Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(aws-appsync): Need an option for passing a Service Role to AppSync GraphQL Lambda Data Source

See original GitHub issue

I have a GraphQL AppSync and a Lambda Function data source.

I want to use existing IAM Roles as the data source Service Role.

Currently, there appears to be no way to specify the service role.

I have this Typescript CDK Code:


    const figaroLambda = new NodejsFunction(this, 'FigaroLambda', {
      memorySize: 1024,
      timeout: cdk.Duration.seconds(5),
      runtime: lambda.Runtime.NODEJS_14_X,
      handler: 'handler',
      role: figaroLambdaRole,
      entry: path.join(__dirname, `figaro/index.ts`),
      vpc,
      vpcSubnets,
      securityGroups: [figaroLambdaSecurityGroup],
    });


    // https://docs.aws.amazon.com/cdk/api/latest/typescript/api/aws-appsync/graphqlapi.html#aws_appsync_GraphqlApi
    // https://docs.aws.amazon.com/cdk/api/latest/typescript/api/aws-appsync/graphqlapiprops.html#aws_appsync_GraphqlApiProps
    const api = new appsync.GraphqlApi(this, 'NeptuneGraphQLApi', {
      schema: appsync.Schema.fromAsset('schema.graphql'),
      authorizationConfig: {
        defaultAuthorization: {
          authorizationType: appsync.AuthorizationType.USER_POOL,
          userPoolConfig: {
            userPool: userPool,
          },
        }
      },
    })


    // https://docs.aws.amazon.com/cdk/api/latest/typescript/api/aws-appsync/graphqlapibase.html#aws_appsync_GraphqlApiBase_addLambdaDataSource
    api.addLambdaDataSource('LambdaDatasourceFigaro', figaroLambda);

Which creates:

  NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleCCBC152B:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Action: sts:AssumeRole
            Effect: Allow
            Principal:
              Service: appsync.amazonaws.com
        Version: "2012-10-17"

  NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleDefaultPolicyB39D9AB9:
    Type: AWS::IAM::Policy
    Properties:
      PolicyDocument:
        Statement:
          - Action: lambda:InvokeFunction
            Effect: Allow
            Resource:
              Fn::GetAtt:
                - FigaroLambdaA18864CC
                - Arn
        Version: "2012-10-17"
      PolicyName: NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleDefaultPolicyB39D9AB9
      Roles:
        - Ref: NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleCCBC152B

  NeptuneGraphQLApiLambdaDatasourceFigaro8722E995:
    Type: AWS::AppSync::DataSource
    Properties:
      ApiId:
        Fn::GetAtt:
          - NeptuneGraphQLApi8AAC1DF5
          - ApiId
      Name: LambdaDatasourceFigaro
      Type: AWS_LAMBDA
      LambdaConfig:
        LambdaFunctionArn:
          Fn::GetAtt:
            - FigaroLambdaA18864CC
            - Arn
      ServiceRoleArn:
        Fn::GetAtt:
          - NeptuneGraphQLApiLambdaDatasourceFigaroServiceRoleCCBC152B
          - Arn

Need an option for passing a ServiceRole to addLambdaDataSource

Please consider this a feature request to update either addLambdaDataSource(id, lambdaFunction, options) or DataSourceOptions to include an option for specifying a service role:


addLambdaDataSource(
  id: string, 
  lambdaFunction: IFunction, 
  serviceRole: IRole, 
  options?: DataSourceOptions
): LambdaDataSource;

This is a 🚀 Feature Request

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:6 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
DevoKuncommented, Sep 10, 2022

Please keep open

0reactions
teemuniiranencommented, Oct 20, 2022

The same with addHttpDataSource. If you connect for example to API Gateway which is using IAM authentication. Vanilla CloudFormation has it on “root level”: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-appsync-datasource.html

I used now CfnDataSource: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_appsync.CfnDataSource.html

Read more comments on GitHub >

github_iconTop Results From Across the Web

Tutorial: Lambda resolvers - AWS AppSync
After you create the Lambda function, navigate to your GraphQL API in the AWS AppSync console, and then choose the Data Sources tab....
Read more >
create-data-source — AWS CLI 2.9.6 Command Reference
The Identity and Access Management (IAM) service role Amazon Resource Name (ARN) for the data source. The system assumes this role when accessing...
Read more >
appsync to appsync integration - http datasource - AWS IAM
Second, you have to keep this lambda warm otherwise it will add cold start ... new AwsIntegration({ service: 'appsync-api', options: ...
Read more >
AWS AppSync with Lambda Data Sources - Medium
The power of GraphQL lies in its flexibility. That is especially the case regarding resolvers, where any local or remote data can be...
Read more >
Up and Running with GraphQL Using AWS AppSync
The number of data sources offered by AppSync is quite vast, and also includes Lambda functions so basically, you can access any data...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[aws-lambda-python]: Ability to customize build environment

Next page

(ec2): support throughput option in EBS volume