Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi IDP Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS
  3. API Docs
  4. appsync
  5. GraphQLApi
AWS v7.7.0 published on Friday, Sep 5, 2025 by Pulumi
pulumi/pulumi-aws

aws.appsync.GraphQLApi

Explore with Pulumi AI

aws logo
AWS v7.7.0 published on Friday, Sep 5, 2025 by Pulumi
pulumi/pulumi-aws

    Provides an AppSync GraphQL API.

    Example Usage

    API Key Authentication

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "API_KEY",
    name: "example",
});

    import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="API_KEY",
    name="example")

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("API_KEY"),
			Name:               pulumi.String("example"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "API_KEY",
        Name = "example",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()
            .authenticationType("API_KEY")
            .name("example")
            .build());

    }
}

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: API_KEY
      name: example

    AWS IAM Authentication

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AWS_IAM",
    name: "example",
});

    import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="AWS_IAM",
    name="example")

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("AWS_IAM"),
			Name:               pulumi.String("example"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AWS_IAM",
        Name = "example",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()
            .authenticationType("AWS_IAM")
            .name("example")
            .build());

    }
}

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AWS_IAM
      name: example

    AWS Cognito User Pool Authentication

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AMAZON_COGNITO_USER_POOLS",
    name: "example",
    userPoolConfig: {
        awsRegion: current.region,
        defaultAction: "DENY",
        userPoolId: exampleAwsCognitoUserPool.id,
    },
});

    import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="AMAZON_COGNITO_USER_POOLS",
    name="example",
    user_pool_config={
        "aws_region": current["region"],
        "default_action": "DENY",
        "user_pool_id": example_aws_cognito_user_pool["id"],
    })

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("AMAZON_COGNITO_USER_POOLS"),
			Name:               pulumi.String("example"),
			UserPoolConfig: &appsync.GraphQLApiUserPoolConfigArgs{
				AwsRegion:     pulumi.Any(current.Region),
				DefaultAction: pulumi.String("DENY"),
				UserPoolId:    pulumi.Any(exampleAwsCognitoUserPool.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AMAZON_COGNITO_USER_POOLS",
        Name = "example",
        UserPoolConfig = new Aws.AppSync.Inputs.GraphQLApiUserPoolConfigArgs
        {
            AwsRegion = current.Region,
            DefaultAction = "DENY",
            UserPoolId = exampleAwsCognitoUserPool.Id,
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiUserPoolConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()
            .authenticationType("AMAZON_COGNITO_USER_POOLS")
            .name("example")
            .userPoolConfig(GraphQLApiUserPoolConfigArgs.builder()
                .awsRegion(current.region())
                .defaultAction("DENY")
                .userPoolId(exampleAwsCognitoUserPool.id())
                .build())
            .build());

    }
}

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AMAZON_COGNITO_USER_POOLS
      name: example
      userPoolConfig:
        awsRegion: ${current.region}
        defaultAction: DENY
        userPoolId: ${exampleAwsCognitoUserPool.id}

    OpenID Connect Authentication

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "OPENID_CONNECT",
    name: "example",
    openidConnectConfig: {
        issuer: "https://example.com",
    },
});

    import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="OPENID_CONNECT",
    name="example",
    openid_connect_config={
        "issuer": "https://example.com",
    })

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("OPENID_CONNECT"),
			Name:               pulumi.String("example"),
			OpenidConnectConfig: &appsync.GraphQLApiOpenidConnectConfigArgs{
				Issuer: pulumi.String("https://example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "OPENID_CONNECT",
        Name = "example",
        OpenidConnectConfig = new Aws.AppSync.Inputs.GraphQLApiOpenidConnectConfigArgs
        {
            Issuer = "https://example.com",
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiOpenidConnectConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()
            .authenticationType("OPENID_CONNECT")
            .name("example")
            .openidConnectConfig(GraphQLApiOpenidConnectConfigArgs.builder()
                .issuer("https://example.com")
                .build())
            .build());

    }
}

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: OPENID_CONNECT
      name: example
      openidConnectConfig:
        issuer: https://example.com

    AWS Lambda Authorizer Authentication

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AWS_LAMBDA",
    name: "example",
    lambdaAuthorizerConfig: {
        authorizerUri: "arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer",
    },
});
const appsyncLambdaAuthorizer = new aws.lambda.Permission("appsync_lambda_authorizer", {
    statementId: "appsync_lambda_authorizer",
    action: "lambda:InvokeFunction",
    "function": "custom_lambda_authorizer",
    principal: "appsync.amazonaws.com",
    sourceArn: example.arn,
});

    import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="AWS_LAMBDA",
    name="example",
    lambda_authorizer_config={
        "authorizer_uri": "arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer",
    })
appsync_lambda_authorizer = aws.lambda_.Permission("appsync_lambda_authorizer",
    statement_id="appsync_lambda_authorizer",
    action="lambda:InvokeFunction",
    function="custom_lambda_authorizer",
    principal="appsync.amazonaws.com",
    source_arn=example.arn)

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("AWS_LAMBDA"),
			Name:               pulumi.String("example"),
			LambdaAuthorizerConfig: &appsync.GraphQLApiLambdaAuthorizerConfigArgs{
				AuthorizerUri: pulumi.String("arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer"),
			},
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewPermission(ctx, "appsync_lambda_authorizer", &lambda.PermissionArgs{
			StatementId: pulumi.String("appsync_lambda_authorizer"),
			Action:      pulumi.String("lambda:InvokeFunction"),
			Function:    pulumi.Any("custom_lambda_authorizer"),
			Principal:   pulumi.String("appsync.amazonaws.com"),
			SourceArn:   example.Arn,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AWS_LAMBDA",
        Name = "example",
        LambdaAuthorizerConfig = new Aws.AppSync.Inputs.GraphQLApiLambdaAuthorizerConfigArgs
        {
            AuthorizerUri = "arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer",
        },
    });

    var appsyncLambdaAuthorizer = new Aws.Lambda.Permission("appsync_lambda_authorizer", new()
    {
        StatementId = "appsync_lambda_authorizer",
        Action = "lambda:InvokeFunction",
        Function = "custom_lambda_authorizer",
        Principal = "appsync.amazonaws.com",
        SourceArn = example.Arn,
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiLambdaAuthorizerConfigArgs;
import com.pulumi.aws.lambda.Permission;
import com.pulumi.aws.lambda.PermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()
            .authenticationType("AWS_LAMBDA")
            .name("example")
            .lambdaAuthorizerConfig(GraphQLApiLambdaAuthorizerConfigArgs.builder()
                .authorizerUri("arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer")
                .build())
            .build());

        var appsyncLambdaAuthorizer = new Permission("appsyncLambdaAuthorizer", PermissionArgs.builder()
            .statementId("appsync_lambda_authorizer")
            .action("lambda:InvokeFunction")
            .function("custom_lambda_authorizer")
            .principal("appsync.amazonaws.com")
            .sourceArn(example.arn())
            .build());

    }
}

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AWS_LAMBDA
      name: example
      lambdaAuthorizerConfig:
        authorizerUri: arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer
  appsyncLambdaAuthorizer:
    type: aws:lambda:Permission
    name: appsync_lambda_authorizer
    properties:
      statementId: appsync_lambda_authorizer
      action: lambda:InvokeFunction
      function: custom_lambda_authorizer
      principal: appsync.amazonaws.com
      sourceArn: ${example.arn}

    With Multiple Authentication Providers

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "API_KEY",
    name: "example",
    additionalAuthenticationProviders: [{
        authenticationType: "AWS_IAM",
    }],
});

    import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="API_KEY",
    name="example",
    additional_authentication_providers=[{
        "authentication_type": "AWS_IAM",
    }])

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("API_KEY"),
			Name:               pulumi.String("example"),
			AdditionalAuthenticationProviders: appsync.GraphQLApiAdditionalAuthenticationProviderArray{
				&appsync.GraphQLApiAdditionalAuthenticationProviderArgs{
					AuthenticationType: pulumi.String("AWS_IAM"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "API_KEY",
        Name = "example",
        AdditionalAuthenticationProviders = new[]
        {
            new Aws.AppSync.Inputs.GraphQLApiAdditionalAuthenticationProviderArgs
            {
                AuthenticationType = "AWS_IAM",
            },
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiAdditionalAuthenticationProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()
            .authenticationType("API_KEY")
            .name("example")
            .additionalAuthenticationProviders(GraphQLApiAdditionalAuthenticationProviderArgs.builder()
                .authenticationType("AWS_IAM")
                .build())
            .build());

    }
}

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: API_KEY
      name: example
      additionalAuthenticationProviders:
        - authenticationType: AWS_IAM

    With Schema

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AWS_IAM",
    name: "example",
    schema: `schema {
\x09query: Query
}
type Query {
  test: Int
}
`,
});

    import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="AWS_IAM",
    name="example",
    schema="""schema {
\x09query: Query
}
type Query {
  test: Int
}
""")

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("AWS_IAM"),
			Name:               pulumi.String("example"),
			Schema: pulumi.String(`schema {
	query: Query
}
type Query {
  test: Int
}
`),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AWS_IAM",
        Name = "example",
        Schema = @"schema {
	query: Query
}
type Query {
  test: Int
}
",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()
            .authenticationType("AWS_IAM")
            .name("example")
            .schema("""
schema {
	query: Query
}
type Query {
  test: Int
}
            """)
            .build());

    }
}

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AWS_IAM
      name: example
      schema: |
        schema {
        	query: Query
        }
        type Query {
          test: Int
        }

    Enabling Logging

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const assumeRole = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "Service",
            identifiers: ["appsync.amazonaws.com"],
        }],
        actions: ["sts:AssumeRole"],
    }],
});
const example = new aws.iam.Role("example", {
    name: "example",
    assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("example", {
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
    role: example.name,
});
const exampleGraphQLApi = new aws.appsync.GraphQLApi("example", {logConfig: {
    cloudwatchLogsRoleArn: example.arn,
    fieldLogLevel: "ERROR",
}});

    import pulumi
import pulumi_aws as aws

assume_role = aws.iam.get_policy_document(statements=[{
    "effect": "Allow",
    "principals": [{
        "type": "Service",
        "identifiers": ["appsync.amazonaws.com"],
    }],
    "actions": ["sts:AssumeRole"],
}])
example = aws.iam.Role("example",
    name="example",
    assume_role_policy=assume_role.json)
example_role_policy_attachment = aws.iam.RolePolicyAttachment("example",
    policy_arn="arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
    role=example.name)
example_graph_ql_api = aws.appsync.GraphQLApi("example", log_config={
    "cloudwatch_logs_role_arn": example.arn,
    "field_log_level": "ERROR",
})

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "Service",
							Identifiers: []string{
								"appsync.amazonaws.com",
							},
						},
					},
					Actions: []string{
						"sts:AssumeRole",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
			Name:             pulumi.String("example"),
			AssumeRolePolicy: pulumi.String(assumeRole.Json),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicyAttachment(ctx, "example", &iam.RolePolicyAttachmentArgs{
			PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"),
			Role:      example.Name,
		})
		if err != nil {
			return err
		}
		_, err = appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			LogConfig: &appsync.GraphQLApiLogConfigArgs{
				CloudwatchLogsRoleArn: example.Arn,
				FieldLogLevel:         pulumi.String("ERROR"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "Service",
                        Identifiers = new[]
                        {
                            "appsync.amazonaws.com",
                        },
                    },
                },
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
            },
        },
    });

    var example = new Aws.Iam.Role("example", new()
    {
        Name = "example",
        AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("example", new()
    {
        PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
        Role = example.Name,
    });

    var exampleGraphQLApi = new Aws.AppSync.GraphQLApi("example", new()
    {
        LogConfig = new Aws.AppSync.Inputs.GraphQLApiLogConfigArgs
        {
            CloudwatchLogsRoleArn = example.Arn,
            FieldLogLevel = "ERROR",
        },
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiLogConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("appsync.amazonaws.com")
                    .build())
                .actions("sts:AssumeRole")
                .build())
            .build());

        var example = new Role("example", RoleArgs.builder()
            .name("example")
            .assumeRolePolicy(assumeRole.json())
            .build());

        var exampleRolePolicyAttachment = new RolePolicyAttachment("exampleRolePolicyAttachment", RolePolicyAttachmentArgs.builder()
            .policyArn("arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs")
            .role(example.name())
            .build());

        var exampleGraphQLApi = new GraphQLApi("exampleGraphQLApi", GraphQLApiArgs.builder()
            .logConfig(GraphQLApiLogConfigArgs.builder()
                .cloudwatchLogsRoleArn(example.arn())
                .fieldLogLevel("ERROR")
                .build())
            .build());

    }
}

    resources:
  example:
    type: aws:iam:Role
    properties:
      name: example
      assumeRolePolicy: ${assumeRole.json}
  exampleRolePolicyAttachment:
    type: aws:iam:RolePolicyAttachment
    name: example
    properties:
      policyArn: arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs
      role: ${example.name}
  exampleGraphQLApi:
    type: aws:appsync:GraphQLApi
    name: example
    properties:
      logConfig:
        cloudwatchLogsRoleArn: ${example.arn}
        fieldLogLevel: ERROR
variables:
  assumeRole:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - effect: Allow
            principals:
              - type: Service
                identifiers:
                  - appsync.amazonaws.com
            actions:
              - sts:AssumeRole

    Associate Web ACL (v2)

    Example coming soon!

    Example coming soon!

    Example coming soon!

    Example coming soon!

    Example coming soon!

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: API_KEY
      name: example
  exampleWebAclAssociation:
    type: aws:wafv2:WebAclAssociation
    name: example
    properties:
      resourceArn: ${example.arn}
      webAclArn: ${exampleWebAcl.arn}
  exampleWebAcl:
    type: aws:wafv2:WebAcl
    name: example
    properties:
      name: managed-rule-example
      description: Example of a managed rule.
      scope: REGIONAL
      defaultAction:
        allow: {}
      rules:
        - name: rule-1
          priority: 1
          overrideAction:
            block:
              - {}
          statement:
            managedRuleGroupStatement:
              name: AWSManagedRulesCommonRuleSet
              vendorName: AWS
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false

    GraphQL run complexity, query depth, and introspection

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AWS_IAM",
    name: "example",
    introspectionConfig: "ENABLED",
    queryDepthLimit: 2,
    resolverCountLimit: 2,
});

    import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="AWS_IAM",
    name="example",
    introspection_config="ENABLED",
    query_depth_limit=2,
    resolver_count_limit=2)

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType:  pulumi.String("AWS_IAM"),
			Name:                pulumi.String("example"),
			IntrospectionConfig: pulumi.String("ENABLED"),
			QueryDepthLimit:     pulumi.Int(2),
			ResolverCountLimit:  pulumi.Int(2),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AWS_IAM",
        Name = "example",
        IntrospectionConfig = "ENABLED",
        QueryDepthLimit = 2,
        ResolverCountLimit = 2,
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()
            .authenticationType("AWS_IAM")
            .name("example")
            .introspectionConfig("ENABLED")
            .queryDepthLimit(2)
            .resolverCountLimit(2)
            .build());

    }
}

    resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AWS_IAM
      name: example
      introspectionConfig: ENABLED
      queryDepthLimit: 2
      resolverCountLimit: 2

    Create GraphQLApi Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new GraphQLApi(name: string, args: GraphQLApiArgs, opts?: CustomResourceOptions);
    @overload
def GraphQLApi(resource_name: str,
               args: GraphQLApiArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def GraphQLApi(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               authentication_type: Optional[str] = None,
               name: Optional[str] = None,
               query_depth_limit: Optional[int] = None,
               enhanced_metrics_config: Optional[GraphQLApiEnhancedMetricsConfigArgs] = None,
               introspection_config: Optional[str] = None,
               lambda_authorizer_config: Optional[GraphQLApiLambdaAuthorizerConfigArgs] = None,
               log_config: Optional[GraphQLApiLogConfigArgs] = None,
               merged_api_execution_role_arn: Optional[str] = None,
               additional_authentication_providers: Optional[Sequence[GraphQLApiAdditionalAuthenticationProviderArgs]] = None,
               api_type: Optional[str] = None,
               region: Optional[str] = None,
               openid_connect_config: Optional[GraphQLApiOpenidConnectConfigArgs] = None,
               resolver_count_limit: Optional[int] = None,
               schema: Optional[str] = None,
               tags: Optional[Mapping[str, str]] = None,
               user_pool_config: Optional[GraphQLApiUserPoolConfigArgs] = None,
               visibility: Optional[str] = None,
               xray_enabled: Optional[bool] = None)
    func NewGraphQLApi(ctx *Context, name string, args GraphQLApiArgs, opts ...ResourceOption) (*GraphQLApi, error)
    public GraphQLApi(string name, GraphQLApiArgs args, CustomResourceOptions? opts = null)
    public GraphQLApi(String name, GraphQLApiArgs args)
public GraphQLApi(String name, GraphQLApiArgs args, CustomResourceOptions options)

    type: aws:appsync:GraphQLApi
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args GraphQLApiArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args GraphQLApiArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args GraphQLApiArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args GraphQLApiArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args GraphQLApiArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var graphQLApiResource = new Aws.AppSync.GraphQLApi("graphQLApiResource", new()
{
    AuthenticationType = "string",
    Name = "string",
    QueryDepthLimit = 0,
    EnhancedMetricsConfig = new Aws.AppSync.Inputs.GraphQLApiEnhancedMetricsConfigArgs
    {
        DataSourceLevelMetricsBehavior = "string",
        OperationLevelMetricsConfig = "string",
        ResolverLevelMetricsBehavior = "string",
    },
    IntrospectionConfig = "string",
    LambdaAuthorizerConfig = new Aws.AppSync.Inputs.GraphQLApiLambdaAuthorizerConfigArgs
    {
        AuthorizerUri = "string",
        AuthorizerResultTtlInSeconds = 0,
        IdentityValidationExpression = "string",
    },
    LogConfig = new Aws.AppSync.Inputs.GraphQLApiLogConfigArgs
    {
        CloudwatchLogsRoleArn = "string",
        FieldLogLevel = "string",
        ExcludeVerboseContent = false,
    },
    MergedApiExecutionRoleArn = "string",
    AdditionalAuthenticationProviders = new[]
    {
        new Aws.AppSync.Inputs.GraphQLApiAdditionalAuthenticationProviderArgs
        {
            AuthenticationType = "string",
            LambdaAuthorizerConfig = new Aws.AppSync.Inputs.GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfigArgs
            {
                AuthorizerUri = "string",
                AuthorizerResultTtlInSeconds = 0,
                IdentityValidationExpression = "string",
            },
            OpenidConnectConfig = new Aws.AppSync.Inputs.GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfigArgs
            {
                Issuer = "string",
                AuthTtl = 0,
                ClientId = "string",
                IatTtl = 0,
            },
            UserPoolConfig = new Aws.AppSync.Inputs.GraphQLApiAdditionalAuthenticationProviderUserPoolConfigArgs
            {
                UserPoolId = "string",
                AppIdClientRegex = "string",
                AwsRegion = "string",
            },
        },
    },
    ApiType = "string",
    Region = "string",
    OpenidConnectConfig = new Aws.AppSync.Inputs.GraphQLApiOpenidConnectConfigArgs
    {
        Issuer = "string",
        AuthTtl = 0,
        ClientId = "string",
        IatTtl = 0,
    },
    ResolverCountLimit = 0,
    Schema = "string",
    Tags = 
    {
        { "string", "string" },
    },
    UserPoolConfig = new Aws.AppSync.Inputs.GraphQLApiUserPoolConfigArgs
    {
        DefaultAction = "string",
        UserPoolId = "string",
        AppIdClientRegex = "string",
        AwsRegion = "string",
    },
    Visibility = "string",
    XrayEnabled = false,
});

