Nomad Media Authorizer Setup
How to add the Nomad Media Authorizer Lambda to your own AWS API Gateway.
Nomad Media Authorizer Setup
API Gateways in your AWS account can use the existing Nomad Media Authorizer Lambda to secure custom routes. This guide covers setup for both HTTP API Gateway and REST API Gateway.
For a sample Lambda that reads the authorizer attributes, see Event-Driven Workflows.
HTTP API Gateway Setup
Step 1: Create the Authorizer
- Select your HTTP API Gateway and go to Authorization in the left menu
- Select the Manage authorizers tab and click Create
- Select Lambda as the authorizer type
- Give it a name such as
Nomad-Authorizer(allowed characters: letters, numbers,.,_,-) - Select the correct region and choose the Lambda function — it is named something like
nomad-{name}-gw-resources-StrictFunction-{uniqueID} - Under Response mode, select IAM Policy
- Leave caching settings at defaults (or adjust as needed)
- Under Invoke permissions, toggle Automatically grant API Gateway permission to invoke your Lambda Function
- Click Create
Step 2: Configure Parameter Mapping for an Endpoint
- Select your HTTP API Gateway → Integrations in the left menu
- In the Routes section, select the endpoint to configure
- Click Manage integration
- Under Parameter mapping, click Create
- Set Mapping type to All incoming request
- Add the following mappings:
| Parameter to modify | Modification type | Value |
|---|---|---|
header.nomad-email | Overwrite | .authorizer.email |
header.nomad-name | Overwrite | .authorizer.name |
header.nomad-userId | Overwrite | .authorizer.userId |
- Click Create
Step 3: Attach the Authorizer to the Endpoint
- In the Route details view, click Attach authorization
- Under Select existing authorizer, choose the authorizer you created
- Click Attach authorizer
The endpoint is now secured using the Nomad Media Authorizer Lambda.
REST API Gateway Setup
Step 1: Create the Authorizer
- Select your REST API Gateway → Authorizers in the left menu
- Click Create New Authorizer
- Give it a name such as
Nomad-Authorizer - Select Lambda as the type
- Select the correct region and choose the Lambda function (
nomad-{name}-gw-resources-StrictFunction-{uniqueID}) - Leave Lambda Invoke Role empty
- Under Lambda Event Payload, select Token
- Uncheck Authorization Caching
- Click Create
- When the popup appears ("API Gateway needs your permission to invoke your Lambda function"), click Grant & Create
Step 2: Attach the Authorizer to an Endpoint
- Select your REST API Gateway → Resources in the left menu
- Select the route to configure
- Click Method Request
- Under Settings, click the edit button next to Authorization, select your authorizer, and click the checkmark to save
- Go back to Method execution by clicking the link
- Click Integration Request
- Ensure Use Lambda Proxy Integration is checked
- Deploy the REST API Gateway to your stage to apply changes