- Mais recentes
- Mais votos
- Mais comentários
Thank you for reaching out us regarding the above query. I would like to share that, we can use @aws_lambda AppSync directive to specify if a type of field should be authorized by the AWS_LAMBDA authorization mode when using multiple authorization modes in our GraphQL API. With this authorization mode, we can implement our own API authorization logic using an Amazon Lambda function. Please note that we can use a Lambda function for either our primary or secondary authorizer, but there may only be one Lambda authorization function per API.
For example, consider the below sample schema, in which we would be calling a Lambda Authorization function for a specific request:
type Author @aws_lambda {
id: ID!
title: String
}
type Mutation {
createAuthor(input: CreateAuthorInput!): Author @aws_lambda
}
Kindly note that, the '@aws_lambda' directive will use the lambda function configured in the authorization mode of our AppSync API. And as we can only use one Lambda authorization function per API hence, it would not be needed to specify the function name while using this directive.
Moving ahead, in my test setup, i have performed the below steps in order to make the authorization work:
- Writing a Lambda function to authorize GraphQL API calls - implement our business logic to authorize the request, in my case, i implemented the function to check the authorization token and, if the value is custom-authorized, the request is allowed else the requests are denied.
- Setting up AWS Lambda as authorization mode in AppSync - configure lambda function as the authorization from AppSync API >> Settings >> Default/Additional authorization mode (as per our use case) >> AWS_LAMBDA.
- While making the mutation request from AppSync Console, passed the token to lambda to verify it.
Using the above steps, i was able to invoke the lambda function set up in the authorization mode for authorizing the requests.
For detailed information on the same, please refer to the below documentation:
- [+]. https://aws.amazon.com/blogs/mobile/appsync-lambda-auth/
- [+]. https://docs.amazonaws.cn/en_us/appsync/latest/devguide/security-authz.html#aws-lambda-authorization
Additionally, if your use case is to use the different lambda functions for the specific request and handle/implement the business logic on the same, then you might consider using the Lambda resolvers for that specific field.
- [+]. Using AppSync Console : https://docs.amazonaws.cn/en_us/appsync/latest/devguide/tutorial-lambda-resolvers.html
- [+]. If using Amplify CLI : https://docs.amplify.aws/cli/graphql/custom-business-logic/#lambda-function-resolver
Having said that, in case you face further challenges, please feel free to open a support case with AWS using the following link.
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos