So this is my SAM template:

webApi:
    Type: AWS::Serverless::Api
    Properties:
      Auth:
        DefaultAuthorizer: CognitoAuthorizer
        Authorizers:
          CognitoAuthorizer:
            UserPoolArn: !GetAtt myUserPool.Arn
        AddDefaultAuthorizerToCorsPreflight: false
      Cors:
        AllowMethods: "'*'"
        AllowHeaders: "'*'"
        AllowOrigin: "'*'"
      StageName: !Ref Environment
      DefinitionBody:
        swagger: "2.0"
        info:
          title:
            Ref: AWS::StackName
        paths:
        /path/one:
            post:
              responses: {}
              x-amazon-apigateway-integration:
                uri: myFunction.Arn
                httpMethod: "POST"
                type: "aws_proxy"
          /path/two:
            post:
              responses: {}
              x-amazon-apigateway-integration:
                uri: myFunction.Arn
                httpMethod: "POST"
                type: "aws_proxy"

How can I make the path/two an non authenticated route? I tried to google but there was nothing.

If possible I don't want to create another API Gateway. I would like to do it within the same resource.

In AWS SAM template, to disable security for specific endpoints in the DefinitionBody, what worked for me is the following:

 swagger: "2.0"
        info:
          title:
            Ref: AWS::StackName
        paths:
          /path/one:
            post:
              security:
                - NONE: []

As OpenAPI, you can use security: [] to disable auth in some path.

Refer:

https://github.com/zalando/connexion/issues/944 https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-body