Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

IAM auth isn't working?

See original GitHub issue

I’ve been able to get the API key and Cognito user pool auth working without any issues. Please note that I’m using a Cognito identity pool for sign in via the aws-amplify package.

I switched the AppSync configuration (in the AWS AppSync console and in the aws-appsync client config) to IAM auth and am hitting issues.

I am going this route given that federated identities like Facebook don’t seem to work with the Cognito user pool auth method since there’s no jwt.

Here are the problems that I’m seeing:

Mutation error

Error: Can't find field listEvents on object (ROOT_QUERY) undefined.
    at readStoreResolver (http://localhost:3000/static/js/bundle.js:6315:19)
    at executeField (http://localhost:3000/static/js/bundle.js:56196:18)
    at http://localhost:3000/static/js/bundle.js:56153:31
    at Array.forEach (<anonymous>)
    at executeSelectionSet (http://localhost:3000/static/js/bundle.js:56148:29)
    at graphql (http://localhost:3000/static/js/bundle.js:56143:12)
    at diffQueryAgainstStore (http://localhost:3000/static/js/bundle.js:6347:91)
    at readQueryFromStore (http://localhost:3000/static/js/bundle.js:6290:12)
    at MyCache../node_modules/apollo-cache-inmemory/lib/inMemoryCache.js.InMemoryCache.read (http://localhost:3000/static/js/bundle.js:6033:98)
    at MyCache../node_modules/apollo-cache-inmemory/lib/inMemoryCache.js.InMemoryCache.readQuery (http://localhost:3000/static/js/bundle.js:6123:21)
    at update (http://localhost:3000/static/js/bundle.js:139224:30)
    at http://localhost:3000/static/js/bundle.js:8787:122
    at tryFunctionOrLogError (http://localhost:3000/static/js/bundle.js:10581:16)
    at http://localhost:3000/static/js/bundle.js:8787:100
    at MyCache../node_modules/apollo-cache-inmemory/lib/inMemoryCache.js.InMemoryCache.performTransaction (http://localhost:3000/static/js/bundle.js:6093:9)
    at DataStore../node_modules/apollo-client/data/store.js.DataStore.markMutationResult (http://localhost:3000/static/js/bundle.js:8786:28)
    at changeFn_1 (http://localhost:3000/static/js/bundle.js:8719:23)
    at http://localhost:3000/static/js/bundle.js:8732:21
    at MyCache../node_modules/apollo-cache-inmemory/lib/inMemoryCache.js.InMemoryCache.performTransaction (http://localhost:3000/static/js/bundle.js:6093:9)
    at http://localhost:3000/static/js/bundle.js:6105:19
    at RecordingCache../node_modules/apollo-cache-inmemory/lib/recordingCache.js.RecordingCache.record (http://localhost:3000/static/js/bundle.js:6443:9)
    at record (http://localhost:3000/static/js/bundle.js:6479:27)
    at MyCache../node_modules/apollo-cache-inmemory/lib/inMemoryCache.js.InMemoryCache.recordOptimisticTransaction (http://localhost:3000/static/js/bundle.js:6102:92)
    at DataStore../node_modules/apollo-client/data/store.js.DataStore.markMutationInit (http://localhost:3000/static/js/bundle.js:8728:24)
    at QueryManager../node_modules/apollo-client/core/QueryManager.js.QueryManager.mutate (http://localhost:3000/static/js/bundle.js:7732:24)
    at AWSAppSyncClient../node_modules/apollo-client/ApolloClient.js.ApolloClient.mutate (http://localhost:3000/static/js/bundle.js:7174:34)
    at AWSAppSyncClient../node_modules/aws-appsync/lib/client.js.AWSAppSyncClient.mutate (http://localhost:3000/static/js/bundle.js:22593:40)
    at GraphQL.dataForChildViaMutation (http://localhost:3000/static/js/bundle.js:97593:51)
    at createEvent (http://localhost:3000/static/js/bundle.js:139234:31)
    at NewEvent._callee$ (http://localhost:3000/static/js/bundle.js:138978:40)
    at tryCatch (http://localhost:3000/static/js/bundle.js:127527:40)
    at Generator.invoke [as _invoke] (http://localhost:3000/static/js/bundle.js:127761:22)
    at Generator.prototype.(anonymous function) [as next] (http://localhost:3000/static/js/bundle.js:127579:21)
    at step (http://localhost:3000/static/js/bundle.js:138920:191)
    at http://localhost:3000/static/js/bundle.js:138920:437
    at new Promise (<anonymous>)
    at http://localhost:3000/static/js/bundle.js:138920:99
    at http://localhost:3000/static/js/bundle.js:138993:30
    at HTMLUnknownElement.callCallback (http://localhost:3000/static/js/bundle.js:101391:14)
    at Object.invokeGuardedCallbackDev (http://localhost:3000/static/js/bundle.js:101430:16)
    at Object.invokeGuardedCallback (http://localhost:3000/static/js/bundle.js:101287:27)
    at Object.invokeGuardedCallbackAndCatchFirstError (http://localhost:3000/static/js/bundle.js:101301:43)
    at executeDispatch (http://localhost:3000/static/js/bundle.js:101685:19)
    at executeDispatchesInOrder (http://localhost:3000/static/js/bundle.js:101707:5)
    at executeDispatchesAndRelease (http://localhost:3000/static/js/bundle.js:101805:5)
    at executeDispatchesAndReleaseTopLevel (http://localhost:3000/static/js/bundle.js:101816:10)
    at Array.forEach (<anonymous>)
    at forEachAccumulated (http://localhost:3000/static/js/bundle.js:101784:9)
    at processEventQueue (http://localhost:3000/static/js/bundle.js:101961:5)
    at runEventQueueInBatch (http://localhost:3000/static/js/bundle.js:104456:3)

