If I understand your question correctly, the question you're asking is around the topic of Authorization within App Sync.
- Firstly, you do not have to give your users access to your entire AWS infrastructure/console access. You can provision privilege users (i.e using Cognito User Pools ,IAM , etc) and restrict their access to specific actions with AppSync only. The following link provide a list of options - https://docs.aws.amazon.com/appsync/latest/devguide/security-authz.html
- Secondly for your data control use cases, you can control what's written/returned via AppSync resolvers, this would require your data table schema to contain metadata information about it's owner . The following AWS link provide a good developer guide on this - https://docs.aws.amazon.com/appsync/latest/devguide/security-authorization-use-cases.html
Below is an overview snippet from the link on how AppSync performs Authorization:
AWS AppSync uses resources in your own account and threads identity (user/role) information into the GraphQL request and response as a context object, which you can use in the resolver. This means that permissions can be granted appropriately either on write or read operations based on the resolver logic. If this logic is at the resource level, for example only certain named users or groups can read/write to a specific database row, then that “authorization metadata” must be stored. AWS AppSync does not store any data so therefore you must store this authorization metadata with the resources so that permissions can be calculated. Authorization metadata is usually an attribute (column) in a DynamoDB table, such as an owner or list of users/groups. For example there could be Readers and Writers attributes.
How do I move an Entity Framework or EF Core app with Babelfish?asked 4 months ago
.NET Core IoT and IotData in the same app - how do I configure this?asked 4 years ago
How do I deactivate an AWS service?asked 5 months ago
How do I fix the error "DataStore - User is unauthorized"asked 6 months ago
Can I create an AWS link for my Web App URLasked 7 months ago
How do I find out why I'm being charged for app sync and open search service?asked 4 months ago
How do I see the posts I am following?asked 6 months ago
How do I build an app in AppSync with zero knowledge encryption / proof in mind.asked 8 months ago
How do I know why my application is not being deployed?asked a month ago
How do I set up an AWS Amplify project to query an existing AWS AppSync API?asked 6 months ago