Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can I specify IAM user credentials for use in authenticating an AppSync API?

See original GitHub issue

I am using Amplify to connect to an existing AppSync API from an automated device running node. This is not a front-end client, so I want to be able to connect using an IAM user’s security credentials.

I’m using the following code to confiture Amplify and make a GraphQL query, however I can’t find any documentation on how to pass the access key ID and secret access key to Amplify.configure().

const Amplify = require('aws-amplify').default
const { graphql } = require('aws-amplify')
const gql = require('aws-amplify').graphqlOperation

const queries = require('./queries')

const config = {
  aws_appsync_graphqlEndpoint: process.env.GRAPHQL_ENDPOINT,
  aws_appsync_region: process.env.AWS_REGION,
  aws_appsync_authenticationType: 'AWS_IAM',
  // What properties go here?
}

Amplify.configure(config)
graphql(gql(queries.testQuery, { key: 'value' }))
  .then((data) => {
    // Do something with result
  })

I’m currently getting the following messages:

Warning: 05:12:45 API - ensure credentials error: No Cognito Federated Identity pool provided Error: No credentials

Is it possible to connect with IAM security credentials directly, rather than a Cognito Identity Pool? What properties can be passed to Amplify.configure() in my config object to achieve this?

Issue Analytics

State:
Created 4 years ago
Comments:15 (3 by maintainers)

Top GitHub Comments

1reaction

kumishidacommented, Oct 31, 2020

@kumishida This might help.

const aws = require('aws-sdk')
const urlParse = require('url').URL
const appsyncUrl = process.env.API_APPNAME_GRAPHQLAPIENDPOINTOUTPUT
const endpoint = new urlParse(appsyncUrl).hostname.toString()

const region = 'YOUR_REGION'

aws.config.update({
	region: region,
	credentials: new aws.Credentials({
		accessKeyId: 'YOUR_ACCESS_ID',
		secretAccessKey: 'YOUR_SECRET_KEY'
	})
})

Thanks you for your suggestion! After update AWS config, I need to use AWSAppSyncClient to initialize. Here is my config:

import { AWSAppSyncClient, AUTH_TYPE } from 'aws-appsync';
import awsConfig from '../aws-exports';
import AWS from "aws-sdk/global";

const appsyncClient = new AWSAppSyncClient({
  url: awsConfig.aws_appsync_graphqlEndpoint,
  region: awsConfig.aws_appsync_region,
  auth: {
    type: AUTH_TYPE.AWS_IAM,
    credentials: new AWS.Credentials({
    accessKeyId: "ACCESS_KEY_ID",
    secretAccessKey: "SECRET_ACCESS_KEY"
  })  },
  disableOffline: true
});

1reaction

JonathanHolveycommented, Aug 2, 2019

I’ll take a look, however I may not get an opportunity for a little while. Bear with me

Top Results From Across the Web

Authorization and authentication - AWS AppSync

Sign in to the AWS Management Console and open the AppSync console . In the APIs dashboard, choose your GraphQL API. In the...

How IAM permissions work with AppSync

AppSync gets permissions via data sources. Here, you need to define an IAM Role that AppSync will use and gets the permissions from...

API (GraphQL) - Configure authorization modes - Android

You can configure auth modes for an API using the Amplify CLI or manual ... This allows you to have both User Pools'...

AWS AppSync without Authentication - DEV Community ‍ ‍

AWS AppSync supports AWS_IAM. With the Cognito Identity Pool you can associate the IAM policy. Code, Code and Code. In the following two...

Create AWS AppSync IAM Authentication With AWS CDK

Authentication will be achieved by creating of AWS user being assigned to the group which has a policy set to allow interaction with...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Can I specify IAM user credentials for use in authenticating an AppSync API?

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

Log bug against aws-amplify use of componentWillReceiveProps instead of getDerivedStateFromProps

IOS deep linking handle on cold start