Query and Mutate GraphQL from Lambda function in AWS-Amplify using Cognito for auth

Question

I created a GraphQL api via the amplify api add command and added the schema below. I'm using cognito for auth.

type User @model
  @auth(rules: [{ allow: owner }]) {
  id: ID!

  videos: [Video!] @connection(keyName: "videosByUser", fields: ["id"])
  adverts: [Advert] @connection(keyName:"advertsByUser", fields: ["id"])
}

type Video @model
  @key(name: "videosByUser", fields: ["userId"])
  @auth(rules: [{ allow: owner, operations: [create, update, delete] }]) {

  id: ID!
  title: String!
  description: String!

  size: Float!
  length: Float!
  hashMarks: [Float!]!

  userId: ID!
  # bidrectional connection, if needed
  # user: User! @connection(fields: ["userId"])

  adverts: [VideoAdverts!] @connection(keyName: "advertsByVideo", fields: ["id"])
  streamingLink: AWSURL
}

type VideoAdverts @model(queries: null)
  @key(name: "advertsByVideo", fields: ["videoId", "advertId"])
  @key(name: "videosByAdvert", fields: ["advertId", "videoId"]) {

  id: ID!
  videoId: ID!
  advertId: ID!

  video: Video! @connection(fields: ["videoId"])
  advert: Advert! @connection(fields: ["advertId"])
}

type Advert @model
  @key(name: "advertsByUser", fields: ["userId"])
  @auth(rules: [{ allow: owner, operations: [create, update, delete] }]) {

  id: ID!
  title: String!
  description: String!

  size: Float!
  length: Float!

  creatorId: ID!
  # bidrectional connection, if needed
  # creator: Creator! @connection(fields: ["creatorId"])

  videos: [VideoAdverts!] @connection(keyName: "videosByAdvert", fields: ["id"])
  blacklist: [AdvertBlacklist!] @connection(keyName: "blacklistByAdvert", fields: ["id"])

  startDate: AWSDateTime
  endDate: AWSDateTime
}

This is my first amplify project and I'm having trouble figuring out how to implement the following use cases:

1. Use a lambda function to query data and return to a client.
2. Use a cron triggered lambda function to make an API call and use a mutation to update some fields.

All I have found so far from googling involves using lambdas to interact with data added via the amplify storage add command.

A few other examples I found here on Stackoverflow do not use cognito for auth.

Looks like I will be able to use cloudwatch to trigger lambdas, and so my main problem now is how to actually query and mutate a GraphQL api from a lambda, using cognito for authentication. Any help would be super helpful, thanks :)

Answer 1

The key to authenticating your Lambda functions to interact with your AppSync API is to configure multiple authentication methods. You are using Cognito for your front end application users, however, you do not want to use that for your Lambda function authentication. AppSync supports multiple authentications mechanisms for your API. In your case, you will want to add IAM as the second authentication mechanism.

You can do this from the Amplify CLI:

$ amplify update api

Scanning for plugins...
Plugin scan successful

? Please select from one of the below mentioned services: GraphQL

? Choose the default authorization type for the API Amazon Cognito User Pool
Use a Cognito user pool configured as a part of this project.

? Do you want to configure advanced settings for the GraphQL API Yes, I want 
to make some additional changes.

? Configure additional auth types? Yes

? Choose the additional authorization types you want to configure for the API IAM