This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::IoT::Authorizer Specifies an authorizer. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Authorizer", "Properties" : { "[AuthorizerFunctionArn](#cfn-iot-authorizer-authorizerfunctionarn)" : String, "[AuthorizerName](#cfn-iot-authorizer-authorizername)" : String, "[EnableCachingForHttp](#cfn-iot-authorizer-enablecachingforhttp)" : Boolean, "[SigningDisabled](#cfn-iot-authorizer-signingdisabled)" : Boolean, "[Status](#cfn-iot-authorizer-status)" : String, "[Tags](#cfn-iot-authorizer-tags)" : [ Tag, ... ], "[TokenKeyName](#cfn-iot-authorizer-tokenkeyname)" : String, "[TokenSigningPublicKeys](#cfn-iot-authorizer-tokensigningpublickeys)" : {Key: Value, ...} } } ``` ### YAML ``` Type: AWS::IoT::Authorizer Properties: [AuthorizerFunctionArn](#cfn-iot-authorizer-authorizerfunctionarn): String [AuthorizerName](#cfn-iot-authorizer-authorizername): String [EnableCachingForHttp](#cfn-iot-authorizer-enablecachingforhttp): Boolean [SigningDisabled](#cfn-iot-authorizer-signingdisabled): Boolean [Status](#cfn-iot-authorizer-status): String [Tags](#cfn-iot-authorizer-tags): - Tag [TokenKeyName](#cfn-iot-authorizer-tokenkeyname): String [TokenSigningPublicKeys](#cfn-iot-authorizer-tokensigningpublickeys): Key: Value ``` ## Properties `AuthorizerFunctionArn` The authorizer's Lambda function ARN. *Required*: Yes *Type*: String *Pattern*: `[\s\S]*` *Maximum*: `2048` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `AuthorizerName` The authorizer name. *Required*: No *Type*: String *Pattern*: `[\w=,@-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EnableCachingForHttp` When `true`, the result from the authorizer's Lambda function is cached for clients that use persistent HTTP connections. The results are cached for the time specified by the Lambda function in `refreshAfterInSeconds`. This value doesn't affect authorization of clients that use MQTT connections. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SigningDisabled` Specifies whether AWS IoT validates the token signature in an authorization request. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Status` The status of the authorizer. Valid values: `ACTIVE` \$1 `INACTIVE` *Required*: No *Type*: String *Allowed values*: `ACTIVE | INACTIVE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Metadata which can be used to manage the custom authorizer. For URI Request parameters use format: ...key1=value1&key2=value2... For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..." For the cli-input-json file use format: "tags": "key1=value1&key2=value2..." *Required*: No *Type*: Array of [Tag](aws-properties-iot-authorizer-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TokenKeyName` The key used to extract the token from the HTTP headers. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9_-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TokenSigningPublicKeys` The public keys used to validate the token signature returned by your custom authentication service. *Required*: No *Type*: Object of String *Pattern*: `[a-zA-Z0-9:_-]+` *Maximum*: `5120` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the authorizer name. For example: `{ "Ref": "MyAuthorizer" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the authorizer. # AWS::IoT::Authorizer Tag A set of key/value pairs that are used to manage the resource. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-iot-authorizer-tag-key)" : String, "[Value](#cfn-iot-authorizer-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-iot-authorizer-tag-key): String [Value](#cfn-iot-authorizer-tag-value): String ``` ## Properties `Key` The tag's key. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag's value. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)