By using AWS re:Post, you agree to the Terms of Use
/Lambda Function GraphQL Authentication issues/

Lambda Function GraphQL Authentication issues

0

I've created a new function using the latest version of the CLI and granted access to the API resources as stated in the docs.

The generated function resources seem to miss Authorization to access AppSync schema, since any type of access attempt ends up in the following response:

{
   "data":{
      "getUsers":null
   },
   "errors":[
      {
         "path":[
            "getUsers"
         ],
         "data":null,
         "errorType":"Unauthorized",
         "errorInfo":null,
         "locations":[
            {
               "line":2,
               "column":9,
               "sourceName":null
            }
         ],
         "message":"Not Authorized to access getUsers on type Query"
      }
   ]
}

I've double-checked and the CLI recognizes/shows that the generated function has the required Resource access permissions. Existing functions created following the same exact steps (with previous CLI versions) are working correctly.

Expected behavior The function should have access to the resources we specified during the creation process.

Reproduction steps 1. amplify add function 2. follow all required steps & grant access to the AppSync API 3. try to retrieve data by accessing Appsync

Here is the link to the github repo issue created with further details: https://github.com/aws-amplify/amplify-cli/issues/10141

1 Answers
0

Hi, from my experience, we had API_LIVETRACE_GRAPHQLAPIENDPOINTOUTPUT, API_LIVETRACE_GRAPHQLAPIIDOUTPUT, API_LIVETRACE_GRAPHQLAPIKEYOUTPUT in Lambda environment variables.

Then I need attach {'x-api-key': os.env['API_LIVETRACE_GRAPHQLAPIKEYOUTPUT']} to the headers when send request to os.env['API_LIVETRACE_GRAPHQLAPIENDPOINTOUTPUT].

answered a month ago
  • Thanks for your input Hoan, I'm already adding that header and signing the request as described in the documentation. The issue is that even though the IAM roles are assigned correctly, AppSync seems to deny the acces.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions