In real-world projects, you may already have a centralized Lambda Authorizer. Instead of duplicating the code, you can reuse that existing authorizer in new APIs.
In this post, we’ll create a new SAM project with an API Gateway, and configure it to use an external Lambda Authorizer by referencing its ARN.
Step 1: Define Parameters for the Authorizer ARN
In template.yaml, add a Parameter for the Lambda Authorizer ARN:
Parameters:
AuthorizerLambdaArn:
Type: String
Description: ARN of the external Lambda Authorizer
This makes your SAM stack reusable — you can pass in the ARN during deployment.
🌐 Step 2: Add an API Gateway with Authorizer
Update template.yaml:
Resources:
MyApi:
Type: AWS::Serverless::Api
Properties:
Name: ExternalAuthorizerApi
StageName: dev
Auth:
DefaultAuthorizer: MyLambdaAuthorizer
Authorizers:
MyLambdaAuthorizer:
FunctionArn: !Ref AuthorizerLambdaArn
Identity:
Header: Authorization
HelloFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/
Handler: handler.main
Runtime: nodejs20.x
Events:
ApiEvent:
Type: Api
Properties:
Path: /hello
Method: get
RestApiId: !Ref MyApi
Here’s what’s happening:
Auth section of MyApi references the external Lambda Authorizer ARN.
HelloFunction is protected automatically since the API has a default authorizer.
📚 Conclusion
By referencing an external Lambda Authorizer in your template.yaml, you can:
Reuse existing centralized authorization logic
Keep new APIs secure without duplicating code
Maintain a clean and consistent authentication strategy
Top comments (0)