we are trying to add an OpenSearch datasource to our existing AppSync setup. all other datasources for AppSync have been DynamDB up to this point
is this error type indicating a problem with the resolver mapping templates or a problem re AppSync accessing OpenSearch ie misconfigured access policies?
we are using the nodejs CDK to deploy via CodePipeline
we have added an OpenSearch Domain, and it is being populated by a lambda listening for writes to a DynamoDB table - this part is working
we have created an OpenSearch Datasource, and created a resolver using the following as request and response mapping templates
const requestTemplate = `{
"version":"2017-02-28",
"operation":"GET",
"path":"/id/shipments/_search",
"params":{
"body":{
"from":0,
"to": 20
}
}
}`;
const responseTemplate = `{
"shipments": [
#foreach($entry in $context.result.hits.hits)
#if( $velocityCount > 1 ) , #end
$utils.toJson($entry.get("_source"))
#end
],
"total": -1
}`;
const datasourceId = `ShipmentsListDatasource`;
const datasource = new appsync.OpenSearchDataSource(
this,
getId(datasourceId, this.props),
{
domain: this.openSearchDomain,
api: this.api,
}
);
datasource.createResolver({
typeName: GraphQLTypeName.Query,
fieldName: "listShipments",
requestMappingTemplate: appsync.MappingTemplate.fromString(
requestTemplate
),
responseMappingTemplate: appsync.MappingTemplate.fromString(
responseTemplate
),
});
access to the OpenSearch domain has been configured like this
private configureOpenSearch() {
const openSearchAppsyncRole = new iam.Role(
this,
"a-role-name-here",
{
assumedBy: new iam.ServicePrincipal("appsync.amazonaws.com"),
}
);
const lambdaPolicyStatement = new iam.PolicyStatement({
actions: ["es:*"],
resources: [`${this.openSearchDomain.domainArn}/*`],
principals: [new iam.ArnPrincipal(this.baseStack.lambdaRole.roleArn)],
});
const rolePolicyStatement = new iam.PolicyStatement({
actions: ["es:*"],
resources: [`${this.openSearchDomain.domainArn}/*`],
effect: iam.Effect.ALLOW,
notPrincipals: [openSearchAppsyncRole]
})
this.openSearchDomain.addAccessPolicies(lambdaPolicyStatement, rolePolicyStatement);
this.openSearchDomain.grantRead(openSearchAppsyncRole);
this.openSearchDomain.grantIndexReadWrite(
"id",
this.shipmentsOpenSearchLambda
);
}
any requests to the graphql endpoint for this particular query return the following
{
"data": null,
"errors": [{
"path": ["listShipments"],
"data": null,
"errorType": "OpenSearch:UserIllegalArgumentException",
"errorInfo": null,
"locations": [{
"line": 3,
"column": 5,
"sourceName": null
}],
"message": "OpenSearch responded with an error: Bad Request"
}]
}
AWS公式更新しました 2年前
