AWS Classic

v5.16.2 published on Tuesday, Oct 4, 2022 by Pulumi

GraphQLApi

Provides an AppSync GraphQL API.

Example Usage

API Key Authentication

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "API_KEY",
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("API_KEY"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()        
            .authenticationType("API_KEY")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example", authentication_type="API_KEY")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "API_KEY",
});
resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: API_KEY

AWS IAM Authentication

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AWS_IAM",
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("AWS_IAM"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()        
            .authenticationType("AWS_IAM")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example", authentication_type="AWS_IAM")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AWS_IAM",
});
resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AWS_IAM

AWS Cognito User Pool Authentication

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AMAZON_COGNITO_USER_POOLS",
        UserPoolConfig = new Aws.AppSync.Inputs.GraphQLApiUserPoolConfigArgs
        {
            AwsRegion = data.Aws_region.Current.Name,
            DefaultAction = "DENY",
            UserPoolId = aws_cognito_user_pool.Example.Id,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("AMAZON_COGNITO_USER_POOLS"),
			UserPoolConfig: &appsync.GraphQLApiUserPoolConfigArgs{
				AwsRegion:     pulumi.Any(data.Aws_region.Current.Name),
				DefaultAction: pulumi.String("DENY"),
				UserPoolId:    pulumi.Any(aws_cognito_user_pool.Example.Id),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiUserPoolConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()        
            .authenticationType("AMAZON_COGNITO_USER_POOLS")
            .userPoolConfig(GraphQLApiUserPoolConfigArgs.builder()
                .awsRegion(data.aws_region().current().name())
                .defaultAction("DENY")
                .userPoolId(aws_cognito_user_pool.example().id())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="AMAZON_COGNITO_USER_POOLS",
    user_pool_config=aws.appsync.GraphQLApiUserPoolConfigArgs(
        aws_region=data["aws_region"]["current"]["name"],
        default_action="DENY",
        user_pool_id=aws_cognito_user_pool["example"]["id"],
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AMAZON_COGNITO_USER_POOLS",
    userPoolConfig: {
        awsRegion: data.aws_region.current.name,
        defaultAction: "DENY",
        userPoolId: aws_cognito_user_pool.example.id,
    },
});
resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AMAZON_COGNITO_USER_POOLS
      userPoolConfig:
        awsRegion: ${data.aws_region.current.name}
        defaultAction: DENY
        userPoolId: ${aws_cognito_user_pool.example.id}

OpenID Connect Authentication

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "OPENID_CONNECT",
        OpenidConnectConfig = new Aws.AppSync.Inputs.GraphQLApiOpenidConnectConfigArgs
        {
            Issuer = "https://example.com",
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("OPENID_CONNECT"),
			OpenidConnectConfig: &appsync.GraphQLApiOpenidConnectConfigArgs{
				Issuer: pulumi.String("https://example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiOpenidConnectConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()        
            .authenticationType("OPENID_CONNECT")
            .openidConnectConfig(GraphQLApiOpenidConnectConfigArgs.builder()
                .issuer("https://example.com")
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="OPENID_CONNECT",
    openid_connect_config=aws.appsync.GraphQLApiOpenidConnectConfigArgs(
        issuer="https://example.com",
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "OPENID_CONNECT",
    openidConnectConfig: {
        issuer: "https://example.com",
    },
});
resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: OPENID_CONNECT
      openidConnectConfig:
        issuer: https://example.com

AWS Lambda Authorizer Authentication

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AWS_LAMBDA",
        LambdaAuthorizerConfig = new Aws.AppSync.Inputs.GraphQLApiLambdaAuthorizerConfigArgs
        {
            AuthorizerUri = "arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer",
        },
    });

