AWS SAM API with Cognito User Pools Authorizer

Question

AWS SAMでCognito User Pools Authorizerを使用してAPIを作成するにはどうすればよいですか？

Theres AWS::ApiGateway::Authorizer。しかし...それはRestApiIdのように見える

{ 
    "Type" : "AWS::ApiGateway::Authorizer", 
    "Properties" : { 
    "AuthorizerCredentials" : String, 
    "AuthorizerResultTtlInSeconds" : Integer, 
    "AuthorizerUri" : String, 
    "IdentitySource" : String, 
    "IdentityValidationExpression" : String, 
    "Name" : String, 
    "ProviderARNs" : [ String, ... ], 
    "RestApiId" : String, 
    "Type" : String 
    } 
} 

この承認者を使用するAPIを指し？ AWS SAMでは、私のAPIは次のように定義されています

Resources: 
    Ec2Index: 
    Type: AWS::Serverless::Function 
    Properties: 
     Handler: ec2/index.handler 
     Runtime: nodejs6.10 
     CodeUri: ./src 
     FunctionName: 'ApiEc2IndexHandler' 
     Description: 'List EC2 resources' 
     Timeout: 30 
     Role: 'arn:aws:iam::598545985414:role/awsmanagement-lambda-management' 
     Events: 
     Ec2Index: 
      Type: Api 
      Properties: 
      Path: /ec2 
      Method: get 

私はそれらをどのように関連付けるのですか？

Answer 1

SAMでオーソライザを指定することはできませんが、これを行うSAMファイルにSwaggerを埋め込むことは可能です。 2月17日現在の新機能[ref]です。

私は間違いなく闊歩またはSAMの専門家ではないが、あなたが何かしたいと思うように思える：

AWSTemplateFormatVersion: '2010-09-09' 
Transform: AWS::Serverless-2016-10-31 
Description: Simple API Endpoint configured using Swagger specified inline and backed by a Lambda function 
Resources: 
    Ec2Index: 
    Type: AWS::Serverless::Api 
    Properties: 
     StageName: <stage> 
     DefinitionBody: 
      swagger: 2.0 
      info: 
       title: 
       Ref: AWS::StackName 
      securityDefinitions: 
       cognitoUserPool: 
       type: apiKey, 
       name: "Authorization" 
       in: header 
       x-amazon-apigateway-authtype: cognito_user_pools 
       x-amazon-apigateway-authorizer: 
        type: cognito_user_pools 
        providerARNs: 
        - arn:aws:cognito-idp:${AWS::Region}:{AWS::AccountId}:userpool/<user_pool_id> 
      paths: 
       "/ec2": 
       get: 
        security: 
        cognitoUserPool: [] 
        x-amazon-apigateway-integration: 
        httpMethod: POST 
        type: aws_proxy 
        uri: 
         Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Ec2IndexLamb.Arn}/invocations 
        responses: {} 
      swagger: '2.0' 
    Ec2IndexLamb: 
    Type: AWS::Serverless::Function 
    Properties: 
     Handler: ec2/index.handler 
     Runtime: nodejs6.10 
     CodeUri: ./src 
     FunctionName: 'ApiEc2IndexHandler' 
     Description: 'List EC2 resources' 
     Timeout: 30 
     Role: 'arn:aws:iam::598545985414:role/awsmanagement-lambda-management' 
     Events: 
     Ec2Index: 
      Type: Api 
      Properties: 
      Path: /ec2 
      Method: get 

---

参考文献：

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html#apigateway-enable-cognito-user-pool

https://github.com/awslabs/serverless-application-model/blob/master/examples/2016-10-31/inline_swagger/template.yaml

を