Min
Reputation: 538
How to give separate permissions to GraphQL queries in AWS Amplify
I need to give separate permissions to separate GraphQL queries. For example, currently I have defined two queries @auth gives permission to Admin group to these two queries. How can I give access to any logged in user(Cognito Pools) to invokeLambda query and only Admin group to invokeGetGroups query ? I can't seem to figure out how it is done.
type Query {
@auth(
rules: [
{ allow: groups, groups: ["Admins"] }])
invokeLambda: String @function(name: "pythonLambda-${env}")
invokeGetGroups: String @function(name: "getPatchGroups-${env}")
}
Upvotes: 0
Views: 334
Answers (1)
Cabemo
Reputation: 36
You can use the @auth rule within each function as so:
type Query {
invokeLambda: String
@function(name: "pythonLambda-${env}")
@auth(rules: [{allow: private, provider: userPools}])
invokeGetGroups: String
@function(name: "getPatchGroups-${env}")
@auth(rules: [{allow: groups, groups: ["Admins"]}])
}
I haven't tried it with different auth rules, but I did try with the same auth rules on each function when I was following an AWS tutorial.
Upvotes: 1
Related Questions
- "Not Authorized to access " error on create mutation + GraphQL
- AWS Amplify Graph API that can be accessed without authorization (login)
- Authorization error when updating a GraphQL object using aws-amplify
- AWS Amplify GraphQL - allow owner to create, but only if he belongs to a certain group
- AWS Amplify with GraphQL - Defining authentication rules by different types of users
- Amplify GraphQL Error not authorized to access create
- How to give access to certain user groups in cognito using Appsync
- AWS Amplify GraphQL filter by dynamic Cognito User Group
- Permissions in GraphQL
- GraphQL Authorization / Permission