    var appsyncLambdaAuthorizer = new Aws.Lambda.Permission("appsyncLambdaAuthorizer", new()
    {
        Action = "lambda:InvokeFunction",
        Function = "custom_lambda_authorizer",
        Principal = "appsync.amazonaws.com",
        SourceArn = example.Arn,
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/appsync"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lambda"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("AWS_LAMBDA"),
			LambdaAuthorizerConfig: &appsync.GraphQLApiLambdaAuthorizerConfigArgs{
				AuthorizerUri: pulumi.String("arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer"),
			},
		})
		if err != nil {
			return err
		}
		_, err = lambda.NewPermission(ctx, "appsyncLambdaAuthorizer", &lambda.PermissionArgs{
			Action:    pulumi.String("lambda:InvokeFunction"),
			Function:  pulumi.Any("custom_lambda_authorizer"),
			Principal: pulumi.String("appsync.amazonaws.com"),
			SourceArn: example.Arn,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiLambdaAuthorizerConfigArgs;
import com.pulumi.aws.lambda.Permission;
import com.pulumi.aws.lambda.PermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()        
            .authenticationType("AWS_LAMBDA")
            .lambdaAuthorizerConfig(GraphQLApiLambdaAuthorizerConfigArgs.builder()
                .authorizerUri("arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer")
                .build())
            .build());

        var appsyncLambdaAuthorizer = new Permission("appsyncLambdaAuthorizer", PermissionArgs.builder()        
            .action("lambda:InvokeFunction")
            .function("custom_lambda_authorizer")
            .principal("appsync.amazonaws.com")
            .sourceArn(example.arn())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="AWS_LAMBDA",
    lambda_authorizer_config=aws.appsync.GraphQLApiLambdaAuthorizerConfigArgs(
        authorizer_uri="arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer",
    ))
appsync_lambda_authorizer = aws.lambda_.Permission("appsyncLambdaAuthorizer",
    action="lambda:InvokeFunction",
    function="custom_lambda_authorizer",
    principal="appsync.amazonaws.com",
    source_arn=example.arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AWS_LAMBDA",
    lambdaAuthorizerConfig: {
        authorizerUri: "arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer",
    },
});
const appsyncLambdaAuthorizer = new aws.lambda.Permission("appsyncLambdaAuthorizer", {
    action: "lambda:InvokeFunction",
    "function": "custom_lambda_authorizer",
    principal: "appsync.amazonaws.com",
    sourceArn: example.arn,
});
resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AWS_LAMBDA
      lambdaAuthorizerConfig:
        authorizerUri: arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer
  appsyncLambdaAuthorizer:
    type: aws:lambda:Permission
    properties:
      action: lambda:InvokeFunction
      function: custom_lambda_authorizer
      principal: appsync.amazonaws.com
      sourceArn: ${example.arn}

With Multiple Authentication Providers

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AdditionalAuthenticationProviders = new[]
        {
            new Aws.AppSync.Inputs.GraphQLApiAdditionalAuthenticationProviderArgs
            {
                AuthenticationType = "AWS_IAM",
            },
        },
        AuthenticationType = "API_KEY",
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AdditionalAuthenticationProviders: appsync.GraphQLApiAdditionalAuthenticationProviderArray{
				&appsync.GraphQLApiAdditionalAuthenticationProviderArgs{
					AuthenticationType: pulumi.String("AWS_IAM"),
				},
			},
			AuthenticationType: pulumi.String("API_KEY"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiAdditionalAuthenticationProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()        
            .additionalAuthenticationProviders(GraphQLApiAdditionalAuthenticationProviderArgs.builder()
                .authenticationType("AWS_IAM")
                .build())
            .authenticationType("API_KEY")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    additional_authentication_providers=[aws.appsync.GraphQLApiAdditionalAuthenticationProviderArgs(
        authentication_type="AWS_IAM",
    )],
    authentication_type="API_KEY")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    additionalAuthenticationProviders: [{
        authenticationType: "AWS_IAM",
    }],
    authenticationType: "API_KEY",
});
resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      additionalAuthenticationProviders:
        - authenticationType: AWS_IAM
      authenticationType: API_KEY

With Schema

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.AppSync.GraphQLApi("example", new()
    {
        AuthenticationType = "AWS_IAM",
        Schema = @"schema {
	query: Query
}
type Query {
  test: Int
}

