Skip to content

focusOtter/cdk-appsync-guests

Repository files navigation

Secure AWS AppSync with API Keys using the AWS CDK

(checkout the branches for the IAM permission setup)

This repo walks through the steps needed to get setup an AppSync API that is protected with an API Key.

// valid, but simplified
const api = new GraphqlApi(this, 'User API', {
	name: 'User API',
	schema: Schema.fromAsset(path.join(__dirname, 'schema.graphql')),
	authorizationConfig: {
		defaultAuthorization: {
			authorizationType: AuthorizationType.API_KEY,
		},
	},
})

architecture diagram

Content Channels

Project Overview

The core of the appl

The deployed project is meant to work with a frontend (see link to frontend repo below), thereby creating a fullstack application. In addition to an AppSync API, a DynamoDB table is created to hold User data and a Lambda function is created to populate the table on a schedule.

On the frontend, use of the AWS Amplify JS libraries are used to connect our frontend to our backend by means of the Amplify.configure method (sample data configs are used):

Amplify.configure({
	aws_project_region: 'us-east-1',
	aws_appsync_graphqlEndpoint:
		'https://c4wds3boinhrdemdnqkt5uztny.appsync-api.us-east-1.amazonaws.com/graphql',
	aws_appsync_region: 'us-east-1',
	aws_appsync_authenticationType: 'API_KEY',
	aws_appsync_apiKey: 'da2-ze45yo5nm5dttnnsvkyoxwbbvq',
})

With our frontend cofigured to work with out backend, and our Lambda function seeding out database, the frontend will display user data styled with the AWS Amplify UI Components

user profile

Note the frontend repo also has a dedicated branch to show the slight change needed for IAM authorization.

Useful commands

  • npm run build compile typescript to js
  • npm run watch watch for changes and compile
  • npm run test perform the jest unit tests
  • cdk deploy deploy this stack to your default AWS account/region
  • cdk diff compare deployed stack with current state
  • cdk synth emits the synthesized CloudFormation template