By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AppSync query can not be authorized by IAM

2

I built an AppSync project by Amplify, and the scheme is as below.

# This "input" configures a global authorization rule to enable public access to
# all models in this schema. Learn more about authorization rules here: https://docs.amplify.aws/cli/graphql/authorization-rules

type Post
  @model
  @auth(
    rules: [
      {
        allow: owner
        ownerField: "owner"
        provider: userPools
        operations: [read, create]
      }
      { allow: private, provider: userPools, operations: [read, update] }
      { allow: private, provider: iam, operations: [read, create, update] }
    ]
  ) {
  id: ID!
  content: String!
  owner: String
  nickname: String
  createdAt: AWSDateTime
  command: Command @default(value: "PRIVMSG")
  channel: String!
    @index(
      name: "byChannel"
      queryField: "postsByChannel"
      sortKeyFields: ["createdAt"]
    )
  destination: Destination
    @default(value: "LOGGER")
    @index(
      name: "byDestination"
      queryField: "postsByDestination"
      sortKeyFields: ["createdAt"]
    )
}

enum Command {
  PRIVMSG
  NOTICE
}

enum Destination {
  IRC
  LOGGER
  ALL
}

type Channel
  @model
  @auth(
    rules: [
      {
        allow: private
        provider: userPools
        operations: [create, read, delete]
      }
      { allow: private, provider: iam, operations: [read, update, delete] }
    ]
  ) {
  id: ID!
  name: String!
  posts: [Post] @hasMany(indexName: "byChannel", fields: ["name"])
}

I was planning to do the listPosts from python scripts by IAM authentication, but it shows unauthenticated error. So I tried to do the same thing on AppSync.

I used the query as below:

query listPosts {
  listPosts {
    items {
      id
    }
  }
}

and I got "Not Authorized to access listPosts on type ModelPostConnection", even my user has the AdministratorAccess policy. Did I miss something else?

I appreciate it if there is any suggestion.

P.S.: my query definition part in AppSync schema is as below:

type Query {
	getPost(id: ID!): Post
		@aws_iam
@aws_cognito_user_pools
	listPosts(filter: ModelPostFilterInput, limit: Int, nextToken: String): ModelPostConnection
		@aws_iam
@aws_cognito_user_pools
	postsByChannel(
		channel: String!,
		createdAt: ModelStringKeyConditionInput,
		sortDirection: ModelSortDirection,
		filter: ModelPostFilterInput,
		limit: Int,
		nextToken: String
	): ModelPostConnection
		@aws_iam
@aws_cognito_user_pools
	postsByDestination(
		destination: Destination!,
		createdAt: ModelStringKeyConditionInput,
		sortDirection: ModelSortDirection,
		filter: ModelPostFilterInput,
		limit: Int,
		nextToken: String
	): ModelPostConnection
		@aws_iam
@aws_cognito_user_pools
	getChannel(id: ID!): Channel
		@aws_iam
@aws_cognito_user_pools
	listChannels(filter: ModelChannelFilterInput, limit: Int, nextToken: String): ModelChannelConnection
		@aws_iam
@aws_cognito_user_pools
}
Topics
ServerlessFront-End Web & MobileApplication IntegrationSecurity, Identity, & Compliance
Tags
AWS AppSyncAWS Identity and Access ManagementAWS Amplify
Language
English
Shishin Mo
asked 2 years ago130 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content