    example, err := appsync.NewGraphQLApi(ctx, "graphQLApiResource", &appsync.GraphQLApiArgs{
	AuthenticationType: pulumi.String("string"),
	Name:               pulumi.String("string"),
	QueryDepthLimit:    pulumi.Int(0),
	EnhancedMetricsConfig: &appsync.GraphQLApiEnhancedMetricsConfigArgs{
		DataSourceLevelMetricsBehavior: pulumi.String("string"),
		OperationLevelMetricsConfig:    pulumi.String("string"),
		ResolverLevelMetricsBehavior:   pulumi.String("string"),
	},
	IntrospectionConfig: pulumi.String("string"),
	LambdaAuthorizerConfig: &appsync.GraphQLApiLambdaAuthorizerConfigArgs{
		AuthorizerUri:                pulumi.String("string"),
		AuthorizerResultTtlInSeconds: pulumi.Int(0),
		IdentityValidationExpression: pulumi.String("string"),
	},
	LogConfig: &appsync.GraphQLApiLogConfigArgs{
		CloudwatchLogsRoleArn: pulumi.String("string"),
		FieldLogLevel:         pulumi.String("string"),
		ExcludeVerboseContent: pulumi.Bool(false),
	},
	MergedApiExecutionRoleArn: pulumi.String("string"),
	AdditionalAuthenticationProviders: appsync.GraphQLApiAdditionalAuthenticationProviderArray{
		&appsync.GraphQLApiAdditionalAuthenticationProviderArgs{
			AuthenticationType: pulumi.String("string"),
			LambdaAuthorizerConfig: &appsync.GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfigArgs{
				AuthorizerUri:                pulumi.String("string"),
				AuthorizerResultTtlInSeconds: pulumi.Int(0),
				IdentityValidationExpression: pulumi.String("string"),
			},
			OpenidConnectConfig: &appsync.GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfigArgs{
				Issuer:   pulumi.String("string"),
				AuthTtl:  pulumi.Int(0),
				ClientId: pulumi.String("string"),
				IatTtl:   pulumi.Int(0),
			},
			UserPoolConfig: &appsync.GraphQLApiAdditionalAuthenticationProviderUserPoolConfigArgs{
				UserPoolId:       pulumi.String("string"),
				AppIdClientRegex: pulumi.String("string"),
				AwsRegion:        pulumi.String("string"),
			},
		},
	},
	ApiType: pulumi.String("string"),
	Region:  pulumi.String("string"),
	OpenidConnectConfig: &appsync.GraphQLApiOpenidConnectConfigArgs{
		Issuer:   pulumi.String("string"),
		AuthTtl:  pulumi.Int(0),
		ClientId: pulumi.String("string"),
		IatTtl:   pulumi.Int(0),
	},
	ResolverCountLimit: pulumi.Int(0),
	Schema:             pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	UserPoolConfig: &appsync.GraphQLApiUserPoolConfigArgs{
		DefaultAction:    pulumi.String("string"),
		UserPoolId:       pulumi.String("string"),
		AppIdClientRegex: pulumi.String("string"),
		AwsRegion:        pulumi.String("string"),
	},
	Visibility:  pulumi.String("string"),
	XrayEnabled: pulumi.Bool(false),
})

    var graphQLApiResource = new GraphQLApi("graphQLApiResource", GraphQLApiArgs.builder()
    .authenticationType("string")
    .name("string")
    .queryDepthLimit(0)
    .enhancedMetricsConfig(GraphQLApiEnhancedMetricsConfigArgs.builder()
        .dataSourceLevelMetricsBehavior("string")
        .operationLevelMetricsConfig("string")
        .resolverLevelMetricsBehavior("string")
        .build())
    .introspectionConfig("string")
    .lambdaAuthorizerConfig(GraphQLApiLambdaAuthorizerConfigArgs.builder()
        .authorizerUri("string")
        .authorizerResultTtlInSeconds(0)
        .identityValidationExpression("string")
        .build())
    .logConfig(GraphQLApiLogConfigArgs.builder()
        .cloudwatchLogsRoleArn("string")
        .fieldLogLevel("string")
        .excludeVerboseContent(false)
        .build())
    .mergedApiExecutionRoleArn("string")
    .additionalAuthenticationProviders(GraphQLApiAdditionalAuthenticationProviderArgs.builder()
        .authenticationType("string")
        .lambdaAuthorizerConfig(GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfigArgs.builder()
            .authorizerUri("string")
            .authorizerResultTtlInSeconds(0)
            .identityValidationExpression("string")
            .build())
        .openidConnectConfig(GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfigArgs.builder()
            .issuer("string")
            .authTtl(0)
            .clientId("string")
            .iatTtl(0)
            .build())
        .userPoolConfig(GraphQLApiAdditionalAuthenticationProviderUserPoolConfigArgs.builder()
            .userPoolId("string")
            .appIdClientRegex("string")
            .awsRegion("string")
            .build())
        .build())
    .apiType("string")
    .region("string")
    .openidConnectConfig(GraphQLApiOpenidConnectConfigArgs.builder()
        .issuer("string")
        .authTtl(0)
        .clientId("string")
        .iatTtl(0)
        .build())
    .resolverCountLimit(0)
    .schema("string")
    .tags(Map.of("string", "string"))
    .userPoolConfig(GraphQLApiUserPoolConfigArgs.builder()
        .defaultAction("string")
        .userPoolId("string")
        .appIdClientRegex("string")
        .awsRegion("string")
        .build())
    .visibility("string")
    .xrayEnabled(false)
    .build());

    graph_ql_api_resource = aws.appsync.GraphQLApi("graphQLApiResource",
    authentication_type="string",
    name="string",
    query_depth_limit=0,
    enhanced_metrics_config={
        "data_source_level_metrics_behavior": "string",
        "operation_level_metrics_config": "string",
        "resolver_level_metrics_behavior": "string",
    },
    introspection_config="string",
    lambda_authorizer_config={
        "authorizer_uri": "string",
        "authorizer_result_ttl_in_seconds": 0,
        "identity_validation_expression": "string",
    },
    log_config={
        "cloudwatch_logs_role_arn": "string",
        "field_log_level": "string",
        "exclude_verbose_content": False,
    },
    merged_api_execution_role_arn="string",
    additional_authentication_providers=[{
        "authentication_type": "string",
        "lambda_authorizer_config": {
            "authorizer_uri": "string",
            "authorizer_result_ttl_in_seconds": 0,
            "identity_validation_expression": "string",
        },
        "openid_connect_config": {
            "issuer": "string",
            "auth_ttl": 0,
            "client_id": "string",
            "iat_ttl": 0,
        },
        "user_pool_config": {
            "user_pool_id": "string",
            "app_id_client_regex": "string",
            "aws_region": "string",
        },
    }],
    api_type="string",
    region="string",
    openid_connect_config={
        "issuer": "string",
        "auth_ttl": 0,
        "client_id": "string",
        "iat_ttl": 0,
    },
    resolver_count_limit=0,
    schema="string",
    tags={
        "string": "string",
    },
    user_pool_config={
        "default_action": "string",
        "user_pool_id": "string",
        "app_id_client_regex": "string",
        "aws_region": "string",
    },
    visibility="string",
    xray_enabled=False)

