# AWS : aws-cli > 2.0
# CREATE AUTHORIZER !!!
# authorizer-name: Assign an authorizer name
# api-id: Http APIGateway ID
# audience: audience specified by the authorizer
# Issuer: Authorizer URL
aws apigatewayv2 create-authorizer \
--name authorizer-name \
--api-id api-id \
--authorizer-type JWT \
--identity-source '$request.header.Authorization' \
--jwt-configuration Audience=audience,Issuer=https://cognito-idp.us-east-2.amazonaws.com/userPoolID
# ADD LAMBDA (CUSTOM) AUTHORIZER TO ROUTE !!!
# api-id: Http APIGateway ID
# route-id: Gateway Route ID
# authorizer-id: You authorizer ID created by above command
aws apigatewayv2 update-route \
--api-id $api_id \
--route-id $route_id \
--authorization-type "CUSTOM" \
--authorizer-id $auth_id
# ADD JWT AUTHORIZER TO ROUTE !!!
# api-id: Http APIGateway ID
# route-id: Gateway Route ID
# authorizer-id: You authorizer ID created by above command
# authorization-scopes: if authorizer requires extra scopes
aws apigatewayv2 update-route \
--api-id api-id \
--route-id route-id \
--authorization-type JWT \
--authorizer-id authorizer-id \
--authorization-scopes user.email