Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
AWS events httpApi authorizer: removing existing event authorizer does not remove it from API Gateway
See original GitHub issueQ1: Describe the issue
When removing an existing httpApi event authorizer, it does not actually remove the authorizer from the API Gateway. However, removing it manually through the AWS Console works as anticipated and subsequent deployments does not add it back.
Q2: Provide (in below placeholder) FULL content of serverless.yml, ensuring that: • It consistently reproduces described issue • It’s as minimal as possible • There’s no plugins involved (plugin related issues need to be reported at plugin repositories) • Has sensitive parts masked out
serverless.yml
service:
name: my-api
provider:
name: aws
runtime: nodejs12.x
stage: ${opt:stage, 'dev'}
region: us-east-1
memorySize: 128
logRetentionInDays: 7
timeout: 28
versionFunctions: false
httpApi:
authorizers:
userAuthorizer:
identitySource: $request.header.Authorization
issuerUrl:
Fn::Join:
- ""
- - "https://cognito-idp."
- "${opt:region, self:provider.region}"
- ".amazonaws.com/"
- Ref: UserPool
audience:
- Ref: UserPoolClient
cors: true
resources:
Resources:
HttpApi:
DependsOn: UserPool
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: ${self:service}-${self:provider.stage}
UsernameAttributes:
- email
UsernameConfiguration:
CaseSensitive: false
AutoVerifiedAttributes:
- email
Policies:
PasswordPolicy:
RequireLowercase: false
RequireSymbols: false
RequireNumbers: false
MinimumLength: 6
RequireUppercase: false
Schema:
- Name: given_name
AttributeDataType: String
Mutable: true
- Name: family_name
AttributeDataType: String
Mutable: true
- Name: email
AttributeDataType: String
Mutable: true
Required: true
UserPoolDomain:
Type: AWS::Cognito::UserPoolDomain
Properties:
Domain: ${self:service}-${self:provider.stage}
UserPoolId: !Ref UserPool
UserPoolClient:
Type: AWS::Cognito::UserPoolClient
Properties:
ClientName: ${self:service}-${self:provider.stage}
ExplicitAuthFlows:
- ALLOW_USER_PASSWORD_AUTH
- ALLOW_CUSTOM_AUTH
- ALLOW_USER_SRP_AUTH
- ALLOW_REFRESH_TOKEN_AUTH
UserPoolId: !Ref UserPool
CallbackURLs:
- http://localhost:3000
AllowedOAuthFlows:
- implicit
AllowedOAuthFlowsUserPoolClient: true
AllowedOAuthScopes:
- email
- openid
- profile
- aws.cognito.signin.user.admin
SupportedIdentityProviders:
- COGNITO
functions:
hello:
handler: functions/hello.index
events:
- httpApi:
authorizer: userAuthorizer
method: get
path: /hello
changing functions to this will show the issue after a deployment:
functions:
hello:
handler: functions/hello.index
events:
- httpApi:
method: get
path: /hello
Installed version
Framework Core: 2.15.0 (local)
Plugin: 4.2.0
SDK: 2.3.2
Components: 3.4.3
Issue Analytics
- State:
- Created 3 years ago
- Reactions:6
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
This issue seems to be more than just removing authorizers and CORS settings. Having removed both of these things manually because Serverless was not doing it, I then tried adding them back using Serverless. This also failed to work. Serverless reported that the update was successful but the CORS settings and authorizer had not actually been applied.
Any news on this? I still see this happening, at least for removing an authorizer for a function…
Deploy X function with Y authorizer – works Removing Y authorizer from code and then deploying: X function STILL has the authorizer attached.