AppSync authorization

0

I currently have APIs which I am currently implementing using AWS Appsync and Cognito as authorizer. I have a couple of APIs that should be used without authentication (before the user registration) and I thought about using API KEYS with appsync for that purpose () But I noticed that: "API keys are configurable for up to 365 days, and you can extend an existing expiration date for up to another 365 days from that day" So the key should last 2 years maximum (https://docs.aws.amazon.com/en_us/appsync/latest/devguide/security.html#api-key-authorization) . Can you please suggest us the best way to manage the api key change? My app clients are ios/android apps using amplify framework, and I would like to avoid to create a release dedicated to the api key change every 1/2 year.

My questions:

  • is API keys the best way to address this use case?
  • how to effectively manage the API keys renewal process?
AWS
질문됨 5년 전1.1천회 조회
1개 답변
0
수락된 답변

If you don't want to manage API Key rotation, use Cognito Unauth Roles and IAM auth on AppSync. Easily configured using the Amplify CLI and the GraphQL Transform: https://aws-amplify.github.io/docs/cli-toolchain/graphql#public-authorization

# public authorization with provider override
type Post @model @auth(rules: [{allow: public, provider: iam}]) {
  id: ID!
  title: String!
}
AWS
답변함 5년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인