Custom data access using Lambda functions

We aim to utilize Amplify's offline and sync capabilities in our native apps while maintaining our existing authentication process. I understand that we can employ Lambda functions for custom data access to authenticate our tokens, but I'm uncertain about how we can limit data access to respective owners. Is there a method to include owner information in the Lambda function?

I referred to this link for token verification, which functions smoothly, allowing us to establish the userId during token validation. However, we're unsure about how to incorporate owner information from Lambda into the data. https://docs.amplify.aws/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/

  const response = {
    isAuthorized: isAuthorized,
    resolverContext: {
      // eslint-disable-next-line spellcheck/spell-checker
      userid: userId,
      author: userId,
      info: 'contextual information A',
      more_info: 'contextual information B'
    },
    deniedFields: [
      `arn:aws:appsync:${process.env.AWS_REGION}:${accountId}:apis/${apiId}/types/Event/fields/comments`,
      `Mutation.createEvent`
    ],
    ttlOverride: 300
  };

This is our schema

import {
  type ClientSchema,
  a,
  defineData,
  defineFunction
} from '@aws-amplify/backend';


const schema = a.schema({
  Todo: a
    .model({
      content: a.string(),
       author: a.string()
    })
    // STEP 1
    // Indicate which models / fields should use a custom authorization rule
//     .authorization([a.allow.public()])
    .authorization([a.allow.custom()])
});

export type Schema = ClientSchema<typeof schema>;

export const data = defineData({
  schema,
  authorizationModes: {
    defaultAuthorizationMode: 'lambda',
    // STEP 2
    // Pass in the function to be used for a custom authorization rule
    lambdaAuthorizationMode: {
      function: defineFunction({
        entry: './custom-authorizer.ts'
      }),
      // (Optional) STEP 3
      // Configure the token's time to live
      timeToLiveInSeconds: 300
    }
  }
});

At the moment, with any valid token we are able to query all the records created by all users, but we want to limit that to only the owner records. Exactly how the authorisation rule works for the owner We would appreciate any suggestions on how to accomplish this.

Argomenti

Serverless Front-end web e dispositivi mobili Integrazione delle applicazioni Computazionali

Tag

AWS AppSync AWS Lambda AWS Amplify

Lingua

English

Raj

posta 3 mesi fa138 visualizzazioni

Nessuna risposta

Più recenti
Maggior numero di voti
Maggior numero di commenti

Contenuto pertinente

Come posso risolvere l'errore di CloudFormation "Unable to assume role and validate" quando avvio una risorsa Amazon ECS?
AWS UFFICIALEAggiornata 4 mesi fa
Come posso attivare un processo AWS Glue in un account AWS in base allo stato di un processo AWS Glue in un altro account?
AWS UFFICIALEAggiornata un anno fa
Perché ricevo un errore di accesso negato per l'operazione ListObjectsV2 quando eseguo il comando sync nel mio bucket Amazon S3?
AWS UFFICIALEAggiornata 2 anni fa
Come posso caricare e importare un certificato SSL in AWS Identity and Access Management (IAM)?
AWS UFFICIALEAggiornata 2 anni fa