AWSTemplateFormatVersion: 2010-09-09 Description: AppSync setup Parameters: FunctionStack: Description: The stack name that deploys the Lambda functions to invoke. Type: String Resources: DataSourceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: appsync.amazonaws.com Policies: - PolicyName: LambdaInvoker PolicyDocument: Version: 2012-10-17 Statement: - Action: lambda:InvokeFunction Effect: Allow Resource: - Fn::Join: - '' - - 'arn:aws:lambda:' - !Ref AWS::Region - ':' - !Ref AWS::AccountId - ':function:' - Fn::ImportValue: !Sub '${FunctionStack}-functions-User' - Fn::Join: - '' - - 'arn:aws:lambda:' - !Ref AWS::Region - ':' - !Ref AWS::AccountId - ':function:' - Fn::ImportValue: !Sub '${FunctionStack}-functions-User' - ':*' RoleName: !Sub '${AWS::StackName}-lambda-role' GqlApi: Type: AWS::AppSync::GraphQLApi Properties: AuthenticationType: AWS_IAM Name: !Ref AWS::StackName GqlSchema: Type: AWS::AppSync::GraphQLSchema Properties: ApiId: !GetAtt GqlApi.ApiId Definition: | type Mutation { deleteUser(id: String, cognitoIdentityId__: String): ! patchUser(userPatchForm: UserPatchFormInput! cognitoIdentityId__: String): User! postUser(userForm: UserFormInput! cognitoIdentityId__: String): User! } type Query { getUser(id: String, cognitoIdentityId__: String): User } input UserInput { email: String id: String name: String status: user_status } type User { email: String! id: String! name: String status: user_status! } input UserEmailPatchFormInput { email: String } type UserEmailPatchForm { email: String! } input UserFormInput { email: String name: String status: user_status } type UserForm { email: String! name: String status: user_status! } input UserStatusPatchFormInput { status: user_status } type UserStatusPatchForm { status: user_status! } enum UserStatus { ACTIVE INACTIVE } schema { query: Query mutation: Mutation } DependsOn: - GqlApi UserDataSource: Type: AWS::AppSync::DataSource Properties: ApiId: !GetAtt GqlApi.ApiId LambdaConfig: LambdaFunctionArn: Fn::Join: - '' - - 'arn:aws:lambda:' - !Ref AWS::Region - ':' - !Ref AWS::AccountId - ':function:' - Fn::ImportValue: !Sub '${FunctionStack}-functions-User' Name: user_lambda ServiceRoleArn: !GetAtt DataSourceRole.Arn Type: AWS_LAMBDA DependsOn: - DataSourceRole - GqlApi DeleteUserResolver: Type: AWS::AppSync::Resolver Properties: ApiId: !GetAtt GqlApi.ApiId FieldName: deleteUser TypeName: Mutation DataSourceName: !GetAtt UserDataSource.Name RequestMappingTemplate: | #set( $cognitoIdentityId = $context.identity.cognitoIdentityId ) #if($context.identity.userArn.matches('arn:aws:iam::\d+:user/.*')) #if($context.args.cognitoIdentityId__) #set( $cognitoIdentityId = $context.args.cognitoIdentityId__ ) #elseif( $context.source.cognitoIdentityId__ ) #set( $cognitoIdentityId = $context.source.cognitoIdentityId__ ) #end #end #set( $unamepwd = "$util.urlEncode($cognitoIdentityId):" ) { "version" : "2017-02-28", "operation": "Invoke", "payload": { "source": "AppSync", "httpMethod": "delete", "headers": { "Authorization": "Basic $util.base64Encode($unamepwd)", }, "pathParameters": { "id": "$util.escapeJavaScript($context.args.id)" }, "queryStringParameters": { } } } ResponseMappingTemplate: | #if($context.result.statusCode >= 200 && $context.result.statusCode <= 299) #set( $result = $util.parseJson($context.result.body) ) #if($context.args.cognitoIdentityId__) #set( $result.cognitoIdentityId__ = $context.args.cognitoIdentityId__ ) #elseif($context.source.cognitoIdentityId__) #set( $result.cognitoIdentityId__ = $context.source.cognitoIdentityId__ ) #end $util.toJson($result) #else $utils.error($util.parseJson($context.result.body).message, $context.result.statusCode.toString(), $util.parseJson($context.result.body)) #end DependsOn: - GqlApi - GqlSchema - UserDataSource GetUserResolver: Type: AWS::AppSync::Resolver Properties: ApiId: !GetAtt GqlApi.ApiId FieldName: getUser TypeName: Query DataSourceName: !GetAtt UserDataSource.Name RequestMappingTemplate: | #set( $cognitoIdentityId = $context.identity.cognitoIdentityId ) #if($context.identity.userArn.matches('arn:aws:iam::\d+:user/.