12

I have a DynamoDB connected to step functions and I am building a UI to display changes. I connected the DB to an AppSync instance and have tried using subscriptions through AppSync, but it seems they only observe mutations within the current AppSync.

How can I subscribe to the data source changes directly?

Kemal Ahmed
  • 638
  • 6
  • 15

1 Answers1

14

You are correct. Currently, AppSync Subscriptions are only triggered from GraphQL Mutations. If there are changes made to the DynamoDB from a source other than AppSync, subscriptions will not trigger.

If you want to track all changes being made to DynamoDB table and publish them using AppSync, you can do the following:

1) Setup a DynamoDB stream to capture changes and feed the changes to AWS Lambda

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.Lambda.html

2) Setup an AppSync mutation with a Local (no datasource) resolver. You can use this to publish messages to subscribers without writing to a datasource.

https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-local-resolvers.html

3) Make the DynamoDB Stream Lambda function (setup in step 1) call the AWS AppSync mutation (setup in step 2).

This will enable publishing ALL changes made to a DynamoDB table to AppSync subscribers, regardless of where the change came from.

Michael Willingham
  • 912
  • 5
  • 8
  • 1
    How do I authorize the Lambda to call the AppSync instance if it requires Cognito login? – Kemal Ahmed Aug 10 '18 at 14:48
  • 3
    Depends on the auth type. For API Key, just add a header. Ditto for OIDC and Cognito user pools. If you are using AWS_IAM, there is more work to do since you have to sign the connection with the AWS AppSync SDK. – Adrian Hall Aug 10 '18 at 20:00
  • @AdrianHall what header would I add for connecting to Cognito pools? – Kemal Ahmed Aug 23 '18 at 14:24
  • Add an Authorization header with a bearer JWT token – Adrian Hall Aug 24 '18 at 21:45
  • 1
    @AdrianHall don't you require a username and password to generate this token? – Kemal Ahmed Aug 28 '18 at 16:45
  • Yes - you can either use the passed in Authorization header, which is available in the Lambda, or just log in to the Cognito pool with a backend username/password (standard OIDC stuff) to generate the JWT. – Adrian Hall Aug 31 '18 at 20:11
  • In step 3, from the lambda, "call the AWS AppSync mutation"? How do we do that? The other comments suggest marshall the endpoint, auth, query and hit it like anyone might from the outside? In which case, might this solution also be described as "Create a mutation that calls a lambda which passes the incoming data straight out again. Send an appsync mutation to it from the stream."? – John Mee Jul 31 '20 at 06:19