Creates an authorizer.
Requires permission to access the CreateAuthorizer action.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
create-authorizer
--authorizer-name <value>
--authorizer-function-arn <value>
[--token-key-name <value>]
[--token-signing-public-keys <value>]
[--status <value>]
[--tags <value>]
[--signing-disabled | --no-signing-disabled]
[--enable-caching-for-http | --no-enable-caching-for-http]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--authorizer-name
(string)
The authorizer name.
--authorizer-function-arn
(string)
The ARN of the authorizer’s Lambda function.
--token-key-name
(string)
The name of the token key used to extract the token from the HTTP headers.
--token-signing-public-keys
(map)
The public keys used to verify the digital signature returned by your custom authentication service.
key -> (string)
value -> (string)
Shorthand Syntax:
KeyName1=string,KeyName2=string
JSON Syntax:
{"string": "string"
...}
--status
(string)
The status of the create authorizer request.
Possible values:
ACTIVE
INACTIVE
--tags
(list)
Metadata which can be used to manage the custom authorizer.
Note
For URI Request parameters use format: …key1=value1&key2=value2…
For the CLI command-line parameter use format: &&tags “key1=value1&key2=value2…”
For the cli-input-json file use format: “tags”: “key1=value1&key2=value2…”
(structure)
A set of key/value pairs that are used to manage the resource.
Key -> (string)
The tag’s key.
Value -> (string)
The tag’s value.
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--signing-disabled
| --no-signing-disabled
(boolean)
Specifies whether IoT validates the token signature in an authorization request.
--enable-caching-for-http
| --no-enable-caching-for-http
(boolean)
When
true
, the result from the authorizer’s Lambda function is cached for clients that use persistent HTTP connections. The results are cached for the time specified by the Lambda function inrefreshAfterInSeconds
. This value does not affect authorization of clients that use MQTT connections.The default value is
false
.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To create a custom authorizer
The following create-authorizer
example creates a custom authorizer that uses the specified Lambda function as part of a custom authentication service.
aws iot create-authorizer \
--authorizer-name "CustomAuthorizer" \
--authorizer-function-arn "arn:aws:lambda:us-west-2:123456789012:function:CustomAuthorizerFunction" \
--token-key-name "MyAuthToken" \
--status ACTIVE \
--token-signing-public-keys FIRST_KEY="-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uJOB4lQPgG/lM6ZfIwo
Z+7ENxAio9q6QD4FFqjGZsvjtYwjoe1RKK0U8Eq9xb5O3kRSmyIwTzwzm/f4Gf0Y
ZUloJ+t3PUUwHrmbYTAgTrCUgRFygjfgVwGCPs5ZAX4Eyqt5cr+AIHIiUDbxSa7p
zwOBKPeic0asNJpqT8PkBbRaKyleJh5oo81NDHHmVtbBm5A5YiJjqYXLaVAowKzZ
+GqsNvAQ9Jy1wI2VrEa1OfL8flDB/BJLm7zjpfPOHDJQgID0XnZwAlNnZcOhCwIx
50g2LW2Oy9R/dmqtDmJiVP97Z4GykxPvwlYHrUXY0iW1R3AR/Ac1NhCTGZMwVDB1
lQIDAQAB
-----END PUBLIC KEY-----"
Output:
{
"authorizerName": "CustomAuthorizer",
"authorizerArn": "arn:aws:iot:us-west-2:123456789012:authorizer/CustomAuthorizer2"
}
For more information, see CreateAuthorizer in the AWS IoT API Reference.
authorizerName -> (string)
The authorizer’s name.
authorizerArn -> (string)
The authorizer ARN.