",
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/appsync"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
			AuthenticationType: pulumi.String("AWS_IAM"),
			Schema: pulumi.String(fmt.Sprintf(`schema {
	query: Query
}
type Query {
  test: Int
}

`)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new GraphQLApi("example", GraphQLApiArgs.builder()        
            .authenticationType("AWS_IAM")
            .schema("""
schema {
	query: Query
}
type Query {
  test: Int
}

            """)
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.appsync.GraphQLApi("example",
    authentication_type="AWS_IAM",
    schema="""schema {
	query: Query
}
type Query {
  test: Int
}

""")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.appsync.GraphQLApi("example", {
    authenticationType: "AWS_IAM",
    schema: `schema {
	query: Query
}
type Query {
  test: Int
}
`,
});
resources:
  example:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: AWS_IAM
      schema: |+
        schema {
        	query: Query
        }
        type Query {
          test: Int
        }        

Enabling Logging

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleRole = new Aws.Iam.Role("exampleRole", new()
    {
        AssumeRolePolicy = @"{
    ""Version"": ""2012-10-17"",
    ""Statement"": [
        {
        ""Effect"": ""Allow"",
        ""Principal"": {
            ""Service"": ""appsync.amazonaws.com""
        },
        ""Action"": ""sts:AssumeRole""
        }
    ]
}
",
    });

    var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("exampleRolePolicyAttachment", new()
    {
        PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
        Role = exampleRole.Name,
    });

    // ... other configuration ...
    var exampleGraphQLApi = new Aws.AppSync.GraphQLApi("exampleGraphQLApi", new()
    {
        LogConfig = new Aws.AppSync.Inputs.GraphQLApiLogConfigArgs
        {
            CloudwatchLogsRoleArn = exampleRole.Arn,
            FieldLogLevel = "ERROR",
        },
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/appsync"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleRole, err := iam.NewRole(ctx, "exampleRole", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.Any(fmt.Sprintf(`{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Principal": {
            "Service": "appsync.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
        }
    ]
}
`)),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicyAttachment(ctx, "exampleRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
			PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"),
			Role:      exampleRole.Name,
		})
		if err != nil {
			return err
		}
		_, err = appsync.NewGraphQLApi(ctx, "exampleGraphQLApi", &appsync.GraphQLApiArgs{
			LogConfig: &appsync.GraphQLApiLogConfigArgs{
				CloudwatchLogsRoleArn: exampleRole.Arn,
				FieldLogLevel:         pulumi.String("ERROR"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.appsync.inputs.GraphQLApiLogConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleRole = new Role("exampleRole", RoleArgs.builder()        
            .assumeRolePolicy("""
{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Principal": {
            "Service": "appsync.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
        }
    ]
}
            """)
            .build());

        var exampleRolePolicyAttachment = new RolePolicyAttachment("exampleRolePolicyAttachment", RolePolicyAttachmentArgs.builder()        
            .policyArn("arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs")
            .role(exampleRole.name())
            .build());

        var exampleGraphQLApi = new GraphQLApi("exampleGraphQLApi", GraphQLApiArgs.builder()        
            .logConfig(GraphQLApiLogConfigArgs.builder()
                .cloudwatchLogsRoleArn(exampleRole.arn())
                .fieldLogLevel("ERROR")
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example_role = aws.iam.Role("exampleRole", assume_role_policy="""{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Principal": {
            "Service": "appsync.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
        }
    ]
}
""")
example_role_policy_attachment = aws.iam.RolePolicyAttachment("exampleRolePolicyAttachment",
    policy_arn="arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
    role=example_role.name)
# ... other configuration ...
example_graph_ql_api = aws.appsync.GraphQLApi("exampleGraphQLApi", log_config=aws.appsync.GraphQLApiLogConfigArgs(
    cloudwatch_logs_role_arn=example_role.arn,
    field_log_level="ERROR",
))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRole = new aws.iam.Role("exampleRole", {assumeRolePolicy: `{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Principal": {
            "Service": "appsync.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
        }
    ]
}
`});
const exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("exampleRolePolicyAttachment", {
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
    role: exampleRole.name,
});
// ... other configuration ...
const exampleGraphQLApi = new aws.appsync.GraphQLApi("exampleGraphQLApi", {logConfig: {
    cloudwatchLogsRoleArn: exampleRole.arn,
    fieldLogLevel: "ERROR",
}});
resources:
  exampleRole:
    type: aws:iam:Role
    properties:
      assumeRolePolicy: |
        {
            "Version": "2012-10-17",
            "Statement": [
                {
                "Effect": "Allow",
                "Principal": {
                    "Service": "appsync.amazonaws.com"
                },
                "Action": "sts:AssumeRole"
                }
            ]
        }        
  exampleRolePolicyAttachment:
    type: aws:iam:RolePolicyAttachment
    properties:
      policyArn: arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs
      role: ${exampleRole.name}
  exampleGraphQLApi:
    type: aws:appsync:GraphQLApi
    properties:
      logConfig:
        cloudwatchLogsRoleArn: ${exampleRole.arn}
        fieldLogLevel: ERROR

Associate Web ACL (v2)

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.appsync.GraphQLApi;
import com.pulumi.aws.appsync.GraphQLApiArgs;
import com.pulumi.aws.wafv2.WebAcl;
import com.pulumi.aws.wafv2.WebAclArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclDefaultActionAllowArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleOverrideActionArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleStatementManagedRuleGroupStatementArgs;
import com.pulumi.aws.wafv2.inputs.WebAclRuleVisibilityConfigArgs;
import com.pulumi.aws.wafv2.inputs.WebAclVisibilityConfigArgs;
import com.pulumi.aws.wafv2.WebAclAssociation;
import com.pulumi.aws.wafv2.WebAclAssociationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleGraphQLApi = new GraphQLApi("exampleGraphQLApi", GraphQLApiArgs.builder()        
            .authenticationType("API_KEY")
            .build());

        var exampleWebAcl = new WebAcl("exampleWebAcl", WebAclArgs.builder()        
            .description("Example of a managed rule.")
            .scope("REGIONAL")
            .defaultAction(WebAclDefaultActionArgs.builder()
                .allow()
                .build())
            .rules(WebAclRuleArgs.builder()
                .name("rule-1")
                .priority(1)
                .overrideAction(WebAclRuleOverrideActionArgs.builder()
                    .block()
                    .build())
                .statement(WebAclRuleStatementArgs.builder()
                    .managedRuleGroupStatement(WebAclRuleStatementManagedRuleGroupStatementArgs.builder()
                        .name("AWSManagedRulesCommonRuleSet")
                        .vendorName("AWS")
                        .build())
                    .build())
                .visibilityConfig(WebAclRuleVisibilityConfigArgs.builder()
                    .cloudwatchMetricsEnabled(false)
                    .metricName("friendly-rule-metric-name")
                    .sampledRequestsEnabled(false)
                    .build())
                .build())
            .visibilityConfig(WebAclVisibilityConfigArgs.builder()
                .cloudwatchMetricsEnabled(false)
                .metricName("friendly-metric-name")
                .sampledRequestsEnabled(false)
                .build())
            .build());

        var exampleWebAclAssociation = new WebAclAssociation("exampleWebAclAssociation", WebAclAssociationArgs.builder()        
            .resourceArn(exampleGraphQLApi.arn())
            .webAclArn(exampleWebAcl.arn())
            .build());

    }
}

Coming soon!

Coming soon!

resources:
  exampleGraphQLApi:
    type: aws:appsync:GraphQLApi
    properties:
      authenticationType: API_KEY
  exampleWebAclAssociation:
    type: aws:wafv2:WebAclAssociation
    properties:
      resourceArn: ${exampleGraphQLApi.arn}
      webAclArn: ${exampleWebAcl.arn}
  exampleWebAcl:
    type: aws:wafv2:WebAcl
    properties:
      description: Example of a managed rule.
      scope: REGIONAL
      defaultAction:
        allow: {}
      rules:
        - name: rule-1
          priority: 1
          overrideAction:
            block:
              - {}
          statement:
            managedRuleGroupStatement:
              name: AWSManagedRulesCommonRuleSet
              vendorName: AWS
          visibilityConfig:
            cloudwatchMetricsEnabled: false
            metricName: friendly-rule-metric-name
            sampledRequestsEnabled: false
      visibilityConfig:
        cloudwatchMetricsEnabled: false
        metricName: friendly-metric-name
        sampledRequestsEnabled: false

Create a GraphQLApi Resource

new GraphQLApi(name: string, args: GraphQLApiArgs, opts?: CustomResourceOptions);
@overload
def GraphQLApi(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               additional_authentication_providers: Optional[Sequence[GraphQLApiAdditionalAuthenticationProviderArgs]] = None,
               authentication_type: Optional[str] = None,
               lambda_authorizer_config: Optional[GraphQLApiLambdaAuthorizerConfigArgs] = None,
               log_config: Optional[GraphQLApiLogConfigArgs] = None,
               name: Optional[str] = None,
               openid_connect_config: Optional[GraphQLApiOpenidConnectConfigArgs] = None,
               schema: Optional[str] = None,
               tags: Optional[Mapping[str, str]] = None,
               user_pool_config: Optional[GraphQLApiUserPoolConfigArgs] = None,
               xray_enabled: Optional[bool] = None)
@overload
def GraphQLApi(resource_name: str,
               args: GraphQLApiArgs,
               opts: Optional[ResourceOptions] = None)
func NewGraphQLApi(ctx *Context, name string, args GraphQLApiArgs, opts ...ResourceOption) (*GraphQLApi, error)
public GraphQLApi(string name, GraphQLApiArgs args, CustomResourceOptions? opts = null)
public GraphQLApi(String name, GraphQLApiArgs args)
public GraphQLApi(String name, GraphQLApiArgs args, CustomResourceOptions options)
type: aws:appsync:GraphQLApi
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args GraphQLApiArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args GraphQLApiArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args GraphQLApiArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args GraphQLApiArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args GraphQLApiArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

GraphQLApi Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The GraphQLApi resource accepts the following input properties:

AuthenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

AdditionalAuthenticationProviders List<GraphQLApiAdditionalAuthenticationProviderArgs>

One or more additional authentication providers for the GraphqlApi. Defined below.

LambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

LogConfig GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

Name string

User-supplied name for the GraphqlApi.

OpenidConnectConfig GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

Schema string

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

Tags Dictionary<string, string>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

UserPoolConfig GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

XrayEnabled bool

Whether tracing with X-ray is enabled. Defaults to false.

AuthenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

AdditionalAuthenticationProviders []GraphQLApiAdditionalAuthenticationProviderArgs

One or more additional authentication providers for the GraphqlApi. Defined below.

LambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

LogConfig GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

Name string

User-supplied name for the GraphqlApi.

OpenidConnectConfig GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

Schema string

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

Tags map[string]string

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

UserPoolConfig GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

XrayEnabled bool

Whether tracing with X-ray is enabled. Defaults to false.

authenticationType String

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

additionalAuthenticationProviders List<GraphQLApiAdditionalAuthenticationProviderArgs>

One or more additional authentication providers for the GraphqlApi. Defined below.

lambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

logConfig GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

name String

User-supplied name for the GraphqlApi.

openidConnectConfig GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

schema String

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

tags Map<String,String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

userPoolConfig GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

xrayEnabled Boolean

Whether tracing with X-ray is enabled. Defaults to false.

authenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

additionalAuthenticationProviders GraphQLApiAdditionalAuthenticationProviderArgs[]

One or more additional authentication providers for the GraphqlApi. Defined below.

lambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

logConfig GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

name string

User-supplied name for the GraphqlApi.

openidConnectConfig GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

schema string

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

tags {[key: string]: string}

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

userPoolConfig GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

xrayEnabled boolean

Whether tracing with X-ray is enabled. Defaults to false.

