Globals:
  HttpApi:
    Auth:
      EnableIamAuthorizer: true
Resources:
  #######
  # Serverless function that use the implicit AWS::Serverless::HttpApi called "ServerlessHttpApi".
  # IAM Authorizer of the implicit AWS::Serverless::HttpApi is enabled using the global above.
  #######
  MyLambdaFunction:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs14.x
      CodeUri: ${codeuri}
      Events:
        # The following events use the implicit AWS::Serverless::HttpApi called "ServerlessHttpApi".
        # The Iam Authorizer of the implicit AWS::Serverless::HttpApi is enabled using the global above.
        # Should not have any auth enabled because there is no one set as the default.
        ImplicitApiDefaultAuthEvent:
          Type: HttpApi
          Properties:
            Path: /default-auth
            Method: GET
        # Should have Iam auth as it is set here.
        ImplicitApiIamAuthEvent:
          Type: HttpApi
          Properties:
            Auth:
              Authorizer: AWS_IAM
            Path: /iam-auth
            Method: GET

        # The following events use the defined AWS::Serverless::HttpApi further down.
        # Should not have any auth enabled.
        MyDefaultIamAuthHttpApiNoAuthEvent:
          Type: HttpApi
          Properties:
            ApiId:
              Ref: MyDefaultIamAuthHttpApi
            Auth:
              Authorizer: NONE
            Path: /no-auth
            Method: GET
        # Should have Iam auth as it is set as the default for the Api.
        MyDefaultIamAuthHttpApiDefaultAuthEvent:
          Type: HttpApi
          Properties:
            ApiId:
              Ref: MyDefaultIamAuthHttpApi
            Path: /default-auth
            Method: GET
        # Should have Iam auth as it is set here.
        MyDefaultIamAuthHttpApiIamAuthEvent:
          Type: HttpApi
          Properties:
            ApiId:
              Ref: MyDefaultIamAuthHttpApi
            Auth:
              Authorizer: AWS_IAM
            Path: /iam-auth
            Method: GET
        # The following events use the defined AWS::Serverless::HttpApi further down.
        # Should not have any auth enabled because there is no one set as the default.
        MyIamAuthEnabledHttpApiDefaultAuthEvent:
          Type: HttpApi
          Properties:
            ApiId:
              Ref: MyIamAuthEnabledHttpApi
            Path: /default-auth
            Method: GET
        # Should have Iam auth as it is set here.
        MyIamAuthEnabledHttpApiIamAuthEvent:
          Type: HttpApi
          Properties:
            ApiId:
              Ref: MyIamAuthEnabledHttpApi
            Auth:
              Authorizer: AWS_IAM
            Path: /iam-auth
            Method: GET

  # HTTP API resource with the Iam authorizer enabled and set to the default.
  MyDefaultIamAuthHttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      Auth:
        EnableIamAuthorizer: true
        DefaultAuthorizer: AWS_IAM

  # HTTP API resource with the Iam authorizer enabled and NOT set to the default.
  MyIamAuthEnabledHttpApi:
    Type: AWS::Serverless::HttpApi
    Properties:
      Auth:
        EnableIamAuthorizer: true
Metadata:
  SamTransformTest: true