AWS Lambda Authorizer configuration reference
Learn how you can configure settings for your AWS Lambda Authorizer by using environment variables in your AWS Lambda settings.
About configuring ACP’s AWS Lambda Authorizer
To configure the settings of your ACP AWS Lambda Authorizer, you need to provide environment variables for your authorizer. To know how to set the variables, see the seventh step of the Create a function section in the Protecting APIs deployed behind the AWS API Gateway article.
Below you can find tables of all possible settings for the ACP’s AWS Lambda Authorizer. When configuring your Lambda Authorizer’s variables, you must specify the required ones. If the default values for optional configuration are enough for you, you may skip them.
Required configuration
| Setting | Type | Default | Description |
|---|---|---|---|
| ACP_ISSUER_URL | string | Defaults to the issuer URL for the workspace in which the authorizer is created | Your authorizer issuer URL |
| ACP_CLIENT_ID | string | Defaults to the client identifier of a client application that is created for your authorizer in the System workspace | Client identifier of your authorizer’s client application that is used for the purpose of authenticating your requests |
| ACP_CLIENT_SECRET | string | Defaults to the client secret of a client application that is created for your authorizer in the System workspace | Client secret of your authorizer’s client application that is used for the purpose of authenticating your requests |
Optional configuration
| Setting | Type | Default | Description |
|---|---|---|---|
| LOGGING_LEVEL | string | info | Possible values from the most strict levels to the ones that give the most detailed information: error, warn, info, debug, trace. |
| ACP_RELOAD_INTERVAL | time.Duration | 5s | Represents the frequency of retrieving policies from ACP by the authorizer. |
| ANALYTICS_ENABLED | bool | true | If true, turnes off the analytics for the Lambda Authorizer in ACP’s Admin Panel Analytics. |
| AWS_INJECT_CONTEXT | bool | false | If set to true, it is possible to inject base64-encoded authentication context to the target service in order to, for example, provide the target service with information on logged in user. |
| ENFORCEMENT_ALLOW_UNKNOWN | bool | false | If set to false, the authorizer blocks every API request that does not match the provided criteria. |
| AWS_REGION | string | No default value | Sets the AWS region for your authorizer. |
| AWS_ACCESS_KEY_ID | string | No default value | Provides the credentials (access keys) for the authorizer to make programatic calls to AWS API. |
| AWS_SESSION_TOKEN | string | No default value | Provides the session token used as part of the credentials to authenticate your authorizer when it makes requests to AWS APIs. |
| AWS_LAMBDA_FUNCTION_NAME | string | No default value | Provides a name of the Lambda function in AWS that is used in your AWS for your authorizer. |
| AWS_AUTHORIZER_NAME | string | cloudentity-acp-authorizer | Name of your ACP AWS Lambda Authorizer |
| HTTP_CLIENT_ROOT_CA | string | No default value | Root certificate for your authorizer’s client application. |
| HTTP_CLIENT_INSECURE_SKIP_VERIFY | bool | No default value | Disables certificate verification |