Resolves the key name through a custom authorizer and maps the actual name into the lambda context.

authorizer.js

const AWS = require("aws-sdk");
const APIGATEWAY = new AWS.APIGateway();

exports.handler = async (event, context) => {
  var apiKey = event.authorizationToken;

  //open arn for the whole API including all methods
  let arn = event.methodArn.replace(/\/prod\/.*/,'/prod/*/*')
  let keyname = 'unknown';
  
  //get all api key
  var params = { includeValues: true, limit: 500};
  let keys = await APIGATEWAY.getApiKeys(params).promise();
  for(let idx=0;idx<keys.items.length;idx++){
    let item = keys.items[idx];
    if(item.value==apiKey){
      keyname=item.name;
      break;
    }
  }
  //allow access
  let policy ={
    principalId: keyname,
    policyDocument: {
      Version: '2012-10-17',
      Statement:[{
        Effect: 'Allow',
        Action: 'execute-api:Invoke',
        Resource: arn
      }]
    },
    context: {
      apikey: keyname
    }
  }
  console.log(JSON.stringify(policy));
  return policy;
};