(aws-appsync): Need an option for passing a Service Role to AppSync GraphQL Lambda Data Source
See original GitHub issueI have a GraphQL AppSync and a Lambda Function data source.
I want to use existing IAM Roles as the data source Service Role.
Currently, there appears to be no way to specify the service role.
I have this Typescript CDK Code:
const figaroLambda = new NodejsFunction(this, 'FigaroLambda', {
memorySize: 1024,
timeout: cdk.Duration.seconds(5),
runtime: lambda.Runtime.NODEJS_14_X,
handler: 'handler',
role: figaroLambdaRole,
entry: path.join(__dirname, `figaro/index.ts`),
vpc,
vpcSubnets,
securityGroups: [figaroLambdaSecurityGroup],
});
// https://docs.aws.amazon.com/cdk/api/latest/typescript/api/aws-appsync/graphqlapi.html#aws_appsync_GraphqlApi
// https://docs.aws.amazon.com/cdk/api/latest/typescript/api/aws-appsync/graphqlapiprops.html#aws_appsync_GraphqlApiProps
const api = new appsync.GraphqlApi(this, 'NeptuneGraphQLApi', {
schema: appsync.Schema.fromAsset('schema.graphql'),
authorizationConfig: {
defaultAuthorization: {
authorizationType: appsync.AuthorizationType.USER_POOL,
userPoolConfig: {
userPool: userPool,
},
}
},
})
// https://docs.aws.amazon.com/cdk/api/latest/typescript/api/aws-appsync/graphqlapibase.html#aws_appsync_GraphqlApiBase_addLambdaDataSource
api.addLambdaDataSource('LambdaDatasourceFigaro', figaroLambda);
Which creates:
NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleCCBC152B:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: appsync.amazonaws.com
Version: "2012-10-17"
NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleDefaultPolicyB39D9AB9:
Type: AWS::IAM::Policy
Properties:
PolicyDocument:
Statement:
- Action: lambda:InvokeFunction
Effect: Allow
Resource:
Fn::GetAtt:
- FigaroLambdaA18864CC
- Arn
Version: "2012-10-17"
PolicyName: NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleDefaultPolicyB39D9AB9
Roles:
- Ref: NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleCCBC152B
NeptuneGraphQLApiLambdaDatasourceFigaro8722E995:
Type: AWS::AppSync::DataSource
Properties:
ApiId:
Fn::GetAtt:
- NeptuneGraphQLApi8AAC1DF5
- ApiId
Name: LambdaDatasourceFigaro
Type: AWS_LAMBDA
LambdaConfig:
LambdaFunctionArn:
Fn::GetAtt:
- FigaroLambdaA18864CC
- Arn
ServiceRoleArn:
Fn::GetAtt:
- NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleCCBC152B
- Arn
Need an option for passing a ServiceRole
to addLambdaDataSource
Please consider this a feature request to update either addLambdaDataSource(id, lambdaFunction, options)
or DataSourceOptions
to include an option for specifying a service role:
addLambdaDataSource(
id: string,
lambdaFunction: IFunction,
serviceRole: IRole,
options?: DataSourceOptions
): LambdaDataSource;
This is a 🚀 Feature Request
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Tutorial: Lambda resolvers - AWS AppSync
After you create the Lambda function, navigate to your GraphQL API in the AWS AppSync console, and then choose the Data Sources tab....
Read more >create-data-source — AWS CLI 2.9.6 Command Reference
The Identity and Access Management (IAM) service role Amazon Resource Name (ARN) for the data source. The system assumes this role when accessing...
Read more >appsync to appsync integration - http datasource - AWS IAM
Second, you have to keep this lambda warm otherwise it will add cold start ... new AwsIntegration({ service: 'appsync-api', options: ...
Read more >AWS AppSync with Lambda Data Sources - Medium
The power of GraphQL lies in its flexibility. That is especially the case regarding resolvers, where any local or remote data can be...
Read more >Up and Running with GraphQL Using AWS AppSync
The number of data sources offered by AppSync is quite vast, and also includes Lambda functions so basically, you can access any data...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Please keep open
The same with addHttpDataSource. If you connect for example to API Gateway which is using IAM authentication. Vanilla CloudFormation has it on “root level”: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html
I used now CfnDataSource: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_appsync.CfnDataSource.html