appsync graphql query fails with error type OpenSearch:UserIllegalArgumentException
we are trying to add an OpenSearch datasource to our existing AppSync setup. all other datasources for AppSync have been DynamDB up to this point
is this error type indicating a problem with the resolver mapping templates or a problem re AppSync accessing OpenSearch ie misconfigured access policies?
we are using the nodejs CDK to deploy via CodePipeline
we have added an OpenSearch Domain, and it is being populated by a lambda listening for writes to a DynamoDB table - this part is working
we have created an OpenSearch Datasource, and created a resolver using the following as request and response mapping templates
const requestTemplate = `{
"version":"2017-02-28",
"operation":"GET",
"path":"/id/shipments/_search",
"params":{
"body":{
"from":0,
"to": 20
}
}
}`;
const responseTemplate = `{
"shipments": [
#foreach($entry in $context.result.hits.hits)
#if( $velocityCount > 1 ) , #end
$utils.toJson($entry.get("_source"))
#end
],
"total": -1
}`;
const datasourceId = `ShipmentsListDatasource`;
const datasource = new appsync.OpenSearchDataSource(
this,
getId(datasourceId, this.props),
{
domain: this.openSearchDomain,
api: this.api,
}
);
datasource.createResolver({
typeName: GraphQLTypeName.Query,
fieldName: "listShipments",
requestMappingTemplate: appsync.MappingTemplate.fromString(
requestTemplate
),
responseMappingTemplate: appsync.MappingTemplate.fromString(
responseTemplate
),
});
access to the OpenSearch domain has been configured like this
private configureOpenSearch() {
const openSearchAppsyncRole = new iam.Role(
this,
"a-role-name-here",
{
assumedBy: new iam.ServicePrincipal("appsync.amazonaws.com"),
}
);
const lambdaPolicyStatement = new iam.PolicyStatement({
actions: ["es:*"],
resources: [`${this.openSearchDomain.domainArn}/*`],
principals: [new iam.ArnPrincipal(this.baseStack.lambdaRole.roleArn)],
});
const rolePolicyStatement = new iam.PolicyStatement({
actions: ["es:*"],
resources: [`${this.openSearchDomain.domainArn}/*`],
effect: iam.Effect.ALLOW,
notPrincipals: [openSearchAppsyncRole]
})
this.openSearchDomain.addAccessPolicies(lambdaPolicyStatement, rolePolicyStatement);
this.openSearchDomain.grantRead(openSearchAppsyncRole);
this.openSearchDomain.grantIndexReadWrite(
"id",
this.shipmentsOpenSearchLambda
);
}
any requests to the graphql endpoint for this particular query return the following
{
"data": null,
"errors": [{
"path": ["listShipments"],
"data": null,
"errorType": "OpenSearch:UserIllegalArgumentException",
"errorInfo": null,
"locations": [{
"line": 3,
"column": 5,
"sourceName": null
}],
"message": "OpenSearch responded with an error: Bad Request"
}]
}
- 最新
- 最多得票
- 最多評論
相關內容
- 已提問 1 年前lg...
- 已提問 9 個月前lg...
- 已提問 4 個月前lg...
- 已提問 9 個月前lg...
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前