How to send signed HTTP request from AWS Lambda to AppSync GraphQL?

Question

I am not sure how to send signed http request do AppSync GraphQL endpoint. There is no library for do that in AWS.

• aws-amplify don't work because works only in browser, not in Lambda function.
• aws-sdk for AppSync is only for admin usage, it doesn't have methods for call user side api

It is possible to make IAM signed HTTP request from AWS Lambda? (in some easy way)

Answer 1

i would recommend reading this article: Backend GraphQL: How to trigger an AWS AppSync mutation from AWS Lambda,

quoting the author, https://stackoverflow.com/users/1313441/adrian-hall, we've:

GraphQL is routed over HTTPS. That means we can simulate the GraphQL client libraries with a simple HTTPS POST. Since we are using IAM, we need to sign the request before we deliver it. Here is my code for this:

// ... more code here
    // POST the GraphQL mutation to AWS AppSync using a signed connection
    const uri = URL.parse(env.GRAPHQL_API);
    const httpRequest = new AWS.HttpRequest(uri.href, env.REGION);
    httpRequest.headers.host = uri.host;
    httpRequest.headers['Content-Type'] = 'application/json';
    httpRequest.method = 'POST';
    httpRequest.body = JSON.stringify(post_body);

    AWS.config.credentials.get(err => {
        const signer = new AWS.Signers.V4(httpRequest, "appsync", true);
        signer.addAuthorization(AWS.config.credentials, AWS.util.date.getDate());

        const options = {
            method: httpRequest.method,
            body: httpRequest.body,
            headers: httpRequest.headers
        };

        fetch(uri.href, options)
// ... more code here

I've been using it as a template for all my Lambda->AppSync communication!