authentication_type str

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

additional_authentication_providers Sequence[GraphQLApiAdditionalAuthenticationProviderArgs]

One or more additional authentication providers for the GraphqlApi. Defined below.

lambda_authorizer_config GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

log_config GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

name str

User-supplied name for the GraphqlApi.

openid_connect_config GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

schema str

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

tags Mapping[str, str]

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

user_pool_config GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

xray_enabled bool

Whether tracing with X-ray is enabled. Defaults to false.

authenticationType String

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

additionalAuthenticationProviders List<Property Map>

One or more additional authentication providers for the GraphqlApi. Defined below.

lambdaAuthorizerConfig Property Map

Nested argument containing Lambda authorizer configuration. Defined below.

logConfig Property Map

Nested argument containing logging configuration. Defined below.

name String

User-supplied name for the GraphqlApi.

openidConnectConfig Property Map

Nested argument containing OpenID Connect configuration. Defined below.

schema String

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

tags Map<String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

userPoolConfig Property Map

Amazon Cognito User Pool configuration. Defined below.

xrayEnabled Boolean

Whether tracing with X-ray is enabled. Defaults to false.

Outputs

All input properties are implicitly available as output properties. Additionally, the GraphQLApi resource produces the following output properties:

Arn string

ARN

Id string

The provider-assigned unique ID for this managed resource.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Uris Dictionary<string, string>

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

Arn string

ARN

Id string

The provider-assigned unique ID for this managed resource.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Uris map[string]string

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

arn String

ARN

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

uris Map<String,String>

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

arn string

ARN

id string

The provider-assigned unique ID for this managed resource.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

uris {[key: string]: string}

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

arn str

ARN

id str

The provider-assigned unique ID for this managed resource.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

uris Mapping[str, str]

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

arn String

ARN

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

uris Map<String>

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

Look up an Existing GraphQLApi Resource

Get an existing GraphQLApi resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GraphQLApiState, opts?: CustomResourceOptions): GraphQLApi
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        additional_authentication_providers: Optional[Sequence[GraphQLApiAdditionalAuthenticationProviderArgs]] = None,
        arn: Optional[str] = None,
        authentication_type: Optional[str] = None,
        lambda_authorizer_config: Optional[GraphQLApiLambdaAuthorizerConfigArgs] = None,
        log_config: Optional[GraphQLApiLogConfigArgs] = None,
        name: Optional[str] = None,
        openid_connect_config: Optional[GraphQLApiOpenidConnectConfigArgs] = None,
        schema: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        uris: Optional[Mapping[str, str]] = None,
        user_pool_config: Optional[GraphQLApiUserPoolConfigArgs] = None,
        xray_enabled: Optional[bool] = None) -> GraphQLApi
func GetGraphQLApi(ctx *Context, name string, id IDInput, state *GraphQLApiState, opts ...ResourceOption) (*GraphQLApi, error)
public static GraphQLApi Get(string name, Input<string> id, GraphQLApiState? state, CustomResourceOptions? opts = null)
public static GraphQLApi get(String name, Output<String> id, GraphQLApiState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AdditionalAuthenticationProviders List<GraphQLApiAdditionalAuthenticationProviderArgs>

One or more additional authentication providers for the GraphqlApi. Defined below.

Arn string

ARN

AuthenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

LambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

LogConfig GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

Name string

User-supplied name for the GraphqlApi.

OpenidConnectConfig GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

Schema string

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

Tags Dictionary<string, string>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Uris Dictionary<string, string>

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

UserPoolConfig GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

XrayEnabled bool

Whether tracing with X-ray is enabled. Defaults to false.

AdditionalAuthenticationProviders []GraphQLApiAdditionalAuthenticationProviderArgs

One or more additional authentication providers for the GraphqlApi. Defined below.

Arn string

ARN

AuthenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

LambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

LogConfig GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

Name string

User-supplied name for the GraphqlApi.

