- By Gojko Adzic
claudia 1.5.0 is now on NPM, bringing support for setting custom API call credentials and passing on caller credentials with IAM and STS (thanks to Conor Dockry).
By default, API Gateway requests will execute under the credentials of the user who created the API. You can make the API execute under the credentials of a particular user/IAM role, or pass the caller credentials to the underlying Lambda function by setting the invokeWithCredentials flag. Set it to a IAM ARN to use a particular set of credentials, or to true to pass caller credentials. If you use this flag, the authorizationType is automatically set to AWS_IAM, so you don’t need to specify it separately.
To use this method, just configure the request processor by adding an authorizationType field, with the value of AWS_IAM – here’s an example:
// use caller credentials
api.get('/hello', function (request) {...}, {invokeWithCredentials: true} );
// use specific credentials
api.get('/hello', function (request) {...}, {invokeWithCredentials: 'arn:aws:iam::123456789012:role/apigAwsProxyRole'} );Another important change in this release is a bugfix for requests with quotes in header values. Two notable examples when this could happen are Ajax requests originating from a page with a quote in the URL, and a dynamic path parameter with a quote in the name (eg /people/O'Harra). The mapping templates we used before this release did not handle such requests properly, but they now work OK.
Interested in Claudia.js? Get notified when we release a new version.
Low-volume, high value mailing list, no ads or spam.