ApiGatewayV2LambdaRoute

Reference doc for the `sst.aws.ApiGatewayV2LambdaRoute` component.

The ApiGatewayV2LambdaRoute component is internally used by the ApiGatewayV2 component to add routes to Amazon API Gateway HTTP API.

You’ll find this component returned by the route method of the ApiGatewayV2 component.

Constructor

new ApiGatewayV2LambdaRoute(name, args, opts?)

Parameters

name string
args Args
opts? ComponentResourceOptions

Properties

nodes

Type Object

function
integration
permission
route

The underlying resources this component creates.

nodes.function

Type Output<Function>

The Lambda function.

nodes.integration

Type Integration

The API Gateway HTTP API integration.

nodes.permission

Type Permission

The Lambda permission.

nodes.route

Type Output<Route>

The API Gateway HTTP API route.

Args

api

Type Input<Object>

executionArn
id
name

The cluster to use for the service.

api.executionArn

Type Input<string>

The execution ARN of the cluster.

api.id

Type Input<string>

The ID of the cluster.

api.name

Type Input<string>

The name of the cluster.

auth?

Type Input<Object>

iam?
jwt? Input<Object>

Enable auth for your HTTP API.

{
  auth: {
    iam: true
  }
}

auth.iam?

Type Input<true>

Enable IAM authorization for a given API route. When IAM auth is enabled, clients need to use Signature Version 4 to sign their requests with their AWS credentials.

auth.jwt?

Type Input<Object>

Enable JWT or JSON Web Token authorization for a given API route. When JWT auth is enabled, clients need to include a valid JWT in their requests.

You can configure JWT auth.

{
  auth: {
    jwt: {
      issuer: "https://issuer.com/",
      audiences: ["https://api.example.com"],
      scopes: ["read:profile", "write:profile"],
      identitySource: "$request.header.AccessToken"
    }
  }
}

You can also use Cognito as the identity provider.

{
  auth: {
    jwt: {
      audiences: [userPoolClient.id],
      issuer: $interpolate`https://cognito-idp.${aws.getArnOutput(userPool).region}.amazonaws.com/${userPool.id}`,
    }
  }
}

Where userPool and userPoolClient are:

const userPool = new aws.cognito.UserPool();
const userPoolClient = new aws.cognito.UserPoolClient();

auth.jwt.audiences

Type Input<Input<string>[]>

List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.

auth.jwt.identitySource?

Type Input<string>

Default “$request.header.Authorization”

Specifies where to extract the JWT from the request.

auth.jwt.issuer

Type Input<string>

Base domain of the identity provider that issues JSON Web Tokens.

auth.jwt.scopes?

Type Input<Input<string>[]>

Defines the permissions or access levels that the JWT grants. If the JWT does not have the required scope, the request is rejected. By default it does not require any scopes.

handler

Type Input<string | FunctionArgs>

The route function.

handlerTransform?

Type FunctionArgs | (args: FunctionArgs => void)

route

Type Input<string>

transform?

Type Object

authorizer?
integration?
route?

Transform how this component creates its underlying resources.

transform.authorizer?

Type AuthorizerArgs | (args: AuthorizerArgs => void)

Transform the API Gateway authorizer resource.

transform.integration?

Type IntegrationArgs | (args: IntegrationArgs => void)

Transform the API Gateway HTTP API integration resource.

transform.route?

Type RouteArgs | (args: RouteArgs => void)

Transform the API Gateway HTTP API route resource.