*')) #if($context.args.cognitoIdentityId__) #set( $cognitoIdentityId = $context.args.cognitoIdentityId__ ) #elseif( $context.source.cognitoIdentityId__ ) #set( $cognitoIdentityId = $context.source.cognitoIdentityId__ ) #end #end #set( $unamepwd = "$util.urlEncode($cognitoIdentityId):" ) { "version" : "2017-02-28", "operation": "Invoke", "payload": { "source": "AppSync", "httpMethod": "get", "headers": { "Authorization": "Basic $util.base64Encode($unamepwd)", }, "pathParameters": { "id": "$util.escapeJavaScript($context.args.id)" }, "queryStringParameters": { } } } ResponseMappingTemplate: | #if($context.result.statusCode >= 200 && $context.result.statusCode <= 299) #set( $result = $util.parseJson($context.result.body) ) #if($context.args.cognitoIdentityId__) #set( $result.cognitoIdentityId__ = $context.args.cognitoIdentityId__ ) #elseif($context.source.cognitoIdentityId__) #set( $result.cognitoIdentityId__ = $context.source.cognitoIdentityId__ ) #end $util.toJson($result) #else $utils.error($util.parseJson($context.result.body).message, $context.result.statusCode.toString(), $util.parseJson($context.result.body)) #end DependsOn: - GqlApi - GqlSchema - UserDataSource PatchUserResolver: Type: AWS::AppSync::Resolver Properties: ApiId: !GetAtt GqlApi.ApiId FieldName: patchUser TypeName: Mutation DataSourceName: !GetAtt UserDataSource.Name RequestMappingTemplate: | #set( $cognitoIdentityId = $context.identity.cognitoIdentityId ) #if($context.identity.userArn.matches('arn:aws:iam::\d+:user/.*')) #if($context.args.cognitoIdentityId__) #set( $cognitoIdentityId = $context.args.cognitoIdentityId__ ) #elseif( $context.source.cognitoIdentityId__ ) #set( $cognitoIdentityId = $context.source.cognitoIdentityId__ ) #end #end #set( $unamepwd = "$util.urlEncode($cognitoIdentityId):" ) { "version" : "2017-02-28", "operation": "Invoke", "payload": { "source": "AppSync", "httpMethod": "patch", "body": "$util.escapeJavaScript($util.toJson($context.args.userPatchForm))", "headers": { "Authorization": "Basic $util.base64Encode($unamepwd)", }, "pathParameters": { }, "queryStringParameters": { } } } ResponseMappingTemplate: | #if($context.result.statusCode >= 200 && $context.result.statusCode <= 299) #set( $result = $util.parseJson($context.result.body) ) #if($context.args.cognitoIdentityId__) #set( $result.cognitoIdentityId__ = $context.args.cognitoIdentityId__ ) #elseif($context.source.cognitoIdentityId__) #set( $result.cognitoIdentityId__ = $context.source.cognitoIdentityId__ ) #end $util.toJson($result) #else $utils.error($util.parseJson($context.result.body).message, $context.result.statusCode.toString(), $util.parseJson($context.result.body)) #end DependsOn: - GqlApi - GqlSchema - UserDataSource PostUserResolver: Type: AWS::AppSync::Resolver Properties: ApiId: !GetAtt GqlApi.ApiId FieldName: postUser TypeName: Mutation DataSourceName: !GetAtt UserDataSource.Name RequestMappingTemplate: | #set( $cognitoIdentityId = $context.identity.cognitoIdentityId ) #if($context.identity.userArn.matches('arn:aws:iam::\d+:user/.*')) #if($context.args.cognitoIdentityId__) #set( $cognitoIdentityId = $context.args.cognitoIdentityId__ ) #elseif( $context.source.cognitoIdentityId__ ) #set( $cognitoIdentityId = $context.source.cognitoIdentityId__ ) #end #end #set( $unamepwd = "$util.urlEncode($cognitoIdentityId):" ) { "version" : "2017-02-28", "operation": "Invoke", "payload": { "source": "AppSync", "httpMethod": "post", "body": "$util.escapeJavaScript($util.toJson($context.args.userForm))", "headers": { "Authorization": "Basic $util.base64Encode($unamepwd)", }, "pathParameters": { }, "queryStringParameters": { } } } ResponseMappingTemplate: | #if($context.result.statusCode >= 200 && $context.result.statusCode <= 299) #set( $result = $util.parseJson($context.result.body) ) #if($context.args.cognitoIdentityId__) #set( $result.cognitoIdentityId__ = $context.args.cognitoIdentityId__ ) #elseif($context.source.cognitoIdentityId__) #set( $result.cognitoIdentityId__ = $context.source.cognitoIdentityId__ ) #end $util.toJson($result) #else $utils.error($util.parseJson($context.result.body).message, $context.result.statusCode.toString(), $util.parseJson($context.result.body)) #end DependsOn: - GqlApi - GqlSchema - UserDataSource Outputs: ApiEndpoint: Description: The endpoint for the AppSync API. Value: !GetAtt GqlApi.GraphQLUrl