You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
type Todo
@model
@auth(
rules: [
{ allow: private, provider: userPools }
{ allow: private, provider: iam }
]
) {
id: ID!
name: String!
description: String
}
Configure Lambda function as below to perform Appsync operations.
$ amplify add function
? Select which capability you want to add: Lambda function (serverless function)
? Provide an AWS Lambda function name: appsyncsubnodejs
? Choose the runtime that you want to use: NodeJS
? Choose the function template that you want to use: AppSync - GraphQL API request (with IAM)
✅ Available advanced settings:
Resource access permissions
Scheduled recurring invocation
Lambda layers configuration
Environment variables configuration
Secret values configuration
? Do you want to configure advanced settings? Yes
? Do you want to access other resources in this project from your Lambda function? Yes
? Select the categories you want this function to have access to. api
? Select the operations you want to permit on appsyncauth Query, Mutation, Subscription
$ amplify push
This would create a Lambda function role with the following permissions
However, this Lambda function role cannot perform appsync operations(unauthorised error) unless the role is specified in the custom-roles.json file as below.
Feature request would be to allow this Lambda execution role to perform actions on schema. Currently the below step adds required policy to Lambda execution role. In addition to this we may give permissions such that this role can perform appsync query/mutation/subscription operations without needing to allowlist in custom-roles.json
? Select the operations you want to permit on appsyncauth Query, Mutation, Subscription
Describe alternatives you've considered
NA
Additional context
No response
Is this something that you'd be interested in working on?
👋 I may be able to implement this feature request
Would this feature include a breaking change?
⚠️ This feature might incur a breaking change
The text was updated successfully, but these errors were encountered:
Describe the feature you'd like to request
Steps to reproduce
Appsync Schema
$ amplify add function
? Select which capability you want to add: Lambda function (serverless function)
? Provide an AWS Lambda function name: appsyncsubnodejs
? Choose the runtime that you want to use: NodeJS
? Choose the function template that you want to use: AppSync - GraphQL API request (with IAM)
✅ Available advanced settings:
? Do you want to configure advanced settings? Yes
? Do you want to access other resources in this project from your Lambda function? Yes
? Select the categories you want this function to have access to. api
? Select the operations you want to permit on appsyncauth Query, Mutation, Subscription
$ amplify push
This would create a Lambda function role with the following permissions
However, this Lambda function role cannot perform appsync operations(unauthorised error) unless the role is specified in the custom-roles.json file as below.
Notice we have already selected that we would like to perform actions such as query/mutation/subscription via this role.
https://docs.amplify.aws/gen1/javascript/build-a-backend/graphqlapi/customize-authorization-rules/#use-iam-authorization-within-the-appsync-console
This is similar to: https://repost.aws/questions/QU288xFKkVSSSwQH5Wqrru7w/appsync-unauthorized-error-when-called-from-presignup-lambda-trigger
Describe the solution you'd like
Feature request would be to allow this Lambda execution role to perform actions on schema. Currently the below step adds required policy to Lambda execution role. In addition to this we may give permissions such that this role can perform appsync query/mutation/subscription operations without needing to allowlist in custom-roles.json
? Select the operations you want to permit on appsyncauth Query, Mutation, Subscription
Describe alternatives you've considered
NA
Additional context
No response
Is this something that you'd be interested in working on?
Would this feature include a breaking change?
The text was updated successfully, but these errors were encountered: