AWS Lambda Authorizer configuration reference

Learn how you can configure settings for your AWS Lambda Authorizer by using environment variables in your AWS Lambda settings.

About configuring ACP’s AWS Lambda Authorizer

To configure the settings of your ACP AWS Lambda Authorizer, you need to provide environment variables for your authorizer. To know how to set the variables, see the seventh step of the Create a function section in the Protecting APIs deployed behind the AWS API Gateway article.

Below you can find tables of all possible settings for the ACP’s AWS Lambda Authorizer. When configuring your Lambda Authorizer’s variables, you must specify the required ones. If the default values for optional configuration are enough for you, you may skip them.

Required configuration

Setting Type Default Description
ACP_ISSUER_URL string Defaults to the issuer URL for the workspace in which the authorizer is created Your authorizer issuer URL
ACP_CLIENT_ID string Defaults to the client identifier of a client application that is created for your authorizer in the System workspace Client identifier of your authorizer’s client application that is used for the purpose of authenticating your requests
ACP_CLIENT_SECRET string Defaults to the client secret of a client application that is created for your authorizer in the System workspace Client secret of your authorizer’s client application that is used for the purpose of authenticating your requests

Optional configuration

Setting Type Default Description
LOGGING_LEVEL string info Possible values from the most strict levels to the ones that give the most detailed information: error, warn, info, debug, trace.
CONFIG_REFRESH_INTERVAL time.Duration 5s Represents the frequency of retrieving policies from ACP by the authorizer.
DISABLE_ANALYTICS bool false If true, turnes off the analytics for the Lambda Authorizer in ACP’s Admin Panel Analytics.
INJECT_CONTEXT bool false If set to true, it is possible to inject base64-encoded authentication context to the target service in order to, for example, provide the target service with information on logged in user.
DO_NOT_FAIL_ON_MATCHING_REQUESTS bool false If set to false, the authorizer blocks every API request that does not match the provided criteria.
AWS_REGION string No default value Sets the AWS region for your authorizer.
AWS_ACCESS_KEY_ID string No default value Provides the credentials (access keys) for the authorizer to make programatic calls to AWS API.
AWS_SESSION_TOKEN string No default value Provides the session token used as part of the credentials to authenticate your authorizer when it makes requests to AWS APIs.
AWS_LAMBDA_FUNCTION_NAME string No default value Provides a name of the Lambda function in AWS that is used in your AWS for your authorizer.
AWS_AUTHORIZER_NAME string cloudentity-acp-authorizer Name of your ACP AWS Lambda Authorizer
CLIENT_ROOTCA string No default value Root certificate for your authorizer’s client application.
CLIENT_INSECURESKIPVERIFY bool No default value Disables certificate verification