Subscription error

auth-link.js:114 Uncaught (in promise) TypeError: Cannot read property 'getPromise' of undefined
    at Object.<anonymous> (auth-link.js:114)
    at step (auth-link.js:50)
    at Object.next (auth-link.js:31)
    at auth-link.js:25
    at new Promise (<anonymous>)
    at ./node_modules/aws-appsync/lib/link/auth-link.js.__awaiter (auth-link.js:21)
    at iamBasedAuth (auth-link.js:107)
    at auth-link.js:138
    at new Subscription (zen-observable.js:103)
    at Observable.subscribe (zen-observable.js:229)
    at complex-object-link.js:74
    at <anonymous>

I’ve tried combing through various docs and looking at the code, however, a little uncertain about what’s going sideways. Would really appreciate any guidance you can provide to try to chase it down.

Issue Analytics

State:
Created 6 years ago
Comments:24 (1 by maintainers)

Top GitHub Comments

22reactions

honkskilletcommented, Apr 25, 2018

@russelltaga Awesome! I had to several things including what you outline

On my client App, in the file aws-export.js I had to comment out the line 'aws_mandatory_sign_in': 'enable', . I created my cognito pools with the aws mobilehub cli and it had put that in there.
Like you said, I need to set the Unauthenticated role at Federated identities > [identity pool name] > Edit identity pool
Right below that, on the same page, I had to select the checkbox Unauthenticated identities > Enable access to unauthenticated identities
In the IAM Role for this cognito, under trust relationship > edit trust relationships I removed the condition "ForAnyValue:StringLike": { "cognito-identity.amazonaws.com:amr": "authenticated" } (not entirely sure if this last step was needed)
Set the IAM policy for the cognito role to the role provided above…

    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL"
            ],
            "Resource": [
                "arn:aws:appsync:<AWS region>:<AWS account ID>:apis/<app sync endpoint ID>/*"
            ]
        }
    ]
}

Hopefully that helps someone in the future! Thank you, resselltaga

9reactions

russelltagacommented, Apr 23, 2018

Hey @honkskillet - Add an IAM policy like this to the role that’s assigned to signed in Cognito users and you should be golden.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL"
            ],
            "Resource": [
                "arn:aws:appsync:<AWS region>:<AWS account ID>:apis/<app sync endpoint ID>/*"
            ]
        }
    ]
}

Please let me know if you run into any problems