OpenidConnectConfig GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

Schema string

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

Tags map[string]string

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Uris map[string]string

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

UserPoolConfig GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

XrayEnabled bool

Whether tracing with X-ray is enabled. Defaults to false.

additionalAuthenticationProviders List<GraphQLApiAdditionalAuthenticationProviderArgs>

One or more additional authentication providers for the GraphqlApi. Defined below.

arn String

ARN

authenticationType String

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

lambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

logConfig GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

name String

User-supplied name for the GraphqlApi.

openidConnectConfig GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

schema String

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

tags Map<String,String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

uris Map<String,String>

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

userPoolConfig GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

xrayEnabled Boolean

Whether tracing with X-ray is enabled. Defaults to false.

additionalAuthenticationProviders GraphQLApiAdditionalAuthenticationProviderArgs[]

One or more additional authentication providers for the GraphqlApi. Defined below.

arn string

ARN

authenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

lambdaAuthorizerConfig GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

logConfig GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

name string

User-supplied name for the GraphqlApi.

openidConnectConfig GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

schema string

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

tags {[key: string]: string}

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

uris {[key: string]: string}

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

userPoolConfig GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

xrayEnabled boolean

Whether tracing with X-ray is enabled. Defaults to false.

additional_authentication_providers Sequence[GraphQLApiAdditionalAuthenticationProviderArgs]

One or more additional authentication providers for the GraphqlApi. Defined below.

arn str

ARN

authentication_type str

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

lambda_authorizer_config GraphQLApiLambdaAuthorizerConfigArgs

Nested argument containing Lambda authorizer configuration. Defined below.

log_config GraphQLApiLogConfigArgs

Nested argument containing logging configuration. Defined below.

name str

User-supplied name for the GraphqlApi.

openid_connect_config GraphQLApiOpenidConnectConfigArgs

Nested argument containing OpenID Connect configuration. Defined below.

schema str

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

tags Mapping[str, str]

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

uris Mapping[str, str]

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

user_pool_config GraphQLApiUserPoolConfigArgs

Amazon Cognito User Pool configuration. Defined below.

xray_enabled bool

Whether tracing with X-ray is enabled. Defaults to false.

additionalAuthenticationProviders List<Property Map>

One or more additional authentication providers for the GraphqlApi. Defined below.

arn String

ARN

authenticationType String

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

lambdaAuthorizerConfig Property Map

Nested argument containing Lambda authorizer configuration. Defined below.

logConfig Property Map

Nested argument containing logging configuration. Defined below.

name String

User-supplied name for the GraphqlApi.

openidConnectConfig Property Map

Nested argument containing OpenID Connect configuration. Defined below.

schema String

Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.

tags Map<String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

uris Map<String>

Map of URIs associated with the APIE.g., uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql

userPoolConfig Property Map

Amazon Cognito User Pool configuration. Defined below.

xrayEnabled Boolean

Whether tracing with X-ray is enabled. Defaults to false.

Supporting Types

GraphQLApiAdditionalAuthenticationProvider

AuthenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

LambdaAuthorizerConfig GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig

Nested argument containing Lambda authorizer configuration. Defined below.

OpenidConnectConfig GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig

Nested argument containing OpenID Connect configuration. Defined below.

UserPoolConfig GraphQLApiAdditionalAuthenticationProviderUserPoolConfig

Amazon Cognito User Pool configuration. Defined below.

AuthenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

LambdaAuthorizerConfig GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig

Nested argument containing Lambda authorizer configuration. Defined below.

OpenidConnectConfig GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig

Nested argument containing OpenID Connect configuration. Defined below.

