I have a problem with policy size of jwt authorizer lambda function so I want to reduce policy size by config serverless.yml file to generate policy using wildcard(*) instead. Can I set global authorizer for all functions in serverless.yml.
Here is my example of Resource-based policy
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-abcdefg123"
}
}
},
{
"Sid": "2",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-abcdefg456"
}
}
},
I want to change it like this.
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:ap-southeast-1-jwtAuthorizer",
"Condition": {
"ArnLike": {
"AWS:SourceArn": "arn:aws:execute-api:ap-southeast-1-*"
}
}
}
Example of serverless.yml file. I set authorizer for each function. I want to change it to global one.
functions:
searchByProvince:
handler: handler.searchByProvince
reservedConcurrency: 10
events:
- http:
path: /
method: get
cors:
origin: "*"
authorizer:
arn: arn:aws:lambda:${self:provider.region}:${self:custom.accountId}:jwtAuthorizer
province:
handler: handler.province
reservedConcurrency: 10
events:
- http:
path: /provinces
method: get
cors:
origin: "*"
authorizer:
arn: arn:aws:lambda:${self:provider.region}:${self:custom.accountId}:-${self:provider.stage}-jwtAuthorizer