Resources:
  MyApiWithoutAuth:
    Type: AWS::Serverless::Api
    Properties:
      StageName: Prod

  MyFunctionWithAwsIamAuth:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: s3://bucket/key
      Handler: index.handler
      Runtime: nodejs12.x
      Events:
        MyApiWithAwsIamAuth:
          Type: Api
          Properties:
            RestApiId: !Ref MyApiWithoutAuth
            Path: /
            Method: get
            Auth:
              Authorizer: AWS_IAM
        MyApiWithAwsIamAuthAndCustomInvokeRole:
          Type: Api
          Properties:
            RestApiId: !Ref MyApiWithoutAuth
            Path: /
            Method: post
            Auth:
              Authorizer: AWS_IAM
              InvokeRole: !Sub arn:${AWS::Partition}:iam::123:role/AUTH_AWS_IAM
        MyApiWithAwsIamAuthAndDefaultInvokeRole:
          Type: Api
          Properties:
            RestApiId: !Ref MyApiWithoutAuth
            Path: /
            Method: put
            Auth:
              Authorizer: AWS_IAM
              InvokeRole: CALLER_CREDENTIALS
        MyApiWithAwsIamAuthAnyMethod:
          Type: Api
          Properties:
            RestApiId: !Ref MyApiWithoutAuth
            Path: /any/one
            Method: any
            Auth:
              Authorizer: AWS_IAM
        MyApiWithAwsIamAuthAndCustomInvokeRoleAnyMethod:
          Type: Api
          Properties:
            RestApiId: !Ref MyApiWithoutAuth
            Path: /any/two
            Method: any
            Auth:
              Authorizer: AWS_IAM
              InvokeRole: !Sub arn:${AWS::Partition}:iam::123:role/AUTH_AWS_IAM
        MyApiWithAwsIamAuthAndDefaultInvokeRoleAnyMethod:
          Type: Api
          Properties:
            RestApiId: !Ref MyApiWithoutAuth
            Path: /any/three
            Method: any
            Auth:
              Authorizer: AWS_IAM
              InvokeRole: CALLER_CREDENTIALS