Use an existing authorizer and specify arn for authorizerId

[MikeRee]

I'm trying to figure out how to leverage an existing authorizer, as I do with all my lambda's, for my serverless S3 proxy.

I have tried this:

  apiGatewayServiceProxies:
    - s3:
        authorizationType: 'CUSTOM'
        authorizerId: 'arn:aws:lambda:us-west-2:##########:function:auth-prod-authUser'

and this:

  apiGatewayServiceProxies:
    - s3:
        authorizationType: 'CUSTOM'
        authorizerId: { Ref: 'arn:aws:lambda:us-west-2:##########:function:auth-prod-authUser' }

Neither work.

Any way someone could help me out and we could get the documentation updated to help show this scenario?

Thanks,
Mike

[sebto]

@MikeRee Have you found any solution for this? I have the same issue. I'm going to use a custom lambda authorizer function which is exported from another stack. It seems !Ref does not work with !ImportValue.

[MikeRee]

No, for the moment I have removed authorizers for content from S3. Would be nice if someone had a solution to this. Feel like this package, as important as it is for serverless, is not being maintained.

[carchi1a]

@MikeRee I had the same problem and eventually found a workaround. Not the most elegant of solutions, but works and is consistent.

I ran a Serverless deploy, went to my CloudFormation stack and looked for the Logical ID of my authorizer. E.g., for an authorizer called demo-authorizer the Logical ID was DemoDashauthorizerApiGatewayAuthorizer. I then was able to successfully use this in my configuration, like so:

apiGatewayServiceProxies:
  - s3:
      authorizationType: 'CUSTOM'
      authorizerId: {Ref: 'DemoDashauthorizerApiGatewayAuthorizer'}

Based on mine, I imagine the Logical ID for your authorizer will be something like AuthDashprodDashauthUserApiGatewayAuthorizer but you're probably better off checking against your stack.

Hope this helps!