https://serverless-stack.com/ logo
Join Slack
Powered by
I can’t figure out how to get this working in SST/...
# help
s
I can’t figure out how to get this working in SST/CDK. it works in the Serverless Framework version of my API
Copy code
import { defaultProvider } from '@aws-sdk/credential-provider-node';
import AWSAppSyncClient, { AUTH_TYPE } from 'aws-appsync';
import 'isomorphic-fetch';

const appSyncClient = new AWSAppSyncClient({
  url: process.env.GRAPHQL_ENDPOINT_URL,
  region: 'us-east-1',
  auth: {
    type: AUTH_TYPE.AWS_IAM,
    credentials: defaultProvider(),
  },
  disableOffline: true,
});

let client: AWSAppSyncClient<any>;

export default async function getGraphqlClient() {
  if (client) return client;

  client = await appSyncClient.hydrated();
  return client;
}
the credentials are no good for some reason, I’m getting a 401 when my API tries to make a GraphQL call 🤔
a
I can’t make IAM auth to work with API GW v2 😞.
It’s driving me crazy, going to contact AWS support.
s
@Adrián Mouly I have it working in my other project, which is what’s puzzling.
I’ll ping if you when I figure it out
gonna try this:
Copy code
permissions: [
          new iam.PolicyStatement({
            effect: iam.Effect.ALLOW,
            actions: ['appsync:GraphQL'],
            resources: [`${appSyncApi.graphqlApi.arn}/*`],
          }),
        ],
@Adrián Mouly oh no.. woops, it was as easy as just doing 
permissions: [[appSyncApi.graphqlApi, 'grantMutation']]
on the Lambda func
so, no more 401 error, but now it hangs when trying to execute a mutation
a
🤦‍♂️
s
aha! missing dependency
it works. did you get yours working, Adrián?
a
I’m not using AppSync, but also using AWS_IAM.
s
ahh
oh right, IAM as an authorizer for API Gateway
a
Yeah.
s
I’m using Cognito/JWT for my HTTP API, so unfortunately I can’t be of much help 😞
but I’d say if you’re paying the $100/mo for AWS tech support, use them 😄
I bug them all the time via chat
a
Yeah, I’m going to contact them.
The problem is I have support on one account, not in DEV account.
So I need to deploy my services into the other account, haha.
s
yeah, they’re picky about that
I flat out told the last support guy, I’m not paying a support fee for every dev account. they’re JUST dev accounts, it’s not like I’m running a whole business off each one
a
Yeah.
Maybe we are stressing the model using X amount of accounts.
AWS should provide support per-business.
s
I agree. it’s odd they recommend multiple AWS accounts but then make it difficult to get support
Open in Slack
PreviousNext
Powered by