access Cognito User Pool secured AppSync app via alternate auth mechanism

Hi,

Alternate auth mechanisms to the same API are not available at this time, though that is a feature request we've heard before.

This should be possible while still maintaining Cognito as the auth mechanism, though. One way to do it would be that you could create a fake user in your user pool. Using "known" credentials, you could have this user be in an admin group, then lock that operation down to this group in your GraphQL schema. Then you'd give your nightly job safe access to these credentials where it could sign in and access that set of queries/mutations.

Does that make sense?

Thanks,
Jeff

Thank you. I'd love to see something more robust (ideally Cognito User Pools with the option to ALSO allow IAM user access) but this workaround is do-able. Appreciate the help!

Understood - noted as a +1 to prioritizing mixed auth mechanisms for a single API. Thanks for the feedback!

I'm looking for the same functionality here. I have cognito auth in my AppSync service but I want to trigger subscriptions programmatically from the back-end. It would be great to allow IAM access and Cognito at the same time. Please add +1 for me as well =)

It is now possible to assign multiple authentication types. In this case, you could use both @aws_cognito_user_pools as well as @aws_iam authentication. This is now documented here: https://docs.aws.amazon.com/appsync/latest/devguide/security-authz.html