Thanks for putting this together! I've been trying to figure out how to make a graphql API have public models and enforce user pool permissions on others. I've gone through what you've done, but i think the Amplify lib might not be working right to configure the permissions and the api. It Looks like it only sets up what ever i first specify, in this case the cognito user pools permissions, and doesn't do anything with the api key when configuring more. I try and manually set it up in the console, but then i can't update the schema to have a public and owner permission... Not expecting you to help me debug, i'm just wondering what versions you are using and if you happen to run into anything weird like this.
One thing I ran into is that I was trying to configure the API key by running amplify add auth (I figured making stuff public has to do with auth?), while that should be done in amplify add/update api, but it doesn't sound like that's what's happening to you.
Does your generated aws-exports.js contain aws_appsync_apiKey? If you're using amplify mock it might remove some stuff from there when you shut it down.
It actually does, it also has the keys for the cognito user: aws_user_pools_id. In your amplify/backend/backend-config.json file, do you have an api.<API_NAME>.output.authConfig property that has values in the additionalAuthenticationProviders and defaultAuthentication?
Thanks for putting this together! I've been trying to figure out how to make a graphql API have public models and enforce user pool permissions on others. I've gone through what you've done, but i think the Amplify lib might not be working right to configure the permissions and the api. It Looks like it only sets up what ever i first specify, in this case the cognito user pools permissions, and doesn't do anything with the api key when configuring more. I try and manually set it up in the console, but then i can't update the schema to have a public and owner permission... Not expecting you to help me debug, i'm just wondering what versions you are using and if you happen to run into anything weird like this.
Hey Russ. I'm using @aws-amplify/cli@4.13.4
One thing I ran into is that I was trying to configure the API key by running
amplify add auth
(I figured making stuff public has to do with auth?), while that should be done inamplify add/update api
, but it doesn't sound like that's what's happening to you.Does your generated
aws-exports.js
containaws_appsync_apiKey
? If you're usingamplify mock
it might remove some stuff from there when you shut it down.It actually does, it also has the keys for the cognito user:
aws_user_pools_id
. In youramplify/backend/backend-config.json
file, do you have anapi.<API_NAME>.output.authConfig
property that has values in theadditionalAuthenticationProviders
anddefaultAuthentication
?Yes, I do.
AMAZON_COGNITO_USER_POOLS
is underdefaultAuthentication
andAPI_KEY
is underadditionalAuthenticationProviders