[Enhancement]: Java IAM Policy Document Creation for an Authorizer Lambda

[cschroedl-gov]

Background story

If I am writing an API Gateway Authorizer Lambda, then I need to return an IAM policy document that is not going to be used to directly call IAM APIs. Current Java examples of IAM focus on preparing requests that are sent directly to IAM APIs. I haven't found a way to represent a standalone policy document via the SDK, so the alternatives seem to be either:

• Creating/testing/maintaining our own Policy Document POJO, which is a small hassle,

or

• Returning Map<String, Object>, which doesn't provide very good type safety guarantees.

The AWS SDK is pretty extensive, so I'm guessing there's an existing class(es) that supports this already. Could you please add an example of constructing a standalone IAM policy document? Bonus points if it's in the context of writing an API Gateway Authorizer Lambda!

What does this example accomplish?

Authorize or deny usage of a Lambda in the context of an API Gateway authorizer

Which AWS service(s)?

IAM

Which AWS SDKs or tools?

• [ ] All languages
• [ ] .NET
• [ ] C++
• [ ] Go (v2)
• [ ] Java
• [X] Java (v2)
• [ ] JavaScript
• [ ] JavaScript (v3)
• [ ] Kotlin
• [ ] PHP
• [ ] Python
• [ ] Ruby
• [ ] Rust
• [ ] Swift
• [ ] Not applicable

Are there existing code examples to leverage?

I am aware of the Java Authorizer Blueprint from five years ago. I am guessing the SDK by now supports some alternative to Map<String, Object>, or manually creating+testing+maintaining our own AuthPolicy POJOs. If this assumption is incorrect, please let me know so I can file an issue for the SDK.

Do you have any reference code?

No response

[github-actions[bot]]

Marked stale by the Shirriff. Notifying @awsdocs/aws-sdk-docs-code-maintainers