[ aws . iot ]

create-authorizer

Description

Creates an authorizer.

Requires permission to access the CreateAuthorizer action.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  create-authorizer
--authorizer-name <value>
--authorizer-function-arn <value>
[--token-key-name <value>]
[--token-signing-public-keys <value>]
[--status <value>]
[--tags <value>]
[--signing-disabled | --no-signing-disabled]
[--enable-caching-for-http | --no-enable-caching-for-http]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--authorizer-name (string)

The authorizer name.

--authorizer-function-arn (string)

The ARN of the authorizer’s Lambda function.

--token-key-name (string)

The name of the token key used to extract the token from the HTTP headers.

--token-signing-public-keys (map)

The public keys used to verify the digital signature returned by your custom authentication service.

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--status (string)

The status of the create authorizer request.

Possible values:

  • ACTIVE

  • INACTIVE

--tags (list)

Metadata which can be used to manage the custom authorizer.

Note

For URI Request parameters use format: …key1=value1&key2=value2…

For the CLI command-line parameter use format: &&tags “key1=value1&key2=value2…”

For the cli-input-json file use format: “tags”: “key1=value1&key2=value2…”

(structure)

A set of key/value pairs that are used to manage the resource.

Key -> (string)

The tag’s key.

Value -> (string)

The tag’s value.

Shorthand Syntax:

Key=string,Value=string ...

JSON Syntax:

[
  {
    "Key": "string",
    "Value": "string"
  }
  ...
]

--signing-disabled | --no-signing-disabled (boolean)

Specifies whether IoT validates the token signature in an authorization request.

--enable-caching-for-http | --no-enable-caching-for-http (boolean)

When true , the result from the authorizer’s Lambda function is cached for clients that use persistent HTTP connections. The results are cached for the time specified by the Lambda function in refreshAfterInSeconds . This value does not affect authorization of clients that use MQTT connections.

The default value is false .

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To create a custom authorizer

The following create-authorizer example creates a custom authorizer that uses the specified Lambda function as part of a custom authentication service.

   aws iot create-authorizer \
       --authorizer-name "CustomAuthorizer" \
       --authorizer-function-arn "arn:aws:lambda:us-west-2:123456789012:function:CustomAuthorizerFunction" \
       --token-key-name "MyAuthToken" \
       --status ACTIVE \
       --token-signing-public-keys FIRST_KEY="-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uJOB4lQPgG/lM6ZfIwo
Z+7ENxAio9q6QD4FFqjGZsvjtYwjoe1RKK0U8Eq9xb5O3kRSmyIwTzwzm/f4Gf0Y
ZUloJ+t3PUUwHrmbYTAgTrCUgRFygjfgVwGCPs5ZAX4Eyqt5cr+AIHIiUDbxSa7p
zwOBKPeic0asNJpqT8PkBbRaKyleJh5oo81NDHHmVtbBm5A5YiJjqYXLaVAowKzZ
+GqsNvAQ9Jy1wI2VrEa1OfL8flDB/BJLm7zjpfPOHDJQgID0XnZwAlNnZcOhCwIx
50g2LW2Oy9R/dmqtDmJiVP97Z4GykxPvwlYHrUXY0iW1R3AR/Ac1NhCTGZMwVDB1
lQIDAQAB
-----END PUBLIC KEY-----"

Output:

{
    "authorizerName": "CustomAuthorizer",
    "authorizerArn": "arn:aws:iot:us-west-2:123456789012:authorizer/CustomAuthorizer2"
}

For more information, see CreateAuthorizer in the AWS IoT API Reference.

Output

authorizerName -> (string)

The authorizer’s name.

authorizerArn -> (string)

The authorizer ARN.