Edit:
Here's an updated version of this blog:
https://sedkodes.com/blog/aws-appsync-for-unauthenticated-users
This took me days to get the handle of, so here's to hoping I can save anybody else the trouble.
so you want to expose some of your queries (but not all!) to public users, so that users can use/interact with your app before having to sign up. Makes sense!!
Well, it's a royal PITA.
Set your Appsync API to be protected by IAM
Create a Cognito identity pool, and create a role for unauthenticated users:
For the unauthenticated role, specifically assign the fields/types you want.
If you'd like to be confused by AWS' documentation of how to do this, start here, or here.
Alternatively, you can copy this template where I give access to two subscriptions only:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "appsync:GraphQL",
"Resource": [
"arn:aws:appsync:*:*:apis/*/types/*/fields/onCreateOrders",
"arn:aws:appsync:*:*:apis/*/types/*/fields/onUpdateOrders"
]
}
]
}
Finally, in our JS code, I use the Amplify SDK, so here's how I configure that:
const config = awsRealtimeConfig: {
aws_appsync_graphqlEndpoint: "https://<graphql-id>.appsync-api.<aws-region>.amazonaws.com/graphql",
aws_appsync_region: "<region>",
aws_appsync_authenticationType: 'AWS_IAM',
Auth: {
identityPoolId: 'us-east-2:pool-id-here',
region: 'us-east-2',
}
},
Amplify.configure(config)
Top comments (0)