I have an API defined using Swagger, which defines the following API Key authorizer:
securityDefinitions: api_key: type: apiKey name: x-api-key in: header x-amazon-apigateway-authtype: "oauth2" x-amazon-apigateway-authorizer: type: token authorizerUri: arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:[accountid]:function:ApiKeyAuthorizerLambdaFunction/invocations authorizerResultTtlInSeconds: 0
However, when I pass this Swagger definition into my CloudFormation script and call an endpoint secured with this authorizer, I get a 500. The API Gateway logs show the following:
Incoming identity: ***key Execution failed due to configuration error: Invalid permissions on Lambda function Execution failed due to configuration error: Authorizer error
Note that I have given API Gateway permission to execute this lambda:
LambdaPermissionAuthorizerApiGateway: Type: AWS::Lambda::Permission Properties: FunctionName: Fn::GetAtt: - ApiKeyAuthorizerLambdaFunction - Arn Action: lambda:InvokeFunction Principal: apigateway.amazonaws.com
In fact, when I compare the CloudFormation script which Serverless generates for authoized endpoints (using Serverless's notation) with my own CloudFormation script using Swagger, I see little difference between them, except that my authorizer is defined with Swagger rather than directly as a CF resource.
Can anyone shed any light on this? Is this a bug when using Swagger with CloudFormation?