Using multiple authorization types with AWS AppSync GraphQL APIs

Question

This blog post shows how to set multiple authorisation types to models and fields in graphql transform.

Lets say I have an @model Blog

type Blog @model {
   id: ID!
   adminUserId: String
   name: String!
   posts: [Post] @connection(keyName: "byBlog", fields: ["id"])
}

Using this shcema will autogenerate the following mutations/queries; createBlog updateBlog deleteBlog getBlog listBlogs

I want createBlog, updateBlog and deleteBlog to have authorisation type @aws_iam. I want getBlog and listBlogs to have my default authorisation type @aws_cognito_user_pools

How can I define this in my schema.graphql? I can not set the authorisation type directly on the mutations/queries as they are not defined in my schema.graphql file.

I am able to set the auth types directly in the complete schema that is generated in the cloud (AWS AppSync > API Name > Schema ) because here all the queries/mutations are all defined. But this schema will be re-written every time I run amplify push.

There must be a better way?

Simon Verhoeven · Answer 1 · 2020-08-24T05:25:40.973

FYI I worked it out. The answer is the auth directive.

This schema will allow cognito (my default auth) to read only and iam to do everything. This is exactly what I want.

type Blog @auth(rules: [{ allow: private, provider: iam, operations: [read, create, update, delete] }, { allow: private, operations: [read] }]) @model {
  id: ID!
  adminUserId: String
  name: String!
  posts: [Post] @connection(keyName: "byBlog", fields: ["id"])
}

Using multiple authorization types with AWS AppSync GraphQL APIs

1 Answers1