Usage pattern to allow either owner or few lambda functions to call GraphQL endpoints #2570
Comments
|
Hey👋 thanks for raising this! I'm going to transfer this over to our API repository for better assistance 🙂 |
|
Hi @rohit3d2003, if the lambda functions are also managed via Amplify CLI, you can follow this guide to grant the lambda role access to perform CRUD via AppSync API - https://docs.amplify.aws/gen1/react/build-a-backend/graphqlapi/customize-authorization-rules/#grant-lambda-function-access-to-graphql-api. |
|
Hey 👋 , This issue is being closed due to inactivity. If you are still experiencing the same problem and need further assistance, please feel free to leave a comment. This will enable us to reopen the issue and provide you with the necessary support. |
|
This issue is now closed. Comments on closed issues are hard for our team to see. |
Amplify CLI Version
12.12.0
Question
I'm currently configuring a GraphQL API using AWS Amplify, and I'm defining the schema for my application. In this schema, I want to ensure that CRUD operations on certain types, like "Account", are restricted to either the owner of the record or specific Lambda functions. I understand that I can use the @auth directive with the owner rule to restrict access to only the owner, like so: type Account @model @auth(rules: [{ allow: owner }]).
However, I also need to allow certain Lambda functions to perform CRUD operations on these records. I want to avoid granting access to other Cognito authenticated users. Using @auth(rules: [{ allow: private }]) won't work in this case, as it doesn't allow Lambda functions access.
I've read that using provider: iam with the owner auth rule isn't supported. What is the recommended approach or usage pattern to achieve this requirement? How can I configure my GraphQL schema to allow both the owner of the record and specific Lambda functions to perform CRUD operations while restricting access from other Cognito authenticated users?
The text was updated successfully, but these errors were encountered: