AuthorizationMode

class aws_cdk.aws_appsync.AuthorizationMode(*, authorization_type, api_key_config=None, lambda_authorizer_config=None, open_id_connect_config=None, user_pool_config=None)

Bases: object

(experimental) Interface to specify default or additional authorization(s).

Parameters
  • authorization_type (AuthorizationType) – (experimental) One of possible four values AppSync supports. Default: - AuthorizationType.API_KEY

  • api_key_config (Union[ApiKeyConfig, Dict[str, Any], None]) – (experimental) If authorizationType is AuthorizationType.API_KEY, this option can be configured. Default: - name: ‘DefaultAPIKey’ | description: ‘Default API Key created by CDK’

  • lambda_authorizer_config (Union[LambdaAuthorizerConfig, Dict[str, Any], None]) – (experimental) If authorizationType is AuthorizationType.LAMBDA, this option is required. Default: - none

  • open_id_connect_config (Union[OpenIdConnectConfig, Dict[str, Any], None]) – (experimental) If authorizationType is AuthorizationType.OIDC, this option is required. Default: - none

  • user_pool_config (Union[UserPoolConfig, Dict[str, Any], None]) – (experimental) If authorizationType is AuthorizationType.USER_POOL, this option is required. Default: - none

Stability

experimental

ExampleMetadata

infused

Example:

api = appsync.GraphqlApi(self, "Api",
    name="demo",
    schema=appsync.Schema.from_asset(path.join(__dirname, "schema.graphql")),
    authorization_config=appsync.AuthorizationConfig(
        default_authorization=appsync.AuthorizationMode(
            authorization_type=appsync.AuthorizationType.IAM
        )
    ),
    xray_enabled=True
)

demo_table = dynamodb.Table(self, "DemoTable",
    partition_key=dynamodb.Attribute(
        name="id",
        type=dynamodb.AttributeType.STRING
    )
)

demo_dS = api.add_dynamo_db_data_source("demoDataSource", demo_table)

# Resolver for the Query "getDemos" that scans the DynamoDb table and returns the entire list.
demo_dS.create_resolver(
    type_name="Query",
    field_name="getDemos",
    request_mapping_template=appsync.MappingTemplate.dynamo_db_scan_table(),
    response_mapping_template=appsync.MappingTemplate.dynamo_db_result_list()
)

# Resolver for the Mutation "addDemo" that puts the item into the DynamoDb table.
demo_dS.create_resolver(
    type_name="Mutation",
    field_name="addDemo",
    request_mapping_template=appsync.MappingTemplate.dynamo_db_put_item(
        appsync.PrimaryKey.partition("id").auto(),
        appsync.Values.projecting("input")),
    response_mapping_template=appsync.MappingTemplate.dynamo_db_result_item()
)

Attributes

api_key_config

(experimental) If authorizationType is AuthorizationType.API_KEY, this option can be configured.

Default
  • name: ‘DefaultAPIKey’ | description: ‘Default API Key created by CDK’

Stability

experimental

Return type

Optional[ApiKeyConfig]

authorization_type

(experimental) One of possible four values AppSync supports.

Default
  • AuthorizationType.API_KEY

See

https://docs.aws.amazon.com/appsync/latest/devguide/security.html

Stability

experimental

Return type

AuthorizationType

lambda_authorizer_config

(experimental) If authorizationType is AuthorizationType.LAMBDA, this option is required.

Default
  • none

Stability

experimental

Return type

Optional[LambdaAuthorizerConfig]

open_id_connect_config

(experimental) If authorizationType is AuthorizationType.OIDC, this option is required.

Default
  • none

Stability

experimental

Return type

Optional[OpenIdConnectConfig]

user_pool_config

(experimental) If authorizationType is AuthorizationType.USER_POOL, this option is required.

Default
  • none

Stability

experimental

Return type

Optional[UserPoolConfig]