Custom data access using Lambda functions

We aim to utilize Amplify's offline and sync capabilities in our native apps while maintaining our existing authentication process. I understand that we can employ Lambda functions for custom data access to authenticate our tokens, but I'm uncertain about how we can limit data access to respective owners. Is there a method to include owner information in the Lambda function?

I referred to this link for token verification, which functions smoothly, allowing us to establish the userId during token validation. However, we're unsure about how to incorporate owner information from Lambda into the data. https://docs.amplify.aws/gen2/build-a-backend/data/customize-authz/custom-data-access-patterns/

  const response = {
    isAuthorized: isAuthorized,
    resolverContext: {
      // eslint-disable-next-line spellcheck/spell-checker
      userid: userId,
      author: userId,
      info: 'contextual information A',
      more_info: 'contextual information B'
    },
    deniedFields: [
      `arn:aws:appsync:${process.env.AWS_REGION}:${accountId}:apis/${apiId}/types/Event/fields/comments`,
      `Mutation.createEvent`
    ],
    ttlOverride: 300
  };

This is our schema

import {
  type ClientSchema,
  a,
  defineData,
  defineFunction
} from '@aws-amplify/backend';


const schema = a.schema({
  Todo: a
    .model({
      content: a.string(),
       author: a.string()
    })
    // STEP 1
    // Indicate which models / fields should use a custom authorization rule
//     .authorization([a.allow.public()])
    .authorization([a.allow.custom()])
});

export type Schema = ClientSchema<typeof schema>;

export const data = defineData({
  schema,
  authorizationModes: {
    defaultAuthorizationMode: 'lambda',
    // STEP 2
    // Pass in the function to be used for a custom authorization rule
    lambdaAuthorizationMode: {
      function: defineFunction({
        entry: './custom-authorizer.ts'
      }),
      // (Optional) STEP 3
      // Configure the token's time to live
      timeToLiveInSeconds: 300
    }
  }
});

At the moment, with any valid token we are able to query all the records created by all users, but we want to limit that to only the owner records. Exactly how the authorisation rule works for the owner We would appreciate any suggestions on how to accomplish this.

Topics

Serverless Front-End Web & Mobile Application Integration Compute

Relevant content

Our EC2 system has been hacked and our custom Database deleted. Can we recover an earlier version of our instance without a backup
rePost-User-5099482
asked a year ago
Understanding our load testing data on lambdas using provisional concurrency
Accepted Answer
rePost-User-2581820
asked a year ago
can we attach the custom domain to lambda function urls ?
Accepted Answer
Navin GV
asked 2 years ago
Does AWS Marketplace provide us with SSL Certifacte and domain if we want to publish our app in aws marketplace?
Shraddha
asked 7 months ago
How can I use Amazon EMR to process data?
AWS OFFICIALUpdated a year ago
How can I use a custom UI template with AWS-provided Lambda functions in Ground Truth?
AWS OFFICIALUpdated 2 years ago
How do I pass custom headers through API Gateway to a Lambda function using Lambda custom (non-proxy) integration?
AWS OFFICIALUpdated 2 years ago
How can I use Amazon Linux 2 AMI native binary packages with Lambda?
AWS OFFICIALUpdated 2 years ago
Migrating Glue Data Catalog tables to use Apache Iceberg open table format using Athena
EXPERT
Hamzah Chaudhry
published 14 days ago
A Guide to Understanding and Streamlining the DMCA Process
EXPERT
Ben Lee
published 4 months ago