Aws-cdk: [@aws-cdk/aws-appsync] creating a new GraphqlApi and connect Cognito with userPoolConfig

Created on 7 Sep 2020  路  8Comments  路  Source: aws/aws-cdk

So I am trying to provision a GraphqlApi connecting to an existing CognitoPool that is provisioned in a separate stack.
I am trying to use the CDK class GraphqlApi instead of the low level construct CfnGraphQLApi.

However, I fail to see how I can define my defaultAuthorization with an existing UserPool.

My code so far:
`` const api = new GraphqlApi(this, 'ClientApi', { name: this.props.applicationName, schema: Schema.fromAsset(join(${__dirname}/../src/config`, 'schema.graphql')),
authorizationConfig: {
defaultAuthorization: {
authorizationType: AuthorizationType.USER_POOL,
userPoolConfig: {
defaultAction: UserPoolDefaultAction.ALLOW,
userPool: {
userPoolId: config.userPoolId,
userPoolArn: this.getUserPoolArn(config.userPoolId),
// .... it get's impossible here, it requires a IUserPool object
}
}
}
}
````
I have the userPoolId from a config file and I can construct the ARN.

So the problem is that the typing for userPoolConfig is not made for an existing pool.
If you use the Lowlevel construct, you can just pass an object in the shape of CfnGraphQLApi.UserPoolConfigProperty and it is all fine but I wanted to get my api to be written in the higher level CDK and not the lower level constructs.

So how should I go ahead with this??

Environment

  • CDK CLI Version: 1.62
  • Module Version: 1.62
  • Node.js Version: V12.16.1
  • OS: OSX Mojave
  • **Language Typescript 3.8.3
@aws-cdaws-appsync guidance needs-triage
Source
picture mattiLeBlanc

Most helpful comment

@BryanPan342 You are a hero. Yes this works:

const api = new GraphqlApi(this, 'ClientApi', {
      name: this.props.applicationName,
      schema: this.props.schema,
      authorizationConfig: {
        defaultAuthorization: {
          authorizationType: AuthorizationType.USER_POOL,
          userPoolConfig: {
            userPool: UserPool.fromUserPoolId(this, 'userpool', config.userPoolId)
          }
        }
      },
      logConfig: {
        fieldLogLevel: FieldLogLevel.ERROR,
      }
    });

So elegant! Thanks

picture mattiLeBlanc on 9 Sep 2020
🚀2 🎉2

All 8 comments

Going into the source of graphqlapi.js I see that a private method setupUserPoolConfig is called by the class GrahpqlApi which internally also calls the CfnGraphqlApi low level construct.

 this.api = new appsync_generated_1.CfnGraphQLApi(this, 'Resource', {
            name: props.name,
            authenticationType: defaultMode.authorizationType,
            logConfig: this.setupLogConfig(props.logConfig),
            openIdConnectConfig: this.setupOpenIdConnectConfig(defaultMode.openIdConnectConfig),
            userPoolConfig: this.setupUserPoolConfig(defaultMode.userPoolConfig),
            additionalAuthenticationProviders: this.setupAdditionalAuthorizationModes(additionalModes),
            xrayEnabled: props.xrayEnabled,
        });

It shouldn't be difficult to allow us to pas in a userPoolConfig like:

userPoolConfig: {
        userPoolId,
        awsRegion: Stack.of(this).region,
        defaultAction: 'ALLOW'
      },

into the GraphqlApi class, like I do now for CfnGraphqlApi.

mattiLeBlanc picture mattiLeBlanc on 8 Sep 2020

@mattiLeBlanc have you looked into the fromUserPoolId or fromUserPoolArn functions in cognito?

BryanPan342 picture BryanPan342 on 8 Sep 2020
1

@BryanPan342 You are a hero. Yes this works:

const api = new GraphqlApi(this, 'ClientApi', {
      name: this.props.applicationName,
      schema: this.props.schema,
      authorizationConfig: {
        defaultAuthorization: {
          authorizationType: AuthorizationType.USER_POOL,
          userPoolConfig: {
            userPool: UserPool.fromUserPoolId(this, 'userpool', config.userPoolId)
          }
        }
      },
      logConfig: {
        fieldLogLevel: FieldLogLevel.ERROR,
      }
    });

So elegant! Thanks

mattiLeBlanc picture mattiLeBlanc on 9 Sep 2020
🚀2 🎉2

@mattiLeBlanc 馃コ馃コ yayyy okay I'm closing this issue then

BryanPan342 picture BryanPan342 on 9 Sep 2020

@BryanPan342
Maybe it is worth updating this Doco page https://docs.aws.amazon.com/cdk/api/latest/docs/aws-appsync-readme.html
with this solution?

mattiLeBlanc picture mattiLeBlanc on 10 Sep 2020

Since the import paradigm is explained in the docs here, I dont think duplicating the docs would be necessary.

If not, hopefully this issue comes up in a google search :)

BryanPan342 picture BryanPan342 on 10 Sep 2020

@BryanPan342 true. The only thing I can say from experience, that with the vast amount of services and docs that AWS provides, if you develop for let's say Appsync, you often end up on doc pages like https://docs.aws.amazon.com/cdk/api/latest/docs/aws-appsync-readme.html which give a good example but don't include the finer details of edge cases. And then the search starts in Google and the technical docs.

I guess the more I learn about AWS ecosystem, the more I understand where to search but for people that are still at the beginning it is a dense forest of knowledge.

Anyway, thanks for the great help!

mattiLeBlanc picture mattiLeBlanc on 10 Sep 2020
👍2

This is some great feedback @mattiLeBlanc! I also struggled with this when I first started on CDK a couple of weeks ago and I feel like I'm learning a lot every day. Definitely something we are thinking about and working on!

BryanPan342 picture BryanPan342 on 11 Sep 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

abelmokadem picture abelmokadem  路  3Comments
slipdexic picture slipdexic  路  3Comments
nzspambot picture nzspambot  路  3Comments
v-do picture v-do  路  3Comments
kawamoto picture kawamoto  路  3Comments