Open kwwendt opened 1 week ago
Hey @kwwendt, thanks for raising this. Have you tried backend.data.resources.cfnResources.cfnGraphqlApi.authenticationType
to retrieve the auth mode?
Hey @AnilMaktala - it's not a matter of needing access to auth modes but being able to reference the graphqlApi
object in another CDK construct like this which checks if the modes
attribute contains IAM in order to provision AppSync as a target for EventBridge.
Subset of code pulled from above:
const tagsUpdated = new Rule(processingStack, 'TagsUpdated', {
eventPattern: {
source: ['events'],
detailType: ['TagsIdentified'],
detail: {
id: [{ "exists": true }]
}
}
});
tagsUpdated.addTarget(new AppSync(backend.data.resources.graphqlApi, {
graphQLOperation: "mutation UpdateAsset($input: AssetInput!) { updateAsset(input: $input) { id tags } }",
variables: RuleTargetInput.fromObject({
"input": {
"id": EventField.fromPath("$.detail.id"),
"tags": EventField.fromPath("$.detail.tags")
}
})
}));
Location in the CDK code where it checks for IAM in the IGraphqlApi
resource type.
Marking this is as a bug as I was able to reproduce it consistently as well. The modes
should not be an empty array if there are auth modes configured on defineData
.
Environment information
Data packages
Description
The
modes
attribute is empty even thoughIAM
is included by default and my API also hasAMAZON_COGNITO_USER_POOLS
added as an auth mode.Root cause (most likely): in
construct-export.ts
Code link reference, the authorization modes aren't passed into thefromGraphqlApiAttributes
method. Further investigation shows that the CDK implementation of that method setsmodes
to an empty array if the attribute isn't passed as part of the method CDK code reference.Recommendation: modify the
construct-export.ts
file to pull in the L2 construct vs importing it from theL1
construct OR explicitly pass the other attributes for thefromGraphqlApiAttributes
method.Impact: Without this, I am unable to use the Amazon EventBridge AppSync target L2 construct. That construct checks for
IAM
as an included auth mode and fails when I passbackend.data.resources.graphqlApi
to the construct. Example code below to reproduce.