In real-world projects, you may already have a centralized Lambda Authorizer. Instead of duplicating the code, you can reuse that existing authorizer in new APIs.
In this post, we’ll create a new SAM project with an API Gateway, and configure it to use an external Lambda Authorizer by referencing its ARN.
Step 1: Define Parameters for the Authorizer ARN
In template.yaml, add a Parameter for the Lambda Authorizer ARN:
Parameters: AuthorizerLambdaArn: Type: String Description: ARN of the external Lambda Authorizer This makes your SAM stack reusable — you can pass in the ARN during deployment.
🌐 Step 2: Add an API Gateway with Authorizer
Update template.yaml:
Resources: MyApi: Type: AWS::Serverless::Api Properties: Name: ExternalAuthorizerApi StageName: dev Auth: DefaultAuthorizer: MyLambdaAuthorizer Authorizers: MyLambdaAuthorizer: FunctionArn: !Ref AuthorizerLambdaArn Identity: Header: Authorization HelloFunction: Type: AWS::Serverless::Function Properties: CodeUri: src/ Handler: handler.main Runtime: nodejs20.x Events: ApiEvent: Type: Api Properties: Path: /hello Method: get RestApiId: !Ref MyApi Here’s what’s happening:
Auth section of MyApi references the external Lambda Authorizer ARN.
HelloFunction is protected automatically since the API has a default authorizer.
📚 Conclusion
By referencing an external Lambda Authorizer in your template.yaml, you can:
Reuse existing centralized authorization logic
Keep new APIs secure without duplicating code
Maintain a clean and consistent authentication strategy
Top comments (0)