    const graphQLApiResource = new aws.appsync.GraphQLApi("graphQLApiResource", {
    authenticationType: "string",
    name: "string",
    queryDepthLimit: 0,
    enhancedMetricsConfig: {
        dataSourceLevelMetricsBehavior: "string",
        operationLevelMetricsConfig: "string",
        resolverLevelMetricsBehavior: "string",
    },
    introspectionConfig: "string",
    lambdaAuthorizerConfig: {
        authorizerUri: "string",
        authorizerResultTtlInSeconds: 0,
        identityValidationExpression: "string",
    },
    logConfig: {
        cloudwatchLogsRoleArn: "string",
        fieldLogLevel: "string",
        excludeVerboseContent: false,
    },
    mergedApiExecutionRoleArn: "string",
    additionalAuthenticationProviders: [{
        authenticationType: "string",
        lambdaAuthorizerConfig: {
            authorizerUri: "string",
            authorizerResultTtlInSeconds: 0,
            identityValidationExpression: "string",
        },
        openidConnectConfig: {
            issuer: "string",
            authTtl: 0,
            clientId: "string",
            iatTtl: 0,
        },
        userPoolConfig: {
            userPoolId: "string",
            appIdClientRegex: "string",
            awsRegion: "string",
        },
    }],
    apiType: "string",
    region: "string",
    openidConnectConfig: {
        issuer: "string",
        authTtl: 0,
        clientId: "string",
        iatTtl: 0,
    },
    resolverCountLimit: 0,
    schema: "string",
    tags: {
        string: "string",
    },
    userPoolConfig: {
        defaultAction: "string",
        userPoolId: "string",
        appIdClientRegex: "string",
        awsRegion: "string",
    },
    visibility: "string",
    xrayEnabled: false,
});

    type: aws:appsync:GraphQLApi
properties:
    additionalAuthenticationProviders:
        - authenticationType: string
          lambdaAuthorizerConfig:
            authorizerResultTtlInSeconds: 0
            authorizerUri: string
            identityValidationExpression: string
          openidConnectConfig:
            authTtl: 0
            clientId: string
            iatTtl: 0
            issuer: string
          userPoolConfig:
            appIdClientRegex: string
            awsRegion: string
            userPoolId: string
    apiType: string
    authenticationType: string
    enhancedMetricsConfig:
        dataSourceLevelMetricsBehavior: string
        operationLevelMetricsConfig: string
        resolverLevelMetricsBehavior: string
    introspectionConfig: string
    lambdaAuthorizerConfig:
        authorizerResultTtlInSeconds: 0
        authorizerUri: string
        identityValidationExpression: string
    logConfig:
        cloudwatchLogsRoleArn: string
        excludeVerboseContent: false
        fieldLogLevel: string
    mergedApiExecutionRoleArn: string
    name: string
    openidConnectConfig:
        authTtl: 0
        clientId: string
        iatTtl: 0
        issuer: string
    queryDepthLimit: 0
    region: string
    resolverCountLimit: 0
    schema: string
    tags:
        string: string
    userPoolConfig:
        appIdClientRegex: string
        awsRegion: string
        defaultAction: string
        userPoolId: string
    visibility: string
    xrayEnabled: false

    GraphQLApi Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The GraphQLApi resource accepts the following input properties:

    AuthenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    AdditionalAuthenticationProviders List<GraphQLApiAdditionalAuthenticationProvider>
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    ApiType string
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    EnhancedMetricsConfig GraphQLApiEnhancedMetricsConfig
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    IntrospectionConfig string
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    LambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    LogConfig GraphQLApiLogConfig
    Nested argument containing logging configuration. See log_config Block for details.
    MergedApiExecutionRoleArn string
    ARN of the execution role when api_type is set to MERGED.
    Name string

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    OpenidConnectConfig GraphQLApiOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    QueryDepthLimit int

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    ResolverCountLimit int
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    Schema string
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    UserPoolConfig GraphQLApiUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    Visibility string
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    XrayEnabled bool
    Whether tracing with X-ray is enabled. Defaults to false.
    AuthenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    AdditionalAuthenticationProviders []GraphQLApiAdditionalAuthenticationProviderArgs
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    ApiType string
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    EnhancedMetricsConfig GraphQLApiEnhancedMetricsConfigArgs
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    IntrospectionConfig string
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    LambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    LogConfig GraphQLApiLogConfigArgs
    Nested argument containing logging configuration. See log_config Block for details.
    MergedApiExecutionRoleArn string
    ARN of the execution role when api_type is set to MERGED.
    Name string

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    OpenidConnectConfig GraphQLApiOpenidConnectConfigArgs
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    QueryDepthLimit int

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    ResolverCountLimit int
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    Schema string
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    UserPoolConfig GraphQLApiUserPoolConfigArgs
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    Visibility string
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    XrayEnabled bool
    Whether tracing with X-ray is enabled. Defaults to false.
    authenticationType String
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    additionalAuthenticationProviders List<GraphQLApiAdditionalAuthenticationProvider>
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    apiType String
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    enhancedMetricsConfig GraphQLApiEnhancedMetricsConfig
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    introspectionConfig String
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    lambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    logConfig GraphQLApiLogConfig
    Nested argument containing logging configuration. See log_config Block for details.
    mergedApiExecutionRoleArn String
    ARN of the execution role when api_type is set to MERGED.
    name String

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    openidConnectConfig GraphQLApiOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    queryDepthLimit Integer

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    resolverCountLimit Integer
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    schema String
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    userPoolConfig GraphQLApiUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    visibility String
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    xrayEnabled Boolean
    Whether tracing with X-ray is enabled. Defaults to false.
    authenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    additionalAuthenticationProviders GraphQLApiAdditionalAuthenticationProvider[]
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    apiType string
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    enhancedMetricsConfig GraphQLApiEnhancedMetricsConfig
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    introspectionConfig string
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    lambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    logConfig GraphQLApiLogConfig
    Nested argument containing logging configuration. See log_config Block for details.
    mergedApiExecutionRoleArn string
    ARN of the execution role when api_type is set to MERGED.
    name string

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    openidConnectConfig GraphQLApiOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    queryDepthLimit number

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    resolverCountLimit number
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    schema string
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    userPoolConfig GraphQLApiUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    visibility string
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    xrayEnabled boolean
    Whether tracing with X-ray is enabled. Defaults to false.
    authentication_type str
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    additional_authentication_providers Sequence[GraphQLApiAdditionalAuthenticationProviderArgs]
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    api_type str
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    enhanced_metrics_config GraphQLApiEnhancedMetricsConfigArgs
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    introspection_config str
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    lambda_authorizer_config GraphQLApiLambdaAuthorizerConfigArgs
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    log_config GraphQLApiLogConfigArgs
    Nested argument containing logging configuration. See log_config Block for details.
    merged_api_execution_role_arn str
    ARN of the execution role when api_type is set to MERGED.
    name str

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    openid_connect_config GraphQLApiOpenidConnectConfigArgs
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    query_depth_limit int

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    region str
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    resolver_count_limit int
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    schema str
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    user_pool_config GraphQLApiUserPoolConfigArgs
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    visibility str
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    xray_enabled bool
    Whether tracing with X-ray is enabled. Defaults to false.
    authenticationType String
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    additionalAuthenticationProviders List<Property Map>
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    apiType String
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    enhancedMetricsConfig Property Map
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    introspectionConfig String
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    lambdaAuthorizerConfig Property Map
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    logConfig Property Map
    Nested argument containing logging configuration. See log_config Block for details.
    mergedApiExecutionRoleArn String
    ARN of the execution role when api_type is set to MERGED.
    name String

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    openidConnectConfig Property Map
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    queryDepthLimit Number

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    resolverCountLimit Number
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    schema String
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    userPoolConfig Property Map
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    visibility String
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    xrayEnabled Boolean
    Whether tracing with X-ray is enabled. Defaults to false.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the GraphQLApi resource produces the following output properties:

    Arn string
    ARN
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    Uris Dictionary<string, string>
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    Arn string
    ARN
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    Uris map[string]string
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    arn String
    ARN
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    uris Map<String,String>
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    arn string
    ARN
    id string
    The provider-assigned unique ID for this managed resource.
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    uris {[key: string]: string}
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    arn str
    ARN
    id str
    The provider-assigned unique ID for this managed resource.
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    uris Mapping[str, str]
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    arn String
    ARN
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    uris Map<String>
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

    Look up Existing GraphQLApi Resource

    Get an existing GraphQLApi resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: GraphQLApiState, opts?: CustomResourceOptions): GraphQLApi
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        additional_authentication_providers: Optional[Sequence[GraphQLApiAdditionalAuthenticationProviderArgs]] = None,
        api_type: Optional[str] = None,
        arn: Optional[str] = None,
        authentication_type: Optional[str] = None,
        enhanced_metrics_config: Optional[GraphQLApiEnhancedMetricsConfigArgs] = None,
        introspection_config: Optional[str] = None,
        lambda_authorizer_config: Optional[GraphQLApiLambdaAuthorizerConfigArgs] = None,
        log_config: Optional[GraphQLApiLogConfigArgs] = None,
        merged_api_execution_role_arn: Optional[str] = None,
        name: Optional[str] = None,
        openid_connect_config: Optional[GraphQLApiOpenidConnectConfigArgs] = None,
        query_depth_limit: Optional[int] = None,
        region: Optional[str] = None,
        resolver_count_limit: Optional[int] = None,
        schema: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        uris: Optional[Mapping[str, str]] = None,
        user_pool_config: Optional[GraphQLApiUserPoolConfigArgs] = None,
        visibility: Optional[str] = None,
        xray_enabled: Optional[bool] = None) -> GraphQLApi
    func GetGraphQLApi(ctx *Context, name string, id IDInput, state *GraphQLApiState, opts ...ResourceOption) (*GraphQLApi, error)
    public static GraphQLApi Get(string name, Input<string> id, GraphQLApiState? state, CustomResourceOptions? opts = null)
    public static GraphQLApi get(String name, Output<String> id, GraphQLApiState state, CustomResourceOptions options)
    resources:  _:    type: aws:appsync:GraphQLApi    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AdditionalAuthenticationProviders List<GraphQLApiAdditionalAuthenticationProvider>
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    ApiType string
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    Arn string
    ARN
    AuthenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    EnhancedMetricsConfig GraphQLApiEnhancedMetricsConfig
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    IntrospectionConfig string
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    LambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    LogConfig GraphQLApiLogConfig
    Nested argument containing logging configuration. See log_config Block for details.
    MergedApiExecutionRoleArn string
    ARN of the execution role when api_type is set to MERGED.
    Name string

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    OpenidConnectConfig GraphQLApiOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    QueryDepthLimit int

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    ResolverCountLimit int
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    Schema string
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    Uris Dictionary<string, string>
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    UserPoolConfig GraphQLApiUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    Visibility string
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    XrayEnabled bool
    Whether tracing with X-ray is enabled. Defaults to false.
    AdditionalAuthenticationProviders []GraphQLApiAdditionalAuthenticationProviderArgs
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    ApiType string
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    Arn string
    ARN
    AuthenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    EnhancedMetricsConfig GraphQLApiEnhancedMetricsConfigArgs
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    IntrospectionConfig string
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    LambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    LogConfig GraphQLApiLogConfigArgs
    Nested argument containing logging configuration. See log_config Block for details.
    MergedApiExecutionRoleArn string
    ARN of the execution role when api_type is set to MERGED.
    Name string

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    OpenidConnectConfig GraphQLApiOpenidConnectConfigArgs
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    QueryDepthLimit int

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    Region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    ResolverCountLimit int
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    Schema string
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    Uris map[string]string
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    UserPoolConfig GraphQLApiUserPoolConfigArgs
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    Visibility string
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    XrayEnabled bool
    Whether tracing with X-ray is enabled. Defaults to false.
    additionalAuthenticationProviders List<GraphQLApiAdditionalAuthenticationProvider>
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    apiType String
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    arn String
    ARN
    authenticationType String
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    enhancedMetricsConfig GraphQLApiEnhancedMetricsConfig
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    introspectionConfig String
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    lambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    logConfig GraphQLApiLogConfig
    Nested argument containing logging configuration. See log_config Block for details.
    mergedApiExecutionRoleArn String
    ARN of the execution role when api_type is set to MERGED.
    name String

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    openidConnectConfig GraphQLApiOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    queryDepthLimit Integer

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    resolverCountLimit Integer
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    schema String
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    uris Map<String,String>
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    userPoolConfig GraphQLApiUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    visibility String
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    xrayEnabled Boolean
    Whether tracing with X-ray is enabled. Defaults to false.
    additionalAuthenticationProviders GraphQLApiAdditionalAuthenticationProvider[]
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    apiType string
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    arn string
    ARN
    authenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    enhancedMetricsConfig GraphQLApiEnhancedMetricsConfig
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    introspectionConfig string
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    lambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    logConfig GraphQLApiLogConfig
    Nested argument containing logging configuration. See log_config Block for details.
    mergedApiExecutionRoleArn string
    ARN of the execution role when api_type is set to MERGED.
    name string

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    openidConnectConfig GraphQLApiOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    queryDepthLimit number

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    region string
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    resolverCountLimit number
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    schema string
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    uris {[key: string]: string}
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    userPoolConfig GraphQLApiUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    visibility string
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    xrayEnabled boolean
    Whether tracing with X-ray is enabled. Defaults to false.
    additional_authentication_providers Sequence[GraphQLApiAdditionalAuthenticationProviderArgs]
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    api_type str
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    arn str
    ARN
    authentication_type str
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    enhanced_metrics_config GraphQLApiEnhancedMetricsConfigArgs
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    introspection_config str
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    lambda_authorizer_config GraphQLApiLambdaAuthorizerConfigArgs
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    log_config GraphQLApiLogConfigArgs
    Nested argument containing logging configuration. See log_config Block for details.
    merged_api_execution_role_arn str
    ARN of the execution role when api_type is set to MERGED.
    name str

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    openid_connect_config GraphQLApiOpenidConnectConfigArgs
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    query_depth_limit int

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    region str
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    resolver_count_limit int
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    schema str
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    uris Mapping[str, str]
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    user_pool_config GraphQLApiUserPoolConfigArgs
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    visibility str
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    xray_enabled bool
    Whether tracing with X-ray is enabled. Defaults to false.
    additionalAuthenticationProviders List<Property Map>
    One or more additional authentication providers for the GraphQL API. See additional_authentication_provider Block for details.
    apiType String
    API type. Valid values are GRAPHQL or MERGED. A MERGED type requires merged_api_execution_role_arn to be set.
    arn String
    ARN
    authenticationType String
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    enhancedMetricsConfig Property Map
    Enables and controls the enhanced metrics feature. See enhanced_metrics_config Block for details.
    introspectionConfig String
    Sets the value of the GraphQL API to enable (ENABLED) or disable (DISABLED) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see GraphQL introspection.
    lambdaAuthorizerConfig Property Map
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    logConfig Property Map
    Nested argument containing logging configuration. See log_config Block for details.
    mergedApiExecutionRoleArn String
    ARN of the execution role when api_type is set to MERGED.
    name String

    User-supplied name for the GraphQL API.

