Skip to content

chore: update auth docs now that cdk tokens are supported for adminRole and identityPoolId #6032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Oct 17, 2023
Merged

chore: update auth docs now that cdk tokens are supported for adminRole and identityPoolId #6032

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f6e218d
chore: update auth docs now that cdk tokens are supported for adminRo…
alharris-at Oct 17, 2023
8434660
Update src/pages/cli/graphql/authorization-rules.mdx
renebrandel Oct 17, 2023
44bedf4
fix: update example naming
alharris-at Oct 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 31 additions & 25 deletions src/pages/cli/graphql/authorization-rules.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,7 @@ input AMPLIFY { globalAuthRule: AuthRule = { allow: public } }
</Block>
<Block name="AWS CDK">

```graphql
input AMPLIFY { globalAuthRule: AuthRule = { allow: public } }
```

In your CDK construct, you'll need to enable this "sandbox mode" via an input parameter, rather than as part of the Graphql schema definition:
In the CDK construct, we call this the "sandbox mode" that you need to explicitly enable via an input parameter.

```ts
new AmplifyGraphqlApi(this, "MyNewApi", {
Expand Down Expand Up @@ -108,28 +104,33 @@ When you run `amplify add auth`, the Amplify CLI generates scoped down IAM poli
Designate an IAM role for unauthenticated identities by setting the `iamConfig` property:

```ts
const amplifyApi = new AmplifyGraphqlApi(this, "MyNewApi", {
// Note: this sample uses the alpha Cognito Identity Pool construct, but is not required, CfnIdentityPool can be used as well
import cognito_identitypool from '@aws-cdk/aws-cognito-identitypool-alpha';

const identityPool = new cognito_identitypool.IdentityPool(stack, 'MyNewIdentityPool', {
allowUnauthenticatedIdentities: true,
authenticationProviders: { userPools: [new cognito_identitypool.UserPoolAuthenticationProvider({
userPool: <your_user_pool>,
userPoolClient: <your_user_pool_client>,
})] },
});

new AmplifyGraphqlApi(this, "MyNewApi", {
definition: AmplifyGraphqlDefinition.fromFiles(path.join(__dirname, "schema.graphql")),
authorizationModes: {
defaultAuthorizationMode: 'API_KEY',
apiKeyConfig: {
expires: cdk.Duration.days(30)
},
iamConfig: {
identityPoolId: "<region>:<id string>", // <-- pass in your identity pool ID
unauthenticatedUserRole: ..., // <-- pass in your unauthenticatedUserRole here
authenticatedUserRole: ... // <-- pass in your authenticatedUserRole here
identityPoolId: identityPool.identityPoolId,
authenticatedUserRole: identityPool.authenticatedRole,
unauthenticatedUserRole: identityPool.unauthenticatedRole,
}
},
})
```

<Callout warning>

**Note:** You must pass the identity pool ID as a string in the format above. Using a reference through a CDK token is currently not supported.

</Callout>

</Block>
</BlockSwitcher>

Expand Down Expand Up @@ -230,28 +231,33 @@ When you run `amplify add auth`, the Amplify CLI generates scoped down IAM poli
Designate an IAM role for authenticated identities by setting the `iamConfig` property:

```ts
const amplifyApi = new AmplifyGraphqlApi(this, "MyNewApi", {
// Note: this sample uses the alpha Cognito Identity Pool construct, but is not required, CfnIdentityPool can be used as well
import cognito_identitypool from '@aws-cdk/aws-cognito-identitypool-alpha';

const identityPool = new cognito_identitypool.IdentityPool(stack, 'MyNewIdentityPool', {
allowUnauthenticatedIdentities: true,
authenticationProviders: { userPools: [new cognito_identitypool.UserPoolAuthenticationProvider({
userPool: <your_user_pool>,
userPoolClient: <your_user_pool_client>,
})] },
});

new AmplifyGraphqlApi(this, "MyNewApi", {
definition: AmplifyGraphqlDefinition.fromFiles(path.join(__dirname, "schema.graphql")),
authorizationModes: {
defaultAuthorizationMode: 'API_KEY',
apiKeyConfig: {
expires: cdk.Duration.days(30)
},
iamConfig: {
identityPoolId: "<region>:<id string>", // <-- pass in your identity pool ID
unauthenticatedUserRole: ..., // <-- pass in your unauthenticatedUserRole here
authenticatedUserRole: ... // <-- pass in your authenticatedUserRole here
identityPoolId: identityPool.identityPoolId,
authenticatedUserRole: identityPool.authenticatedRole,
unauthenticatedUserRole: identityPool.unauthenticatedRole,
}
},
})
```

<Callout warning>

**Note:** You must pass the identity pool ID as a string in the format above. Using a reference through a CDK token is currently not supported.

</Callout>

</Block>
</BlockSwitcher>

Expand Down