I built an AppSync project by Amplify, and the scheme is as below.
# This "input" configures a global authorization rule to enable public access to
# all models in this schema. Learn more about authorization rules here: https://docs.amplify.aws/cli/graphql/authorization-rules
type Post
@model
@auth(
rules: [
{
allow: owner
ownerField: "owner"
provider: userPools
operations: [read, create]
}
{ allow: private, provider: userPools, operations: [read, update] }
{ allow: private, provider: iam, operations: [read, create, update] }
]
) {
id: ID!
content: String!
owner: String
nickname: String
createdAt: AWSDateTime
command: Command @default(value: "PRIVMSG")
channel: String!
@index(
name: "byChannel"
queryField: "postsByChannel"
sortKeyFields: ["createdAt"]
)
destination: Destination
@default(value: "LOGGER")
@index(
name: "byDestination"
queryField: "postsByDestination"
sortKeyFields: ["createdAt"]
)
}
enum Command {
PRIVMSG
NOTICE
}
enum Destination {
IRC
LOGGER
ALL
}
type Channel
@model
@auth(
rules: [
{
allow: private
provider: userPools
operations: [create, read, delete]
}
{ allow: private, provider: iam, operations: [read, update, delete] }
]
) {
id: ID!
name: String!
posts: [Post] @hasMany(indexName: "byChannel", fields: ["name"])
}
I was planning to do the listPosts from python scripts by IAM authentication, but it shows unauthenticated error. So I tried to do the same thing on AppSync.
I used the query as below:
query listPosts {
listPosts {
items {
id
}
}
}
and I got "Not Authorized to access listPosts on type ModelPostConnection"
, even my user has the AdministratorAccess policy. Did I miss something else?
I appreciate it if there is any suggestion.
P.S.: my query definition part in AppSync schema is as below:
type Query {
getPost(id: ID!): Post
@aws_iam
@aws_cognito_user_pools
listPosts(filter: ModelPostFilterInput, limit: Int, nextToken: String): ModelPostConnection
@aws_iam
@aws_cognito_user_pools
postsByChannel(
channel: String!,
createdAt: ModelStringKeyConditionInput,
sortDirection: ModelSortDirection,
filter: ModelPostFilterInput,
limit: Int,
nextToken: String
): ModelPostConnection
@aws_iam
@aws_cognito_user_pools
postsByDestination(
destination: Destination!,
createdAt: ModelStringKeyConditionInput,
sortDirection: ModelSortDirection,
filter: ModelPostFilterInput,
limit: Int,
nextToken: String
): ModelPostConnection
@aws_iam
@aws_cognito_user_pools
getChannel(id: ID!): Channel
@aws_iam
@aws_cognito_user_pools
listChannels(filter: ModelChannelFilterInput, limit: Int, nextToken: String): ModelChannelConnection
@aws_iam
@aws_cognito_user_pools
}