aws
diff --git a/‎api_with_auth_explicit_no_default.yaml
+147 b/‎api_with_auth_explicit_no_default.yaml
+147
diff --git a/‎samtranslator/internal/schema_source/aws_serverless_api.py
+2-1 b/‎samtranslator/internal/schema_source/aws_serverless_api.py
+2-1
diff --git a/‎samtranslator/internal/schema_source/common.py
+2 b/‎samtranslator/internal/schema_source/common.py
+2
diff --git a/‎samtranslator/model/api/api_generator.py
+2-2 b/‎samtranslator/model/api/api_generator.py
+2-2
diff --git a/‎samtranslator/schema/schema.json
+15-2 b/‎samtranslator/schema/schema.json
+15-2
diff --git a/‎schema_source/sam.schema.json
+15-2 b/‎schema_source/sam.schema.json
+15-2
diff --git a/‎tests/translator/input/api_with_auth_explicit_inline_no_default.yaml
+144 b/‎tests/translator/input/api_with_auth_explicit_inline_no_default.yaml
+144
@@ -0,0 +1,147 @@
+Resources:
+  MyApiWithCognitoAuth:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      Auth:
+        DefaultAuthorizer:
+          Ref: AWS::NoValue
+        Authorizers:
+          MyCognitoAuth:
+            UserPoolArn: !GetAtt MyUserPool.Arn
+
+  MyApiWithLambdaTokenAuth:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      Auth:
+        DefaultAuthorizer:
+          Ref: AWS::NoValue
+        Authorizers:
+          MyLambdaTokenAuth:
+            FunctionArn: !GetAtt MyAuthFn.Arn
+
+  MyApiWithLambdaRequestAuth:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      Auth:
+        DefaultAuthorizer:
+          Ref: AWS::NoValue
+        Authorizers:
+          MyLambdaRequestAuth:
+            FunctionPayloadType: REQUEST
+            FunctionArn: !GetAtt MyAuthFn.Arn
+            Identity:
+              Headers:
+                - Authorization1
+  MyAuthFn:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://bucket/key
+      Handler: index.handler
+      Runtime: nodejs12.x
+  MyFn:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://bucket/key
+      Handler: index.handler
+      Runtime: nodejs12.x
+      Events:
+        CognitoNoAuth:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: get
+            Path: /cognito/no-auth
+        CognitoNoAuthAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: any
+            Path: /cognito/any/no-auth
+        Cognito:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: get
+            Path: /any/cognito
+            Auth:
+              Authorizer: MyCognitoAuth
+        CognitoAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: any
+            Path: /any/cognito
+            Auth:
+              Authorizer: MyCognitoAuth
+        LambdaTokenNoAuth:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaTokenAuth
+            Method: get
+            Path: /lambda-token/no-auth
+        LambdaTokenNoAuthAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaTokenAuth
+            Method: any
+            Path: /lambda-token/any/no-auth
+        LambdaToken:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaTokenAuth
+            Method: get
+            Path: /lambda-token
+            Auth:
+              Authorizer: MyLambdaTokenAuth
+        LambdaTokenAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaTokenAuth
+            Method: any
+            Path: /any/lambda-token
+            Auth:
+              Authorizer: MyLambdaTokenAuth
+        LambdaRequestNoAuth:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaRequestAuth
+            Method: get
+            Path: /lambda-request/no-auth
+        LambdaRequestNoAuthAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaRequestAuth
+            Method: any
+            Path: /lambda-request/any/no-auth
+        LambdaRequest:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaRequestAuth
+            Method: get
+            Path: /lambda-request
+            Auth:
+              Authorizer: MyLambdaRequestAuth
+        LambdaRequestAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaRequestAuth
+            Method: any
+            Path: /any/lambda-request
+            Auth:
+              Authorizer: MyLambdaRequestAuth
+  MyUserPool:
+    Type: AWS::Cognito::UserPool
+    Properties:
+      UserPoolName: UserPoolName
+      Policies:
+        PasswordPolicy:
+          MinimumLength: 8
+      UsernameAttributes:
+        - email
+      Schema:
+        - AttributeDataType: String
+          Name: email
+          Required: false
@@ -11,6 +11,7 @@
     PassThroughProp,
     ResourceAttributes,
     SamIntrinsicable,
+    SamIntrinsicableOrNoValue,
     get_prop,
     passthrough_prop,
 )
@@ -119,7 +120,7 @@ class Auth(BaseModel):
             ],
         ]
     ] = auth("Authorizers")
-    DefaultAuthorizer: Optional[str] = auth("DefaultAuthorizer")
+    DefaultAuthorizer: Optional[SamIntrinsicableOrNoValue[str]] = auth("DefaultAuthorizer")
     InvokeRole: Optional[str] = auth("InvokeRole")
     ResourcePolicy: Optional[ResourcePolicy] = auth("ResourcePolicy")
     UsagePlan: Optional[UsagePlan] = auth("UsagePlan")
 
@@ -23,6 +23,8 @@ class PassThroughProp(pydantic.BaseModel):
 T = TypeVar("T")
 SamIntrinsicable = Union[Dict[str, Any], T]
 SamIntrinsic = Dict[str, Any]
+SamIntrinsicNoValue = Dict[Literal["Ref"], Literal["AWS::NoValue"]]
+SamIntrinsicableOrNoValue = Union[SamIntrinsicNoValue, T]
 
 # TODO: Get rid of this in favor of proper types
 Unknown = Optional[Any]
 
@@ -23,7 +23,7 @@
     InvalidResourceException,
     InvalidTemplateException,
 )
-from samtranslator.model.intrinsics import fnGetAtt, fnSub, is_intrinsic, make_or_condition, ref
+from samtranslator.model.intrinsics import fnGetAtt, fnSub, is_intrinsic, is_intrinsic_no_value, make_or_condition, ref
 from samtranslator.model.lambda_ import LambdaPermission
 from samtranslator.model.route53 import Route53RecordSetGroup
 from samtranslator.model.s3_utils.uri_parser import parse_s3_uri
@@ -1288,7 +1288,7 @@ def _set_default_authorizer(
         default_authorizer: str,
         add_default_auth_to_preflight: bool = True,
     ) -> None:
-        if not default_authorizer:
+        if is_intrinsic_no_value(default_authorizer) or not default_authorizer:
             return
 
         if not isinstance(default_authorizer, str):
 
@@ -247480,9 +247480,22 @@
           "type": "object"
         },
         "DefaultAuthorizer": {
+          "anyOf": [
+            {
+              "additionalProperties": {
+                "enum": [
+                  "AWS::NoValue"
+                ],
+                "type": "string"
+              },
+              "type": "object"
+            },
+            {
+              "type": "string"
+            }
+          ],
           "markdownDescription": "Specify a default authorizer for an API Gateway API, which will be used for authorizing API calls by default\\.  \nIf the Api EventSource for the function associated with this API is configured to use IAM Permissions, then this property must be set to `AWS_IAM`, otherwise an error will result\\.\n*Type*: String  \n*Required*: No  \n*Default*: None  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.",
-          "title": "DefaultAuthorizer",
-          "type": "string"
+          "title": "DefaultAuthorizer"
         },
         "InvokeRole": {
           "markdownDescription": "Sets integration credentials for all resources and methods to this value\\.  \n`CALLER_CREDENTIALS` maps to `arn:aws:iam::*:user/*`, which uses the caller credentials to invoke the endpoint\\.  \n*Valid values*: `CALLER_CREDENTIALS`, `NONE`, `IAMRoleArn`  \n*Type*: String  \n*Required*: No  \n*Default*: `CALLER_CREDENTIALS`  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.",
 
