steampipe plugin install aws

Table: aws_api_gateway_authorizer - Query AWS API Gateway Authorizer using SQL

The AWS API Gateway Authorizer is a crucial component in Amazon API Gateway that validates incoming requests before they reach the backend systems. It verifies the caller's identity and checks if the caller has permission to execute the requested operation. This feature enhances the security of your APIs by preventing unauthorized access to your resources.

Table Usage Guide

The aws_api_gateway_api_authorizer table in Steampipe provides you with information about API Gateway Authorizers within AWS API Gateway. This table allows you, as a DevOps engineer, to query authorizer-specific details, including the authorizer's ID, name, type, provider ARNs, and other configuration details. You can utilize this table to gather insights on authorizers, such as the authorizer's type, the ARN of the authorizer's provider, and more. The schema outlines the various attributes of the API Gateway Authorizer for you, including the authorizer's ID, name, type, provider ARNs, and associated metadata.

Examples

API gateway API authorizer basic info

Explore the core details of an API gateway's authorizer configuration, such as its ID, name, and authorization type. This can help you understand the security measures in place for your API gateway and can be useful for auditing purposes.

select
id,
name,
rest_api_id,
auth_type,
authorizer_credentials,
identity_validation_expression,
identity_source
from
aws_api_gateway_authorizer;
select
id,
name,
rest_api_id,
auth_type,
authorizer_credentials,
identity_validation_expression,
identity_source
from
aws_api_gateway_authorizer;

List the API authorizers that uses cognito user pool to authorize API calls

Explore which API authorizers are utilizing Cognito user pools for API call authorization. This can help in assessing the security configuration of your APIs and identify any potential areas for improvement.

select
id,
name,
rest_api_id,
auth_type
from
aws_api_gateway_authorizer
where
auth_type = 'cognito_user_pools';
select
id,
name,
rest_api_id,
auth_type
from
aws_api_gateway_authorizer
where
auth_type = 'cognito_user_pools';

Schema for aws_api_gateway_authorizer

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
auth_typetextOptional customer-defined field, used in OpenAPI imports and exports without functional impact
authorizer_credentialstextSpecifies the required credentials as an IAM role for API Gateway to invoke the authorizer
authorizer_uritextSpecifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI
idtext=The identifier for the authorizer resource
identity_sourcetextThe identity source for which authorization is requested
identity_validation_expressiontextA validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression
nametextThe name of the authorizer
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
provider_arnsjsonbA list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer
regiontextThe AWS Region in which the resource is located.
rest_api_idtext=The id of the rest api
titletextTitle of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_api_gateway_authorizer