    The following arguments are optional:

    openidConnectConfig Property Map
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    queryDepthLimit Number

    The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is 0 (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between 1 and 75 nested levels. This field will produce a limit error if the operation falls out of bounds.

    Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.

    region String
    Region where this resource will be managed. Defaults to the Region set in the provider configuration.
    resolverCountLimit Number
    The maximum number of resolvers that can be invoked in a single request. The default value is 0 (or unspecified), which will set the limit to 10000. When specified, the limit value can be between 1 and 10000. This field will produce a limit error if the operation falls out of bounds.
    schema String
    Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
    uris Map<String>
    Map of URIs associated with the API E.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql
    userPoolConfig Property Map
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    visibility String
    Sets the value of the GraphQL API to public (GLOBAL) or private (PRIVATE). If no value is provided, the visibility will be set to GLOBAL by default. This value cannot be changed once the API has been created.
    xrayEnabled Boolean
    Whether tracing with X-ray is enabled. Defaults to false.

    Supporting Types

    GraphQLApiAdditionalAuthenticationProvider, GraphQLApiAdditionalAuthenticationProviderArgs

    AuthenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    LambdaAuthorizerConfig GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    OpenidConnectConfig GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    UserPoolConfig GraphQLApiAdditionalAuthenticationProviderUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    AuthenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    LambdaAuthorizerConfig GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    OpenidConnectConfig GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    UserPoolConfig GraphQLApiAdditionalAuthenticationProviderUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    authenticationType String
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    lambdaAuthorizerConfig GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    openidConnectConfig GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    userPoolConfig GraphQLApiAdditionalAuthenticationProviderUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    authenticationType string
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    lambdaAuthorizerConfig GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    openidConnectConfig GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    userPoolConfig GraphQLApiAdditionalAuthenticationProviderUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    authentication_type str
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    lambda_authorizer_config GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    openid_connect_config GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    user_pool_config GraphQLApiAdditionalAuthenticationProviderUserPoolConfig
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.
    authenticationType String
    Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
    lambdaAuthorizerConfig Property Map
    Nested argument containing Lambda authorizer configuration. See lambda_authorizer_config Block for details.
    openidConnectConfig Property Map
    Nested argument containing OpenID Connect configuration. See openid_connect_config Block for details.
    userPoolConfig Property Map
    Amazon Cognito User Pool configuration. See user_pool_config Block for details.

    GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig, GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfigArgs

    AuthorizerUri string
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    AuthorizerResultTtlInSeconds int
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    IdentityValidationExpression string
    Regular expression for validation of tokens before the Lambda function is called.
    AuthorizerUri string
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    AuthorizerResultTtlInSeconds int
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    IdentityValidationExpression string
    Regular expression for validation of tokens before the Lambda function is called.
    authorizerUri String
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    authorizerResultTtlInSeconds Integer
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    identityValidationExpression String
    Regular expression for validation of tokens before the Lambda function is called.
    authorizerUri string
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    authorizerResultTtlInSeconds number
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    identityValidationExpression string
    Regular expression for validation of tokens before the Lambda function is called.
    authorizer_uri str
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    authorizer_result_ttl_in_seconds int
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    identity_validation_expression str
    Regular expression for validation of tokens before the Lambda function is called.
    authorizerUri String
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    authorizerResultTtlInSeconds Number
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    identityValidationExpression String
    Regular expression for validation of tokens before the Lambda function is called.

    GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig, GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfigArgs

    Issuer string
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    AuthTtl int
    Number of milliseconds a token is valid after being authenticated.
    ClientId string
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    IatTtl int
    Number of milliseconds a token is valid after being issued to a user.
    Issuer string
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    AuthTtl int
    Number of milliseconds a token is valid after being authenticated.
    ClientId string
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    IatTtl int
    Number of milliseconds a token is valid after being issued to a user.
    issuer String
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    authTtl Integer
    Number of milliseconds a token is valid after being authenticated.
    clientId String
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    iatTtl Integer
    Number of milliseconds a token is valid after being issued to a user.
    issuer string
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    authTtl number
    Number of milliseconds a token is valid after being authenticated.
    clientId string
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    iatTtl number
    Number of milliseconds a token is valid after being issued to a user.
    issuer str
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    auth_ttl int
    Number of milliseconds a token is valid after being authenticated.
    client_id str
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    iat_ttl int
    Number of milliseconds a token is valid after being issued to a user.
    issuer String
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    authTtl Number
    Number of milliseconds a token is valid after being authenticated.
    clientId String
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    iatTtl Number
    Number of milliseconds a token is valid after being issued to a user.

    GraphQLApiAdditionalAuthenticationProviderUserPoolConfig, GraphQLApiAdditionalAuthenticationProviderUserPoolConfigArgs

    UserPoolId string
    User pool ID.
    AppIdClientRegex string
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    AwsRegion string
    AWS region in which the user pool was created.
    UserPoolId string
    User pool ID.
    AppIdClientRegex string
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    AwsRegion string
    AWS region in which the user pool was created.
    userPoolId String
    User pool ID.
    appIdClientRegex String
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    awsRegion String
    AWS region in which the user pool was created.
    userPoolId string
    User pool ID.
    appIdClientRegex string
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    awsRegion string
    AWS region in which the user pool was created.
    user_pool_id str
    User pool ID.
    app_id_client_regex str
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    aws_region str
    AWS region in which the user pool was created.
    userPoolId String
    User pool ID.
    appIdClientRegex String
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    awsRegion String
    AWS region in which the user pool was created.

    GraphQLApiEnhancedMetricsConfig, GraphQLApiEnhancedMetricsConfigArgs

    DataSourceLevelMetricsBehavior string
    How data source metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_DATA_SOURCE_METRICS, PER_DATA_SOURCE_METRICS
    OperationLevelMetricsConfig string
    How operation metrics will be emitted to CloudWatch. Valid values: ENABLED, DISABLED
    ResolverLevelMetricsBehavior string
    How resolver metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_RESOLVER_METRICS, PER_RESOLVER_METRICS
    DataSourceLevelMetricsBehavior string
    How data source metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_DATA_SOURCE_METRICS, PER_DATA_SOURCE_METRICS
    OperationLevelMetricsConfig string
    How operation metrics will be emitted to CloudWatch. Valid values: ENABLED, DISABLED
    ResolverLevelMetricsBehavior string
    How resolver metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_RESOLVER_METRICS, PER_RESOLVER_METRICS
    dataSourceLevelMetricsBehavior String
    How data source metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_DATA_SOURCE_METRICS, PER_DATA_SOURCE_METRICS
    operationLevelMetricsConfig String
    How operation metrics will be emitted to CloudWatch. Valid values: ENABLED, DISABLED
    resolverLevelMetricsBehavior String
    How resolver metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_RESOLVER_METRICS, PER_RESOLVER_METRICS
    dataSourceLevelMetricsBehavior string
    How data source metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_DATA_SOURCE_METRICS, PER_DATA_SOURCE_METRICS
    operationLevelMetricsConfig string
    How operation metrics will be emitted to CloudWatch. Valid values: ENABLED, DISABLED
    resolverLevelMetricsBehavior string
    How resolver metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_RESOLVER_METRICS, PER_RESOLVER_METRICS
    data_source_level_metrics_behavior str
    How data source metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_DATA_SOURCE_METRICS, PER_DATA_SOURCE_METRICS
    operation_level_metrics_config str
    How operation metrics will be emitted to CloudWatch. Valid values: ENABLED, DISABLED
    resolver_level_metrics_behavior str
    How resolver metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_RESOLVER_METRICS, PER_RESOLVER_METRICS
    dataSourceLevelMetricsBehavior String
    How data source metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_DATA_SOURCE_METRICS, PER_DATA_SOURCE_METRICS
    operationLevelMetricsConfig String
    How operation metrics will be emitted to CloudWatch. Valid values: ENABLED, DISABLED
    resolverLevelMetricsBehavior String
    How resolver metrics will be emitted to CloudWatch. Valid values: FULL_REQUEST_RESOLVER_METRICS, PER_RESOLVER_METRICS

    GraphQLApiLambdaAuthorizerConfig, GraphQLApiLambdaAuthorizerConfigArgs

    AuthorizerUri string
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    AuthorizerResultTtlInSeconds int
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    IdentityValidationExpression string
    Regular expression for validation of tokens before the Lambda function is called.
    AuthorizerUri string
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    AuthorizerResultTtlInSeconds int
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    IdentityValidationExpression string
    Regular expression for validation of tokens before the Lambda function is called.
    authorizerUri String
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    authorizerResultTtlInSeconds Integer
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    identityValidationExpression String
    Regular expression for validation of tokens before the Lambda function is called.
    authorizerUri string
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    authorizerResultTtlInSeconds number
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    identityValidationExpression string
    Regular expression for validation of tokens before the Lambda function is called.
    authorizer_uri str
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    authorizer_result_ttl_in_seconds int
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    identity_validation_expression str
    Regular expression for validation of tokens before the Lambda function is called.
    authorizerUri String
    ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.
    authorizerResultTtlInSeconds Number
    Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.
    identityValidationExpression String
    Regular expression for validation of tokens before the Lambda function is called.

    GraphQLApiLogConfig, GraphQLApiLogConfigArgs

    CloudwatchLogsRoleArn string
    Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
    FieldLogLevel string
    Field logging level. Valid values: ALL, ERROR, NONE.
    ExcludeVerboseContent bool
    Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false
    CloudwatchLogsRoleArn string
    Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
    FieldLogLevel string
    Field logging level. Valid values: ALL, ERROR, NONE.
    ExcludeVerboseContent bool
    Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false
    cloudwatchLogsRoleArn String
    Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
    fieldLogLevel String
    Field logging level. Valid values: ALL, ERROR, NONE.
    excludeVerboseContent Boolean
    Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false
    cloudwatchLogsRoleArn string
    Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
    fieldLogLevel string
    Field logging level. Valid values: ALL, ERROR, NONE.
    excludeVerboseContent boolean
    Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false
    cloudwatch_logs_role_arn str
    Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
    field_log_level str
    Field logging level. Valid values: ALL, ERROR, NONE.
    exclude_verbose_content bool
    Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false
    cloudwatchLogsRoleArn String
    Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
    fieldLogLevel String
    Field logging level. Valid values: ALL, ERROR, NONE.
    excludeVerboseContent Boolean
    Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false

    GraphQLApiOpenidConnectConfig, GraphQLApiOpenidConnectConfigArgs

    Issuer string
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    AuthTtl int
    Number of milliseconds a token is valid after being authenticated.
    ClientId string
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    IatTtl int
    Number of milliseconds a token is valid after being issued to a user.
    Issuer string
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    AuthTtl int
    Number of milliseconds a token is valid after being authenticated.
    ClientId string
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    IatTtl int
    Number of milliseconds a token is valid after being issued to a user.
    issuer String
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    authTtl Integer
    Number of milliseconds a token is valid after being authenticated.
    clientId String
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    iatTtl Integer
    Number of milliseconds a token is valid after being issued to a user.
    issuer string
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    authTtl number
    Number of milliseconds a token is valid after being authenticated.
    clientId string
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    iatTtl number
    Number of milliseconds a token is valid after being issued to a user.
    issuer str
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    auth_ttl int
    Number of milliseconds a token is valid after being authenticated.
    client_id str
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    iat_ttl int
    Number of milliseconds a token is valid after being issued to a user.
    issuer String
    Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
    authTtl Number
    Number of milliseconds a token is valid after being authenticated.
    clientId String
    Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
    iatTtl Number
    Number of milliseconds a token is valid after being issued to a user.

    GraphQLApiUserPoolConfig, GraphQLApiUserPoolConfigArgs

    DefaultAction string
    Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY
    UserPoolId string
    User pool ID.
    AppIdClientRegex string
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    AwsRegion string
    AWS region in which the user pool was created.
    DefaultAction string
    Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY
    UserPoolId string
    User pool ID.
    AppIdClientRegex string
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    AwsRegion string
    AWS region in which the user pool was created.
    defaultAction String
    Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY
    userPoolId String
    User pool ID.
    appIdClientRegex String
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    awsRegion String
    AWS region in which the user pool was created.
    defaultAction string
    Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY
    userPoolId string
    User pool ID.
    appIdClientRegex string
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    awsRegion string
    AWS region in which the user pool was created.
    default_action str
    Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY
    user_pool_id str
    User pool ID.
    app_id_client_regex str
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    aws_region str
    AWS region in which the user pool was created.
    defaultAction String
    Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY
    userPoolId String
    User pool ID.
    appIdClientRegex String
    Regular expression for validating the incoming Amazon Cognito User Pool app client ID.
    awsRegion String
    AWS region in which the user pool was created.

    Import

    Using pulumi import, import AppSync GraphQL API using the GraphQL API ID. For example:

    $ pulumi import aws:appsync/graphQLApi:GraphQLApi example 0123456789

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v7.7.0 published on Friday, Sep 5, 2025 by Pulumi
    pulumi/pulumi-aws