-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtemplate.yaml
More file actions
66 lines (59 loc) · 1.67 KB
/
template.yaml
File metadata and controls
66 lines (59 loc) · 1.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Simple JWT API with custom authorizer
Parameters:
PingOneIssuer:
Type: String
Description: PingOne Issuer URL
Default: "https://auth.pingone.com/<ENVIRONMENT_ID>/as"
PingOneJwksUrl:
Type: String
Description: PingOne JWKS URL for token validation
Default: "https://auth.pingone.com/<ENVIRONMENT_ID>/as/jwks"
Globals:
Function:
Timeout: 30
MemorySize: 256
Runtime: python3.9
Resources:
# API Gateway
SimpleJwtApi:
Type: AWS::Serverless::Api
Properties:
StageName: prod
Cors:
AllowMethods: "'GET,POST,OPTIONS'"
AllowHeaders: "'Content-Type,Authorization'"
AllowOrigin: "'*'"
Auth:
DefaultAuthorizer: JwtAuthorizer
Authorizers:
JwtAuthorizer:
FunctionArn: !GetAtt JwtAuthorizerFunction.Arn
# JWT Authorizer Function
JwtAuthorizerFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/
Handler: jwt_authorizer.lambda_handler
Environment:
Variables:
PING_ISSUER_URL: !Ref PingOneIssuer
PING_JWKS_URL: !Ref PingOneJwksUrl
# User Info Handler Function
UserInfoFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/
Handler: user_info.lambda_handler
Events:
GetUserInfo:
Type: Api
Properties:
RestApiId: !Ref SimpleJwtApi
Path: /user
Method: get
Outputs:
UserInfoEndpoint:
Description: User info endpoint
Value: !Sub "https://${SimpleJwtApi}.execute-api.${AWS::Region}.amazonaws.com/prod/user"