Amplify-cli: Add AWS_IAM via Identity Pool as an authorization option when adding a GraphQL API

Created on 3 May 2019 · 6Comments · Source: aws-amplify/amplify-cli

Describe the solution you'd like
Yes, I want to create a GraphQL API with Cognito Identity Pool access using AWS_IAM authorization like I can do for REST API and this can be done via the AppSync console. The Amplify CLI only supports User Pools and API key.

Describe alternatives you've considered
Doing it manually via the AppSync Console and bypassing the CLI.

Additional context
No

feature-request graphql-transformer pending-review

Source

dmennis

👍8 ❤4 🎉4

Most helpful comment

Desperately need this. Need to call AppSync from both front end and Lambda. Lacking support for this is really hamstringing us.

et304383 on 13 May 2019

👍7

All 6 comments

in the same boat here. seems like Cognito identity pools are not supported.

I did try to configure it manually. Using getOpenIdTokenForDeveloperIdentity to get the token.

 const {
        identity_id,
        identity_pool,
        token
    } = el.dataset;

    Amplify.configure(aws_config);

    Auth.configure({
        identityPoolId: identity_pool,
        region: aws_config.aws_project_region
    });

    return Auth.federatedSignIn('developer', {
        token,
        identity_id
    });

But you can't bypass the CLI...
When you try to compile graphql schema with auth directives I am getting this error:

Error: You are trying to use the @auth directive without enabling Amazon Cognito user pools for your API.
Run `amplify update api` and choose "Amazon Cognito User Pool" as the authorization type for the API.

so it requires you to add auth module and create user pools. (but I want identity pool)
help needed. can't use amplify because of this.

ruskid on 9 May 2019

Desperately need this. Need to call AppSync from both front end and Lambda. Lacking support for this is really hamstringing us.

et304383 on 13 May 2019

👍7

We launched multi-auth support for AppSync API (which included public APIs - with API Keys + IAM) as a part of our CLI version 3.8+.
Please take a look at our documentation around it out here for more info - https://aws-amplify.github.io/docs/cli-toolchain/graphql#public-authorization

kaustavghosh06 on 19 Sep 2019

Deploying from the CLI works fine, but I'm getting an error when trying to deploy from AWS Amplify Console.

Error: You are trying to use the @auth directive without enabling Amazon Cognito user pools for your API.

PavleNeskovic on 2 Oct 2019

👍1

Ditto - I'm seeing this in Amplify Console. @PavleNeskovic did you find a workaround?

patspam on 11 Nov 2019

👍3

Hey @patspam and @PavleNeskovic, you're probably done with the issue but here is how I solved it. The issue was my local @amplify/cli package on version 4.2 and the Amplify Console being on version 1.2 (which is surprising). It's why I had error only when deploying via the console.

I solved it pretty simply: Go to the Amplify console, select your project > Build Settings > Build image settings > Live package updates. Add a Package Override on Amplify CLI - latest.

I still can't believe this isn't the default behavior, but at least it solves the issue.