1 Answer
- Newest
- Most votes
- Most comments
0
On the route in the Swagger definition, you can use the CognitoAuthorizer defined as a security scheme. In the CognitoAuthorizer you define the auth type (user pool), where the token is sent (header) and what Cognito resource to use (cognito_user_pool_arn, to be set by terraform) There you can provide an ARN for the Cognito user pool by supplying the variable value in terraform as seen below.
Swagger
/hello:
get:
security:
- CognitoAuthorizer: ["my-custom-scope"]
components:
securitySchemes:
CognitoAuthorizer:
type: apiKey
name: Authorization
in: header
x-amazon-apigateway-authtype: cognito_user_pools
x-amazon-apigateway-authorizer:
providerARNs:
- "${cognito_user_pool_arn}"
type: cognito_user_pools
Terraform
resource "aws_cognito_user_pool" "example" {
name = "my-user-pool"
}
resource "aws_api_gateway_rest_api" "api" {
name = "my-api"
body = templatefile("swagger.yaml", {cognito_user_pool_arn = "${aws_cognito_user_pool.example.arn}"})
}
answered a year ago
Relevant content
- Accepted Answerasked a year ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 days ago
- AWS OFFICIALUpdated a year ago
that works, thanks!