Amplify-cli: How to access amplify GraphQL API on lambda function?

Created on 8 Sep 2019 · 11Comments · Source: aws-amplify/amplify-cli

* Which Category is your question related to? *
API

* What AWS Services are you utilizing? *
Lambda, amplify GraphQL

* Provide additional details e.g. code snippets *
I'd like to operate amplify GraphQL API(authorised by cognito user pool) on lambda function (with rest API by express).
I make resources by amplify CLI like this.

? Choose the function template that you want to use:
  CRUD function for Amazon DynamoDB table (Integration with Amazon API Gateway and Amazon DynamoDB)
❯ Serverless express function (Integration with Amazon API Gateway)

? Do you want to access other resources created in this project from your Lambda function? Yes
? Select the category
 ◯ auth
 ◯ analytics
❯◉ api
 ◯ storage
 ◯ function

Api category has a resource called mygraphql
? Select the operations you want to permit for mygraphql
 ◯ create
 ◉ read
 ◉ update
❯◯ delete

my schema.graphql is here.

type Secret
  @model
  @auth(
    rules: [
      { allow: groups, groups: ["Admin"] }
    ]
  ) {
  id: ID!
  secret: String!
}

I want to do "query GetSecret" and "mutation UpdateSecret" on lambda function.
How to write codes in amplify/backend/function/myfunc/src/app.js to Graphql queries and mutations?
I want to get example codes, but there are no codes on official documents.

I'm waiting for your great supoort. Thank you.

functions question

Source

hi120ki

👍5

Most helpful comment

@hi120ki We launch multi-auth support for GraphQL API yesterday which supports IAM authorization (used by lambda to call your GraphQL API).
Please take a look at - https://aws-amplify.github.io/docs/cli-toolchain/quickstart#graphql-from-lambda for more details.

kaustavghosh06 on 12 Sep 2019

👍5 😄3

All 11 comments

kaustavghosh06 on 12 Sep 2019

👍5 😄3

@kaustavghosh06 I see 3.2.0 is out, but the changelog is not updated since 3.0.0. It's so confusing with your releases. There's SO many changelogs (google "amplify cli changelog" for example) and the main one is not up to date.

houmark on 12 Sep 2019

👍1

Thank you for answering my question.

If you add "@auth" in your shema.graphql and run "amplify push", then an error "@auth directive with 'iam' provider found, but the project has no IAM authentication provider configured." occurred, you have to do "amplify update api" and "additional authorization types → IAM".

hi120ki on 13 Sep 2019

👍1

@hi120ki You would to run ‘amplify update api’ and add IAM as an auth type when asked for advanced security configurations in the CLI flow.

kaustavghosh06 on 13 Sep 2019

👍1

@hi120ki We launch multi-auth support for GraphQL API yesterday which supports IAM authorization (used by lambda to call your GraphQL API).
Please take a look at - https://aws-amplify.github.io/docs/cli-toolchain/quickstart#graphql-from-lambda for more details.

Is there a plan of something similar for DataStore? Right now it seems it's not possible to use it from lambda (throws an error window is not defined)

Bulletninja on 19 Mar 2020

👍1

@Bulletninja thank you!

May I just add a comment:

Amplify Docs on how to call GraphQL API suggest to use

...
const data = await new Promise((resolve, reject) => {
        const httpRequest = https.request({ ...req, host: endpoint }, (result) => {
            result.on('data', (data) => {
                resolve(JSON.parse(data.toString()));
            });
        });
        httpRequest.write(req.body);
        httpRequest.end();
    });
...

Please note the use of result.on('data'.... This seems to rusilt in failed JSON parsing if API call results a "large" payload [probably because it is a steam].

A workaround I found (inspired by an answer here) was to have the following:

...
const data = await new Promise((resolve, reject) => {
      const httpRequest = https.request({ ...reqGQL, host: endpoint }, (result) => {
        let dataString = "";
        result.on('data', (data) => {
          dataString += data.toString();
        });
        result.on('end', function () {
          resolve(JSON.parse(dataString));
        });
      });
      httpRequest.write(reqGQL.body);
      httpRequest.end();
    });
 ...

Please note the addition of result.on('end'.... This seems to help to "rather" the whole payload from the stream, and in turn prevents failure of parsing "large" responses.

FYI @attilah

FOMSON on 28 Mar 2020

👍1

That is not just a workaround — that is the correct way of doing it as I have commented in other issues around the same subject. AWS documentation is just too wrong and error-prone.

houmark on 28 Mar 2020

❤2

@houmark I'm not sure that I've heard of this reported anywhere. Looks like a quick fix to ehs sample in the docs. Would you mind opening up a PR?

undefobj on 29 Mar 2020

@undefobj I mentioned it here:
https://github.com/aws-amplify/amplify-cli/issues/1678#issuecomment-589250260

houmark on 29 Mar 2020

👍1

@hi120ki We launch multi-auth support for GraphQL API yesterday which supports IAM authorization (used by lambda to call your GraphQL API).

Please take a look at - https://aws-amplify.github.io/docs/cli-toolchain/quickstart#graphql-from-lambda for more details.

@kaustavghosh06 hi!

This is currently not working for me.

Obviously it does not work out of the box when mocking (because, as far as I know, local AppSync server has no SSL enabled).

I used http module instead of the https one and manually setup the port. Now I’m getting a not authorized error.

Is this really the “official” way of accessing GraphQL APIs from Lambda using Amplify framework? Signers class in AWS SDK is not even typed. My API has Cognito authentication as default method and IAM as alternative. My function has configured access to the API.