apigatewayv2: Add authorizer to Websocket API $connect

[michaelgmcd]

Currently, I'm making my websocket authorizer using CfnAuthorizer and CfnPermission (under development now, still not tested):

  new CfnAuthorizer(stack, 'WSAuthorizer', {
    name: 'wsAuthorizer',
    apiId: wsApi.apiId,
    authorizerType: 'REQUEST',
    authorizerUri: `arn:aws:apigateway:${constants.region}:lambda:path/2015-03-31/functions/${lambdas.wsAuth.functionArn}/invocations`,
    identitySource: ['route.request.querystring.token'],
  });

  new CfnPermission(stack, 'ConnectLambdaPermission', {
    action: 'lambda:InvokeFunction',
    functionName: lambdas.wsAuth.functionArn,
    principal: `apigateway.${stack.urlSuffix}`,
  });

Use Case

I'd like to be able to use an authorizer without having to go into the AWS Console.

Proposed Solution

TBD. Looking through the WebSocket API now.

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

---

This is a 🚀 Feature Request

[michaelgmcd]

I was able to get to to work with a patch:

const wsApi = new WebSocketApi(stack, 'wsApi', {
    routeSelectionExpression: '$request.body.action',
    disconnectRouteOptions: {
      integration: new LambdaWebSocketIntegration({
        handler: lambdas.wsDisconnect,
      }),
    },
    defaultRouteOptions: {
      integration: new LambdaWebSocketIntegration({
        handler: lambdas.wsDefault,
      }),
    },
  });

  new WebSocketStage(stack, 'wsStage', {
    webSocketApi: wsApi,
    stageName: 'ws',
    autoDeploy: true,
    domainMapping: { domainName: wsDomainName },
  });

  const wsAuthorizer = new CfnAuthorizer(stack, 'WSAuthorizer', {
    name: 'wsAuthorizer',
    apiId: wsApi.apiId,
    authorizerType: 'REQUEST',
    authorizerUri: `arn:aws:apigateway:${constants.region}:lambda:path/2015-03-31/functions/${lambdas.wsAuth.functionArn}/invocations`,
    identitySource: ['route.request.querystring.token'],
  });

  wsApi.addRoute('$connect', {
    // @ts-ignore
    authorizerId: wsAuthorizer.ref,
    authorizationType: 'CUSTOM',
    integration: new LambdaWebSocketIntegration({
      handler: lambdas.wsConnect,
    }),
  });

node_modules/@aws-cdk/aws-apigatewayv2/lib/websocket/route.js

class WebSocketRoute extends core_1.Resource {
    /**
     * @experimental
     */
    constructor(scope, id, props) {
        super(scope, id);
        this.webSocketApi = props.webSocketApi;
        this.routeKey = props.routeKey;
        const config = props.integration.bind({
            route: this,
            scope: this,
        });
        const integration = props.webSocketApi._addIntegration(this, config);
        const route = new apigatewayv2_generated_1.CfnRoute(this, 'Resource', {
            apiId: props.webSocketApi.apiId,
            routeKey: props.routeKey,
            target: `integrations/${integration.integrationId}`,
            authorizerId: props.authorizerId, // <========================== Added this
            authorizationType: props.authorizationType, // <=================== Added this
        });
        this.routeId = route.ref;
    }
}

[nija-at]

Duplicate of #13869

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.