You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently configuring a GraphQL API using AWS Amplify, and I'm defining the schema for my application. In this schema, I want to ensure that CRUD operations on certain types, like "Account", are restricted to either the owner of the record or specific Lambda functions. I understand that I can use the @auth directive with the owner rule to restrict access to only the owner, like so: type Account @model @auth(rules: [{ allow: owner }]).
However, I also need to allow certain Lambda functions to perform CRUD operations on these records. I want to avoid granting access to other Cognito authenticated users. Using @auth(rules: [{ allow: private }]) won't work in this case, as it doesn't allow Lambda functions access.
I've read that using provider: iam with the owner auth rule isn't supported. What is the recommended approach or usage pattern to achieve this requirement? How can I configure my GraphQL schema to allow both the owner of the record and specific Lambda functions to perform CRUD operations while restricting access from other Cognito authenticated users?
The text was updated successfully, but these errors were encountered:
Hey 👋 , This issue is being closed due to inactivity. If you are still experiencing the same problem and need further assistance, please feel free to leave a comment. This will enable us to reopen the issue and provide you with the necessary support.
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
Amplify CLI Version
12.12.0
Question
I'm currently configuring a GraphQL API using AWS Amplify, and I'm defining the schema for my application. In this schema, I want to ensure that CRUD operations on certain types, like "Account", are restricted to either the owner of the record or specific Lambda functions. I understand that I can use the @auth directive with the owner rule to restrict access to only the owner, like so: type Account @model @auth(rules: [{ allow: owner }]).
However, I also need to allow certain Lambda functions to perform CRUD operations on these records. I want to avoid granting access to other Cognito authenticated users. Using @auth(rules: [{ allow: private }]) won't work in this case, as it doesn't allow Lambda functions access.
I've read that using provider: iam with the owner auth rule isn't supported. What is the recommended approach or usage pattern to achieve this requirement? How can I configure my GraphQL schema to allow both the owner of the record and specific Lambda functions to perform CRUD operations while restricting access from other Cognito authenticated users?
The text was updated successfully, but these errors were encountered: