1 Answer
- Newest
- Most votes
- Most comments
0
One option you have is to enable IAM authentication in AppSync, and allow the client lambda to assume a restricted role in your server account that will give them access to the GraphQL resources (query, mutation, subscriptions, etc). How many client accounts do you need to manage? Does each client account need to have different authorization rules?
Relevant content
- asked a year ago
- asked 2 months ago
- asked 2 months ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Thank you for your answer. How do you suggest we do the authentication of each user in the server account? Each user should be authenticated to find out whether the user is a Pro user or not.
To answer your questions, Clients can be hundreds each having a separate AWS account. Rules are simple. We are going to implement pro and standard subscription levels where pro clients have no limitations but the standard clients are only allowed for some requests (They are not permitted to do inferencing for some data that becomes available for certain weeks of the month).