aws-cdk-lib.aws_appsync.AuthorizationMode

interface AuthorizationMode

LanguageType name
.NETAmazon.CDK.AWS.AppSync.AuthorizationMode
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsappsync#AuthorizationMode
Javasoftware.amazon.awscdk.services.appsync.AuthorizationMode
Pythonaws_cdk.aws_appsync.AuthorizationMode
TypeScript (source)aws-cdk-lib » aws_appsync » AuthorizationMode

Interface to specify default or additional authorization(s).

Example

const api = new appsync.GraphqlApi(this, 'Api', {
  name: 'demo',
  schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'schema.graphql')),
  authorizationConfig: {
    defaultAuthorization: {
      authorizationType: appsync.AuthorizationType.IAM,
    },
  },
  xrayEnabled: true,
});

const demoTable = new dynamodb.Table(this, 'DemoTable', {
  partitionKey: {
    name: 'id',
    type: dynamodb.AttributeType.STRING,
  },
});

const demoDS = api.addDynamoDbDataSource('demoDataSource', demoTable);

// Resolver for the Query "getDemos" that scans the DynamoDb table and returns the entire list.
// Resolver Mapping Template Reference:
// https://docs.aws.amazon.com/appsync/latest/devguide/resolver-mapping-template-reference-dynamodb.html
demoDS.createResolver('QueryGetDemosResolver', {
  typeName: 'Query',
  fieldName: 'getDemos',
  requestMappingTemplate: appsync.MappingTemplate.dynamoDbScanTable(),
  responseMappingTemplate: appsync.MappingTemplate.dynamoDbResultList(),
});

// Resolver for the Mutation "addDemo" that puts the item into the DynamoDb table.
demoDS.createResolver('MutationAddDemoResolver', {
  typeName: 'Mutation',
  fieldName: 'addDemo',
  requestMappingTemplate: appsync.MappingTemplate.dynamoDbPutItem(
    appsync.PrimaryKey.partition('id').auto(),
    appsync.Values.projecting('input'),
  ),
  responseMappingTemplate: appsync.MappingTemplate.dynamoDbResultItem(),
});

//To enable DynamoDB read consistency with the `MappingTemplate`:
demoDS.createResolver('QueryGetDemosConsistentResolver', {
  typeName: 'Query',
  fieldName: 'getDemosConsistent',
  requestMappingTemplate: appsync.MappingTemplate.dynamoDbScanTable(true),
  responseMappingTemplate: appsync.MappingTemplate.dynamoDbResultList(),
});

Properties

NameTypeDescription
authorizationTypeAuthorizationTypeOne of possible four values AppSync supports.
apiKeyConfig?ApiKeyConfigIf authorizationType is AuthorizationType.API_KEY, this option can be configured.
lambdaAuthorizerConfig?LambdaAuthorizerConfigIf authorizationType is AuthorizationType.LAMBDA, this option is required.
openIdConnectConfig?OpenIdConnectConfigIf authorizationType is AuthorizationType.OIDC, this option is required.
userPoolConfig?UserPoolConfigIf authorizationType is AuthorizationType.USER_POOL, this option is required.

authorizationType

Type: AuthorizationType

One of possible four values AppSync supports.

See also: https://docs.aws.amazon.com/appsync/latest/devguide/security.html


apiKeyConfig?

Type: ApiKeyConfig (optional, default: name: 'DefaultAPIKey' | description: 'Default API Key created by CDK')

If authorizationType is AuthorizationType.API_KEY, this option can be configured.


lambdaAuthorizerConfig?

Type: LambdaAuthorizerConfig (optional, default: none)

If authorizationType is AuthorizationType.LAMBDA, this option is required.


openIdConnectConfig?

Type: OpenIdConnectConfig (optional, default: none)

If authorizationType is AuthorizationType.OIDC, this option is required.


userPoolConfig?

Type: UserPoolConfig (optional, default: none)

If authorizationType is AuthorizationType.USER_POOL, this option is required.