Timeout: 3
Resources:
HttpApiType:
Type: AWS::Serverless::HttpApi
Properties:
FailOnWarnings: true
HelloWorldFunction:
Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
Properties:
CodeUri: hello_world/
Handler: app.lambda_handler
Runtime: python3.7
Events:
HelloWorld:
Type: HttpApi # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
Properties:
Path: /hello
Method: POST
Auth:
#Authorizer: AWS_IAM
DefaultAuthorizer: AWS_IAM
PayloadFormatVersion: "2.0" # aws-serverless-express doesn't support v2.0 yet
ApiId:
Ref: HttpApiType
sam deploy --guided
Observed result:
Waiting for changeset to be created..
Error: Failed to create changeset for the stack: samappiam1, ex: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state Status: FAILED. Reason: Transform AWS::Serverless-2016-10-31 failed with: Internal transform failure.
Expected result:
Have the default authorizer configured as AWS IAM for HttpApi, created by SAM.
Reference Links:
[1] https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-access-control-iam.html
[2] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-authorizer.html#cfn-apigatewayv2-authorizer-authorizertype