Create AWS AppSync IAM Authentication With AWS CDK

The guide demonstrates how to create AWS IAM authentication of the AppSync with AWS CDK

Sunday, October 27, 2019

This guide is part of Managing AWS AppSync With AWS CDK guide.
API & Schema
Data Source & Resolver
>> IAM Authentication

Authentication will be achieved by creating of AWS user being assigned to the group which has a policy set to allow interaction with our AppSync service. We will generate an access key and the secret to be able to request AppSync request with AWS signature version 4.

Group

The policy attached to the group is configured to allow appsync:GraphQL actions on any resources prefixed with our API ARN (see an asterisk on the end of the literal).

User & Access Key

User is assigned to the created group and access key is generated for the user. One of options to reach the generated access key and secret is to make them outputs of the stack

Closing Notes

We defined AWS AppSync IAM authentication by creating an access key for the user having rights to access the AppSync API. Further information about IAM access configuration can be found at
https://docs.aws.amazon.com/cdk/api/latest/docs/aws-iam-readme.html