Howdy! In this tutorial going to create an AppSync GraphQL Web App with AWS Amplify and IAM Authentication using Cognito User Pools. The reason behind this is, if you are creating an web app quickly, the AWS AppSync, Mobile Hub, DynamoDB will come with all the equipments that you need to scale it. So this is such an attempt but um not using the aws amplify cli to create since I would like to know what my configurations looks like when it comes to web. The App will be a react app to quickly show how its done.

AWS Task List

First create AppSync GraphQL API with the data that you want. And change the authentication to IAM

After that create the schema using the existing Post example of the Schema. Create the data resources by pressing the Create Resource button in the AppSync. Then the resolvers and everything will be mapped and created.

Just for the completeness um adding the partial schema below.

input CreatePostInput { title: String! } input DeletePostInput { id: ID! } type Mutation { createPost(input: CreatePostInput!): Post deletePost(input: DeletePostInput!): Post } type Post { id: ID! title: String! } type PostConnection { items: [Post] nextToken: String } type Query { getPost(id: ID!): Post listPosts(filter: TablePostFilterInput, limit: Int, nextToken: String): PostConnection } type Subscription { onCreatePost(id: ID, title: String): Post @aws_subscribe(mutations: ["createPost"]) onUpdatePost(id: ID, title: String): Post @aws_subscribe(mutations: ["updatePost"]) onDeletePost(id: ID, title: String): Post @aws_subscribe(mutations: ["deletePost"]) } input TableBooleanFilterInput { ne: Boolean eq: Boolean } input TableFloatFilterInput { ne: Float eq: Float le: Float lt: Float ge: Float gt: Float contains: Float notContains: Float between: [Float] } input TableIDFilterInput { ne: ID eq: ID le: ID lt: ID ge: ID gt: ID contains: ID notContains: ID between: [ID] beginsWith: ID } input TableIntFilterInput { ne: Int eq: Int le: Int lt: Int ge: Int gt: Int contains: Int notContains: Int between: [Int] } input TablePostFilterInput { id: TableIDFilterInput title: TableStringFilterInput } input TableStringFilterInput { ne: String eq: String le: String lt: String ge: String gt: String contains: String notContains: String between: [String] beginsWith: String } schema { query: Query mutation: Mutation subscription: Subscription }

Next step is to create the AWS Cognito User Pools and Federated Identities.

Navigate to cognito and create a User Pool by clicking manage user pools. Enter the details that you want for the User Pool and create it. Then make sure you create an App Client in the pool itself afterwards. Untick the Generate App client secret option as well.

After that create the Federated Identity using the client ids. Make sure that you create IAM Roles for the identities. Add the App Client Id and Pool Id to the authentication providers after creating the federated identity

Then attach the AWSAppSyncInvokeFullAccess policy to the cognito auth and none auth user roles in AWS IAM.

IMPORTANT: Make sure you create proper policies and permissions for real application and use it. And highly discourage to use None Auth user roles for AppSync in prod.

If you need more detailed version of it, I added a youtube video on this. Check it out.

After that things will be set in the backend for the webapp.

Front End of GraphQL Web App with AWS Amplify and IAM Authentication

I created a sample app in with create-react-app since it was easier for this tutorial. Then install aws-amplify node module.

yarn add --save aws-amplify

Then code the AWS Auth and GrapQL endpoints in the index.js file. This doesn’t have to be the place but I just created it for this example only. You can create separate files to configure it which is the case in aws-amplify/cli.

import React from 'react'; import ReactDOM from 'react-dom'; import './index.css'; import App from './App'; import registerServiceWorker from './registerServiceWorker'; import Amplify from 'aws-amplify'; Amplify.configure({ Auth: { // REQUIRED - Amazon Cognito Identity Pool ID userPoolId: 'us-east-1_Orodsda2i', // REQUIRED - Amazon Cognito Region region: 'us-east-1', // OPTIONAL - Amazon Cognito User Pool ID identityPoolId: 'us-east-1:kv1348da-7474-4a01-029d-0b50475284895', // OPTIONAL - Amazon Cognito Web Client ID userPoolWebClientId: 'gvj78fkasbi8aidsf9fuslanvxpa', }, API: { 'aws_appsync_graphqlEndpoint': 'https://89uvonavoafsdfoahfdsfs.appsync-api.us-east-1.amazonaws.com/graphql', 'aws_appsync_region': 'us-east-1', 'aws_appsync_authenticationType': 'AWS_IAM', }, }); ReactDOM.render(<App />, document.getElementById('root')); registerServiceWorker();

Then create the AWS Query with amplify client as in the following

import React, { Component } from 'react'; import logo from './logo.svg'; import './App.css'; import Amplify, { API, graphqlOperation } from "aws-amplify"; const ListPosts = `query ListPosts { listPosts { items { id title } } }`; class App extends Component { constructor(props) { super(props); this.state = { posts: [], } } async componentWillMount() { const allPosts = await API.graphql(graphqlOperation(ListPosts)); console.log(allPosts); this.setState({ posts: allPosts.data.listPosts.items }); } render() { const { posts } = this.state; return ( <div className="App"> <header className="App-header"> <img src={logo} className="App-logo" alt="logo" /> <h1 className="App-title">Welcome to React</h1> </header> <p className="App-intro"> { posts.map((post, idx) => <div key={idx}>{post.title}</div>) } </p> </div> ); } } export default App;

Then you will be able to see how the data is fetched from the GraphQL endpoints using amplify client.

Again the important thing is this is only to show how the data is fetched. If you are to properly create it,

Create authentication for users with Cognito

Allow the GraphQL Endpoints only to the authenticated users using IAM permissions

Modify the policies to grant the permissions properly

Well thats about it on how to create GraphQL Web App with AWS Amplify and IAM Authentication.

The project is uploaded to the github in this link:

https://github.com/sandaruny/appsync-aws-amplify-iam

Checkout this link if you want to know how to do it with react-native apps: