In appsync, there are 4 authorization mode, API Key, IAM, Cognito, OPEN ID. How can I make a customised one, like a lambda? Or how can I remove authorization at all which means it is open to public and I will do authorization in business layer?
Asked
Active
Viewed 143 times
0
Joey Yi Zhao
- 37,514
- 71
- 268
- 523
1 Answers
0
AppSync doesn't currently support custom Lambda authorizer, you can +1 the issue. https://github.com/aws/aws-appsync-community/issues/2
Regarding your second question, you can't remove authentication altogether, the closest you can get to it is use API_KEY (no authentication essentially as any client or person with your API_KEY can access your API.
Tinou
- 5,908
- 4
- 21
- 24
-
`API_KEY` is only valid for 7 days. I am not sure how clients can extend the expiring date. – Joey Yi Zhao Jun 01 '20 at 23:21
-
you can keep extending the expiration date of your API key indefinitely (as long as it's still valid) https://docs.aws.amazon.com/appsync/latest/APIReference/API_UpdateApiKey.html#API_UpdateApiKey_RequestBody we do recognize 7 days is kind of short and we noted it will be convenient to allow for configuring the expiration for up to say a year in the future – Tinou Jun 02 '20 at 21:39
-
clients don't extend the expiration date, one of your backend processes does (maybe a Lambda called by CW Events every 5 days). The idea here is you use a single API_KEY per application, and all your clients shared the same key. That way your API has virtually no authentication. – Tinou Jun 02 '20 at 21:53