Open kyeljmd opened 6 years ago
Is there a way to do this from the AWS side? My experience is that the authorizer is per-API Gateway endpoint, and the way proxy+
works, this means one endpoint per gateway/stage, so it's all-or-none.
There's an issue to add support for the REQUEST
type, which might help with this, but that isn't (or at least wasn't) supported by CFN.
It is indeed all or none, however, the intent of this request is there are APIs that you would want to expose without authorization such as a login endpoint. It is also unnecessary to create another API gateway for publicly available apis or endpoints. unless there is a workaround for such requirement please do let me know
I just don't know how you'd go about implementing this within Zappa. We've (me, not Zappa) implemented mixed-mode authentication like this this without using an Authorizer, given the all-or-none nature (we did authentication in app-space).
One other method is to manually manage base paths in a Custom Domain Name to point to different lambdas, or even use different hostnames for different lambdas, but that gets messier than I think we'd like Zappa's scope to creep.
Within one Zappa app/deployment, there's not an internal way I know of to make some routes hit the Authorizer and some bypass.
Related: #1423
So how does Chalice manage to do this? (letting you specify an authorizer for each method)
Any update on this? I think serverless does that too, it is absolutely possible using AWS Portal. Is it something of a shortcoming of Zappa?
There are scenarios where we will implement or utilize an authorizer, however there are times when we would want certain paths to be accessed without any authorization such as a login endpoint