Open johnf opened 2 years ago
@johnf
@auth
currently generates the auth rules and the necessary pass through for lambda functions, as V2 authorization rules operate on the deny-by-default principle.
I can mark this as a feature request in the case of Global authorization rule for the team to review, as it currently only operates with apiKey.
@SwaySway A feature request would be great, thanks For now I've added a dummy auth with an owner pointing at a field that could never map to a cognito user
There might be potential to expand the docs - I think there is some confusion around
Not sure if this is related, I'm having trouble with public
access. I've allowed unauthenticated access on my cognito identity pool but I can't access any of my models from SSR (next.js) API endpoints using AWS_IAM
as an auth mode despite having the following auth rules on the models.
@auth(
rules: [
{ allow: public, provider: iam, operations: [read, create] }
{ allow: owner }
]
)
Scratch that, it's not just SSR routes on next.js but my lambda functions and frontend access too. The docs explicitly say that a lambda function should have access (requests are signed by v4 signatures). https://docs.amplify.aws/cli/graphql/authorization-rules/#grant-lambda-function-access-to-graphql-api
Could this be down to amplify not creating IAM roles correctly? It worked before on 6.4.0 but since upgrading to 7.6.3 and transformer v2 public IAM access has been broken
@benjamindoe were you able to find a solutions? :/
@levinskipolish Yes, there must have been a bug fix recently as it all seems to work as expected now on 7.6.26.
Before opening, please confirm:
How did you install the Amplify CLI?
yarn
If applicable, what version of Node.js are you using?
14.18.0
Amplify CLI Version
7.6.3
What operating system are you using?
Ubuntu
Amplify Categories
api
Amplify Commands
Not applicable
Describe the bug
If I create a model with no @auth methods, I can't access it from lambda. I get
Expected behavior
Lambda can successfully mutate the model
Reproduction steps
GraphQL schema(s)
Log output
Additional information
No response