The CDK Construct Library for AWS::AppSync
Project description
AWS AppSync Construct Library
---
All classes with the
Cfnprefix in this module (CFN Resources) are always stable and safe to use.
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
The @aws-cdk/aws-appsync package contains constructs for building flexible
APIs that use GraphQL.
Example
Example of a GraphQL API with AWS_IAM authorization resolving into a DynamoDb
backend data source.
GraphQL schema file schema.graphql:
type demo {
id: String!
version: String!
}
type Query {
getDemos: [ test! ]
}
input DemoInput {
version: String!
}
type Mutation {
addDemo(input: DemoInput!): demo
}
CDK stack file app-stack.ts:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_appsync as appsync
import aws_cdk.aws_dynamodb as db
api = appsync.GraphQLApi(stack, "Api",
name="demo",
schema_definition=appsync.SchemaDefinition.FILE,
schema_definition_file=join(__dirname, "schema.graphql"),
authorization_config=AuthorizationConfig(
default_authorization=AuthorizationMode(
authorization_type=appsync.AuthorizationType.IAM
)
),
xray_enabled=True
)
demo_table = db.Table(stack, "DemoTable",
partition_key=Attribute(
name="id",
type=AttributeType.STRING
)
)
demo_dS = api.add_dynamo_db_data_source("demoDataSource", "Table for Demos\"", demo_table)
# Resolver for the Query "getDemos" that scans the DyanmoDb table and returns the entire list.
demo_dS.create_resolver(
type_name="Query",
field_name="getDemos",
request_mapping_template=MappingTemplate.dynamo_db_scan_table(),
response_mapping_template=MappingTemplate.dynamo_db_result_list()
)
# Resolver for the Mutation "addDemo" that puts the item into the DynamoDb table.
demo_dS.create_resolver(
type_name="Mutation",
field_name="addDemo",
request_mapping_template=MappingTemplate.dynamo_db_put_item(PrimaryKey.partition("id").auto(), Values.projecting("demo")),
response_mapping_template=MappingTemplate.dynamo_db_result_item()
)
Permissions
When using AWS_IAM as the authorization type for GraphQL API, an IAM Role
with correct permissions must be used for access to API.
When configuring permissions, you can specify specific resources to only be
accessible by IAM authorization. For example, if you want to only allow mutability
for IAM authorized access you would configure the following.
In schema.graphql:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
type Mutation {
updateExample(...): ...@aws_iam
In IAM:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"appsync:GraphQL"
],
"Resource": [
"arn:aws:appsync:REGION:ACCOUNT_ID:apis/GRAPHQL_ID/types/Mutation/fields/updateExample"
]
}
]
}
See documentation for more details.
To make this easier, CDK provides grant API.
Use the grant function for more granular authorization.
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
role = iam.Role(stack, "Role",
assumed_by=iam.ServicePrincipal("lambda.amazonaws.com")
)
api = appsync.GraphQLApi(stack, "API",
definition=definition
)
api.grant(role, appsync.IamResource.custom("types/Mutation/fields/updateExample"), "appsync:GraphQL")
IamResource
In order to use the grant functions, you need to use the class IamResource.
IamResource.custom(...arns)permits custom ARNs and requires an argument.IamResouce.ofType(type, ...fields)permits ARNs for types and their fields.IamResource.all()permits ALL resources.
Generic Permissions
Alternatively, you can use more generic grant functions to accomplish the same usage.
These include:
- grantMutation (use to grant access to Mutation fields)
- grantQuery (use to grant access to Query fields)
- grantSubscription (use to grant access to Subscription fields)
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
# For generic types
api.grant_mutation(role, "updateExample")
# For custom types and granular design
api.grant(role, appsync.IamResource.of_type("Mutation", "updateExample"), "appsync:GraphQL")
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws-cdk.aws-appsync-1.58.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 86ca282510584766cba464b33127f449e68db795365c7f7ec89c121ff0813466 |
|
| MD5 | 4f90ffe80e3e8e90f1331d1b5b51c03b |
|
| BLAKE2b-256 | a35148ba00f3a3d2fdd5dcf63b17363156b6f98307178c2cd71f0745614554d2 |
Hashes for aws_cdk.aws_appsync-1.58.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 559ebad7129507485603bdf340d303c9f9decb82108bca5c3555971e1015d708 |
|
| MD5 | 4a5134409bd6f39755f346d3cffb8418 |
|
| BLAKE2b-256 | 634b8ba0168fb967b0d88888bce0d1fbf220fa0f2437f08cbdc1adbb88a1a56f |