@@ -3422,9 +3422,22 @@
           "type": "object"
         },
         "DefaultAuthorizer": {
+          "anyOf": [
+            {
+              "additionalProperties": {
+                "enum": [
+                  "AWS::NoValue"
+                ],
+                "type": "string"
+              },
+              "type": "object"
+            },
+            {
+              "type": "string"
+            }
+          ],
           "markdownDescription": "Specify a default authorizer for an API Gateway API, which will be used for authorizing API calls by default\\.  \nIf the Api EventSource for the function associated with this API is configured to use IAM Permissions, then this property must be set to `AWS_IAM`, otherwise an error will result\\.\n*Type*: String  \n*Required*: No  \n*Default*: None  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.",
-          "title": "DefaultAuthorizer",
-          "type": "string"
+          "title": "DefaultAuthorizer"
         },
         "InvokeRole": {
           "markdownDescription": "Sets integration credentials for all resources and methods to this value\\.  \n`CALLER_CREDENTIALS` maps to `arn:aws:iam::*:user/*`, which uses the caller credentials to invoke the endpoint\\.  \n*Valid values*: `CALLER_CREDENTIALS`, `NONE`, `IAMRoleArn`  \n*Type*: String  \n*Required*: No  \n*Default*: `CALLER_CREDENTIALS`  \n*AWS CloudFormation compatibility*: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent\\.",
 
@@ -0,0 +1,144 @@
+Resources:
+  MyApiWithCognitoAuth:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      Auth:
+        DefaultAuthorizer: !Ref AWS::NoValue
+        Authorizers:
+          MyCognitoAuth:
+            UserPoolArn: !GetAtt MyUserPool.Arn
+
+  MyApiWithLambdaTokenAuth:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      Auth:
+        DefaultAuthorizer: !Ref AWS::NoValue
+        Authorizers:
+          MyLambdaTokenAuth:
+            FunctionArn: !GetAtt MyAuthFn.Arn
+
+  MyApiWithLambdaRequestAuth:
+    Type: AWS::Serverless::Api
+    Properties:
+      StageName: Prod
+      Auth:
+        DefaultAuthorizer: !Ref AWS::NoValue
+        Authorizers:
+          MyLambdaRequestAuth:
+            FunctionPayloadType: REQUEST
+            FunctionArn: !GetAtt MyAuthFn.Arn
+            Identity:
+              Headers:
+              - Authorization1
+  MyAuthFn:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://bucket/key
+      Handler: index.handler
+      Runtime: nodejs12.x
+  MyFn:
+    Type: AWS::Serverless::Function
+    Properties:
+      CodeUri: s3://bucket/key
+      Handler: index.handler
+      Runtime: nodejs12.x
+      Events:
+        CognitoNoAuth:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: get
+            Path: /cognito/no-auth
+        CognitoNoAuthAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: any
+            Path: /cognito/any/no-auth
+        Cognito:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: get
+            Path: /any/cognito
+            Auth:
+              Authorizer: MyCognitoAuth
+        CognitoAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithCognitoAuth
+            Method: any
+            Path: /any/cognito
+            Auth:
+              Authorizer: MyCognitoAuth
+        LambdaTokenNoAuth:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaTokenAuth
+            Method: get
+            Path: /lambda-token/no-auth
+        LambdaTokenNoAuthAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaTokenAuth
+            Method: any
+            Path: /lambda-token/any/no-auth
+        LambdaToken:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaTokenAuth
+            Method: get
+            Path: /lambda-token
+            Auth:
+              Authorizer: MyLambdaTokenAuth
+        LambdaTokenAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaTokenAuth
+            Method: any
+            Path: /any/lambda-token
+            Auth:
+              Authorizer: MyLambdaTokenAuth
+        LambdaRequestNoAuth:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaRequestAuth
+            Method: get
+            Path: /lambda-request/no-auth
+        LambdaRequestNoAuthAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaRequestAuth
+            Method: any
+            Path: /lambda-request/any/no-auth
+        LambdaRequest:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaRequestAuth
+            Method: get
+            Path: /lambda-request
+            Auth:
+              Authorizer: MyLambdaRequestAuth
+        LambdaRequestAnyMethod:
+          Type: Api
+          Properties:
+            RestApiId: !Ref MyApiWithLambdaRequestAuth
+            Method: any
+            Path: /any/lambda-request
+            Auth:
+              Authorizer: MyLambdaRequestAuth
+  MyUserPool:
+    Type: AWS::Cognito::UserPool
+    Properties:
+      UserPoolName: UserPoolName
+      Policies:
+        PasswordPolicy:
+          MinimumLength: 8
+      UsernameAttributes:
+      - email
+      Schema:
+      - AttributeDataType: String
+        Name: email
+        Required: false