amplify-cli icon indicating copy to clipboard operation
amplify-cli copied to clipboard
verified publisher icon aws-amplify

Usage pattern to allow either owner or few lambda functions to call GraphQL endpoints

Open rohit3d2003 opened this issue 1 year ago • 0 comments

Amplify CLI Version

12.12.0

Question

I'm currently configuring a GraphQL API using AWS Amplify, and I'm defining the schema for my application. In this schema, I want to ensure that CRUD operations on certain types, like "Account", are restricted to either the owner of the record or specific Lambda functions. I understand that I can use the @auth directive with the owner rule to restrict access to only the owner, like so: type Account @model @auth(rules: [{ allow: owner }]).

However, I also need to allow certain Lambda functions to perform CRUD operations on these records. I want to avoid granting access to other Cognito authenticated users. Using @auth(rules: [{ allow: private }]) won't work in this case, as it doesn't allow Lambda functions access.

I've read that using provider: iam with the owner auth rule isn't supported. What is the recommended approach or usage pattern to achieve this requirement? How can I configure my GraphQL schema to allow both the owner of the record and specific Lambda functions to perform CRUD operations while restricting access from other Cognito authenticated users?

rohit3d2003 avatar May 15 '24 14:05 rohit3d2003