Table: aws_api_gateway_authorizer - Query AWS API Gateway Authorizer using SQL
The AWS API Gateway Authorizer is a crucial component in Amazon API Gateway that validates incoming requests before they reach the backend systems. It verifies the caller's identity and checks if the caller has permission to execute the requested operation. This feature enhances the security of your APIs by preventing unauthorized access to your resources.
Table Usage Guide
The aws_api_gateway_api_authorizer
table in Steampipe provides you with information about API Gateway Authorizers within AWS API Gateway. This table allows you, as a DevOps engineer, to query authorizer-specific details, including the authorizer's ID, name, type, provider ARNs, and other configuration details. You can utilize this table to gather insights on authorizers, such as the authorizer's type, the ARN of the authorizer's provider, and more. The schema outlines the various attributes of the API Gateway Authorizer for you, including the authorizer's ID, name, type, provider ARNs, and associated metadata.
Examples
API gateway API authorizer basic info
Explore the core details of an API gateway's authorizer configuration, such as its ID, name, and authorization type. This can help you understand the security measures in place for your API gateway and can be useful for auditing purposes.
select id, name, rest_api_id, auth_type, authorizer_credentials, identity_validation_expression, identity_sourcefrom aws_api_gateway_authorizer;
select id, name, rest_api_id, auth_type, authorizer_credentials, identity_validation_expression, identity_sourcefrom aws_api_gateway_authorizer;
List the API authorizers that uses cognito user pool to authorize API calls
Explore which API authorizers are utilizing Cognito user pools for API call authorization. This can help in assessing the security configuration of your APIs and identify any potential areas for improvement.
select id, name, rest_api_id, auth_typefrom aws_api_gateway_authorizerwhere auth_type = 'cognito_user_pools';
select id, name, rest_api_id, auth_typefrom aws_api_gateway_authorizerwhere auth_type = 'cognito_user_pools';
Schema for aws_api_gateway_authorizer
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
auth_type | text | Optional customer-defined field, used in OpenAPI imports and exports without functional impact | |
authorizer_credentials | text | Specifies the required credentials as an IAM role for API Gateway to invoke the authorizer | |
authorizer_result_ttl_in_seconds | text | The TTL in seconds of cached authorizer results. | |
authorizer_uri | text | Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN or REQUEST authorizers, this must be a well-formed Lambda function URI | |
id | text | = | The identifier for the authorizer resource |
identity_source | text | The identity source for which authorization is requested | |
identity_validation_expression | text | A validation expression for the incoming identity token. For TOKEN authorizers, this value is a regular expression | |
name | text | The name of the authorizer | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
provider_arns | jsonb | A list of the Amazon Cognito user pool ARNs for the COGNITO_USER_POOLS authorizer | |
region | text | The AWS Region in which the resource is located. | |
rest_api_id | text | = | The id of the rest api |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_api_gateway_authorizer