feat(events-targets): add support for AppSync as an EventBridge rule target #29584
Conversation
github-actions
bot
added
p2
beginning-contributor
aws-cdk-automation
added
the
pr/needs-community-review
| if (this.props.deadLetterQueue) { | ||
| addToDeadLetterQueueResourcePolicy(rule, this.props.deadLetterQueue); | ||
| } | ||
|
|
There was a problem hiding this comment.
From docs:
EventBridge supports AWS AppSync public GraphQL APIs. EventBridge does not currently support AWS AppSync Private APIs.
Shouldn't we validate visibility: 'GLOBAL' as well?
| const role = this.props.eventRole || singletonEventRole(this.appsyncApi); | ||
|
|
||
| // if a role was not provided, attach a permission | ||
| if (!this.props.eventRole) { |
There was a problem hiding this comment.
| if (!this.props.eventRole) { | |
| if (!this.props.eventRole && this.props.mutationFields.length) { |
Should we grant permissions if there are no mutationFields?
Also, is it ok to assume that the provided eventRole will always have the necessary permissions?
There was a problem hiding this comment.
removed mutationFields, developer needs to provide the proper permissions if they specify the role directly. If eventRole is provided by customer, there's no check.
There was a problem hiding this comment.
developer needs to provide the proper permissions if they specify the role directly
Can you please add it to the README with an example?
| /** | ||
| * The variables that are include in the GraphQL operation. | ||
| */ | ||
| readonly variables: events.RuleTargetInput; |
There was a problem hiding this comment.
| readonly variables: events.RuleTargetInput; | |
| readonly variables?: events.RuleTargetInput; |
Can we expect GraphQL queries without variables?
There was a problem hiding this comment.
changed to optional
| // GIVEN | ||
| let stack: cdk.Stack; |
There was a problem hiding this comment.
| // GIVEN | |
| let stack: cdk.Stack; | |
| describe('AppSync GraphQL API target', () => { | |
| let stack: cdk.Stack; | |
| ... |
Let's wrap it in a describe to keep it more organized.
Also, can you please remove the commented dead-code in the file?
aws-cdk-automation
removed
the
pr/needs-community-review
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
Co-authored-by: Luca Pizzini <lpizzini7@gmail.com>
onlybakam
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
onlybakam
force-pushed
the
appsync-event-target
branch
from
3c1159b
to
d4667c4
Compare
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
| message: events.EventField.fromPath('$.detail'), | ||
| }), | ||
| })); | ||
| }).toThrow('You must have AWS_IAM authorization mode enabled on your API to configure an AppSync target'); |
There was a problem hiding this comment.
is this the correct error to be checking for this test case? should be it expecting "throw new Error('You must have a valid graphQLEndpointArn set')" instead?
There was a problem hiding this comment.
right. fixing setup and check.
| const sec_api = new appsync.GraphqlApi(stack, 'sec_api', { | ||
| name: 'no_iam_api', | ||
| definition: appsync.Definition.fromFile(path.join(__dirname, 'appsync.test.graphql')), | ||
| authorizationConfig: { additionalAuthorizationModes: [{ authorizationType: appsync.AuthorizationType.IAM }] }, |
There was a problem hiding this comment.
what happens if the secondary auth type is not IAM ?
There was a problem hiding this comment.
IAM needs to be one of the supported modes. either primary or secondary. if none are configured as IAM the target definition should fail.
|
|
||
| ```ts | ||
| import * as appsync from 'aws-cdk-lib/aws-appsync'; | ||
| declare const api: appsync.GraphqlApi; |
There was a problem hiding this comment.
I think we should include the instantiation of GraphqlApi to make the example more complete, especially if there are properties that need to be configured to a certain value, e.g. AWS_IAM for authorization
Co-authored-by: Grace Luo <54298030+gracelu0@users.noreply.github.com>
Co-authored-by: Grace Luo <54298030+gracelu0@users.noreply.github.com>
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
@Mergifyio update |
❌ Mergify doesn't have permission to updateFor security reasons, Mergify can't update this pull request. Try updating locally. |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
@Mergifyio queue |
🛑 The pull request has been removed from the queue
|
|
@Mergifyio refresh |
✅ Pull request refreshed |
Reason for this change
Introduces support to configure AppSync GraphQLAPI as an EventBridge target.
Description of changes
GraphQLEndpointArnattribute in L2 GraphQLAPI constructevents.IRuleTargetforAppSyncDescription of how you validated changes
unit test and integration tests
Issue
Solves #29884
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license