# AWS : aws-cli > 2.0

# CREATE AUTHORIZER !!!
# authorizer-name: Assign an authorizer name
# api-id: Http APIGateway ID
# audience: audience specified by the authorizer
# Issuer: Authorizer URL
aws apigatewayv2 create-authorizer \
    --name authorizer-name \
    --api-id api-id \
    --authorizer-type JWT \
    --identity-source '$request.header.Authorization' \
    --jwt-configuration Audience=audience,Issuer=https://cognito-idp.us-east-2.amazonaws.com/userPoolID


    # ADD LAMBDA (CUSTOM) AUTHORIZER TO ROUTE !!!
# api-id: Http APIGateway ID
# route-id: Gateway Route ID
# authorizer-id: You authorizer ID created by above command    
aws apigatewayv2 update-route \
   --api-id $api_id  \
   --route-id $route_id  \
   --authorization-type "CUSTOM" \
   --authorizer-id $auth_id    

   
# ADD JWT AUTHORIZER TO ROUTE !!!
# api-id: Http APIGateway ID
# route-id: Gateway Route ID
# authorizer-id: You authorizer ID created by above command
# authorization-scopes: if authorizer requires extra scopes
aws apigatewayv2 update-route \
   --api-id api-id  \
   --route-id route-id  \
   --authorization-type JWT \
   --authorizer-id authorizer-id \
   --authorization-scopes user.email