Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[aws-cdk/appsync] - aws_auth directive ignored
See original GitHub issuetype Query {
getCustomers: [Customer]
@aws_auth(cognito_groups: ["Admins"])
getCustomer(id: String): Customer
}
It would be expected that the above code would restrict the getCustomers query to users who exist in the Admins group. This is an example of the starter code made available on the AppSync CDK page.
Reproduction Steps
Copy the demo code from AppSync CDK, add the above directive to the included graphql.schema, deploy your changes, make a query from a user that is not the specified group, expect to have information returned.
Error Log
Environment
- CLI Version : 1.47.1
- Framework Version:
- Node.js Version: 12.18.2
- OS : Mac OSX
- Language (Version): TypeScript (3.7.2)
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:7 (5 by maintainers)
Top Results From Across the Web
Secure AWS AppSync with Amazon Cognito using the AWS ...
This post will provide an overview of AWS IAM permissions as they relate to Cognito identity pools. Also, we'll learn how to configure...
Read more >aws-cdk/aws-appsync module - AWS Documentation
Example of a GraphQL API with AWS_IAM authorization resolving into a DynamoDb backend data source. GraphQL schema file schema.graphql : type demo {...
Read more >Resolver mapping template programming guide - AWS AppSync
AWS AppSync uses VTL to translate GraphQL requests from clients into a request to ... to call the methods using a #set directive...
Read more >class Directive · AWS CDK
Directives for types. i.e. @aws_iam or @aws_subscribe. Example. declare const api: appsync.GraphqlApi; declare const film: ...
Read more >aws-cdk/aws-appsync-alpha module - AWS Documentation
When using AWS_IAM as the authorization type for GraphQL API, an IAM Role with correct permissions must be used for access to API....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@aws_authis supported by cdk. However, something to note and follow from the appsync documentation is that@aws_authonly works for cognito if it’s the ONLY form of authorization.If you use additional authorization then you must use the
@aws_cognito_user_pooldirective. Additionally, there is was an issue before that created anapiKeyifadditionalAuthorizationwas not configured (#9054) that was fixed thanks to @warrifyI think what might have happened @tombuckley91 was that the bug from the
apiKeywas adding an additional configuration that made the@aws_authdirective unusable. Now that it’s fixed though, as long as you only have a single configuration for authorization,@aws_authshould work (from my tests I have gotten it to work).Rule of thumb:
@aws_auth@aws_cognito_user_pool@aws_authand@aws_cognito_user_poolare specific to ONE and MULTIPLE configurations respectively. You cant use@aws_authfor multiple configurations and you cant use@aws_cognito_user_poolfor one configuration.I’m closing this issue for now but if there is something I missed, please reopen it or continue adding to the discussion.