search

aws-amplify / amplify-cli

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Apache License 2.0
2.81k stars 821 forks source link

How to update AWS::AppSync::GraphQLApi authorization type to AWS_IAM? #624

Closed phanviet closed 5 years ago

phanviet commented 5 years ago

Which Category is your question related to? api

What AWS Services are you utilizing? AWS AppSync

Provide additional details e.g. code snippets I try to edit the cloudformation-template.json as below:

        "GraphQLAPI": {
            "Type": "AWS::AppSync::GraphQLApi",
            "Properties": {
                "Name": {
                    "Ref": "AppSyncApiName"
                },
                "AuthenticationType": "AWS_IAM"
            }
        },

And run amplify push. But the gql-compile transform always generate a new cloudformation template with API_KEY (or AMAZON_COGNITOR_USER_POOLS) as previous CLI configuration. So how to update AWS::AppSync::GraphQLApi authorization type to AWS_IAM?

kaustavghosh06 commented 5 years ago

@phanviet The Amplify CLI currently only supports API Key and Cognito security types. But we have in our roadmap to support IAM as well.

phanviet commented 5 years ago

@kaustavghosh06 Thanks for inform.

jpbourgeon commented 5 years ago

Hi Has this changed with the recent api custom stacks/resolvers update ? or is it still under development ? Regards

yuth commented 5 years ago

@jpbourgeon We have put out an RFC and it still is not implemented

eelzinaty commented 5 years ago

@phanviet I find a turn around to enable AWS_IAM for AppSync, that works for me now. You can add these two cloudformation stacks to your API stack: https://gist.github.com/eelzinaty/f2e6eaf3f8282f3d66db1a0732e5c6dd https://gist.github.com/eelzinaty/8d013575a02245aafacaf926226a870d

Then make sure that your API parameters.json has this:

.....
.....
.....
"authRoleName": "Name of your Amplify Auth Role"

Then, you run amplify push api.

Finally, you change your appsync security in aws_export.json to AWS_IAM.

....
....
....
"aws_appsync_authenticationType": "AWS_IAM"
};
kaustavghosh06 commented 5 years ago

We launched multi-auth support for AppSync API (which included public APIs - with API Keys + IAM) as a part of our CLI version 3.8+. Please take a look at our documentation around it out here for more info - https://aws-amplify.github.io/docs/cli-toolchain/graphql#public-authorization

github-actions[bot] commented 3 years ago

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.