CODEWITHSUNDEEP
amazon-cognitoamazon-iamaws-appsyncaws-sdk-js
JointEffort
JointEffort

Reputation: 643

AWS AppSync unauthenticated access WITHOUT Amplify

Does anyone know how to configure AWS IAM/Cognito/AppSync to allow access to the AppSync API for unauthenticated users, without using Amplify? I see a lot of examples of how to configure it WITH Amplify and API keys (they expire).

I already have:

What I miss in documentation and examples is:

Upvotes: 3

Views: 994

Answers (1)

Nestor
Nestor

Reputation: 559

How to make an unauthenticated call using Postman?

According to appsync docs:

Unauthenticated APIs require more strict throttling than authenticated APIs. One way to control throttling for unauthenticated GraphQL endpoints is through the use of API keys. An API key is a hard-coded value in your application that is generated by the AWS AppSync service when you create an unauthenticated GraphQL endpoint.

So having ABC123 as the api key, you can send a query this way:

$ curl -XPOST -H "Content-Type:application/graphql" -H "x-api-key:ABC123" -d '{ "query": "query { movies { id } }" }' https://YOURAPPSYNCENDPOINT/graphql

Edit: Sorry didnt realize it was Identity pool, not user pools. Leaving here anyway. This below is for USER POOLS

How to connect AppSync to this specific Identity Pool?

When you create the default authorization mode in your appsync or when you add Additional authorization providers, you set the requirements for any mode you specify. In the case of AMAZON_COGNITO_USER_POOLS you set the following:

  • AWS Region
  • user pool
  • default action

The way you create the resources may vary from one tech to another, for example, using the aws cli:

$ aws appsync --region us-west-2 create-graphql-api --authentication-type AMAZON_COGNITO_USER_POOLS  --name userpoolstest --user-pool-config '{ "userPoolId":"test", "defaultEffect":"ALLOW", "awsRegion":"us-west-2"}'

For more explanation check appsync documentation (link provided), the examples are from there.

Upvotes: 0

Related Questions