UserPoolConfig GraphQLApiAdditionalAuthenticationProviderUserPoolConfig

Amazon Cognito User Pool configuration. Defined below.

authenticationType String

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

lambdaAuthorizerConfig GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig

Nested argument containing Lambda authorizer configuration. Defined below.

openidConnectConfig GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig

Nested argument containing OpenID Connect configuration. Defined below.

userPoolConfig GraphQLApiAdditionalAuthenticationProviderUserPoolConfig

Amazon Cognito User Pool configuration. Defined below.

authenticationType string

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

lambdaAuthorizerConfig GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig

Nested argument containing Lambda authorizer configuration. Defined below.

openidConnectConfig GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig

Nested argument containing OpenID Connect configuration. Defined below.

userPoolConfig GraphQLApiAdditionalAuthenticationProviderUserPoolConfig

Amazon Cognito User Pool configuration. Defined below.

authentication_type str

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

lambda_authorizer_config GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig

Nested argument containing Lambda authorizer configuration. Defined below.

openid_connect_config GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig

Nested argument containing OpenID Connect configuration. Defined below.

user_pool_config GraphQLApiAdditionalAuthenticationProviderUserPoolConfig

Amazon Cognito User Pool configuration. Defined below.

authenticationType String

Authentication type. Valid values: API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA

lambdaAuthorizerConfig Property Map

Nested argument containing Lambda authorizer configuration. Defined below.

openidConnectConfig Property Map

Nested argument containing OpenID Connect configuration. Defined below.

userPoolConfig Property Map

Amazon Cognito User Pool configuration. Defined below.

GraphQLApiAdditionalAuthenticationProviderLambdaAuthorizerConfig

AuthorizerUri string

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

AuthorizerResultTtlInSeconds int

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

IdentityValidationExpression string

Regular expression for validation of tokens before the Lambda function is called.

AuthorizerUri string

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

AuthorizerResultTtlInSeconds int

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

IdentityValidationExpression string

Regular expression for validation of tokens before the Lambda function is called.

authorizerUri String

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

authorizerResultTtlInSeconds Integer

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

identityValidationExpression String

Regular expression for validation of tokens before the Lambda function is called.

authorizerUri string

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

authorizerResultTtlInSeconds number

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

identityValidationExpression string

Regular expression for validation of tokens before the Lambda function is called.

authorizer_uri str

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

authorizer_result_ttl_in_seconds int

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

identity_validation_expression str

Regular expression for validation of tokens before the Lambda function is called.

authorizerUri String

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

authorizerResultTtlInSeconds Number

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

identityValidationExpression String

Regular expression for validation of tokens before the Lambda function is called.

GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig

Issuer string

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

AuthTtl int

Number of milliseconds a token is valid after being authenticated.

ClientId string

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

IatTtl int

Number of milliseconds a token is valid after being issued to a user.

Issuer string

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

AuthTtl int

Number of milliseconds a token is valid after being authenticated.

ClientId string

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

IatTtl int

Number of milliseconds a token is valid after being issued to a user.

issuer String

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

authTtl Integer

Number of milliseconds a token is valid after being authenticated.

clientId String

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

iatTtl Integer

Number of milliseconds a token is valid after being issued to a user.

issuer string

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

authTtl number

Number of milliseconds a token is valid after being authenticated.

clientId string

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

iatTtl number

Number of milliseconds a token is valid after being issued to a user.

issuer str

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

auth_ttl int

Number of milliseconds a token is valid after being authenticated.

client_id str

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

iat_ttl int

Number of milliseconds a token is valid after being issued to a user.

issuer String

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

authTtl Number

Number of milliseconds a token is valid after being authenticated.

clientId String

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

iatTtl Number

Number of milliseconds a token is valid after being issued to a user.

GraphQLApiAdditionalAuthenticationProviderUserPoolConfig

UserPoolId string

User pool ID.

AppIdClientRegex string

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

AwsRegion string

AWS region in which the user pool was created.

UserPoolId string

User pool ID.

AppIdClientRegex string

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

AwsRegion string

AWS region in which the user pool was created.

userPoolId String

User pool ID.

appIdClientRegex String

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

awsRegion String

AWS region in which the user pool was created.

userPoolId string

User pool ID.

appIdClientRegex string

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

awsRegion string

AWS region in which the user pool was created.

user_pool_id str

User pool ID.

app_id_client_regex str

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

aws_region str

AWS region in which the user pool was created.

userPoolId String

User pool ID.

appIdClientRegex String

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

awsRegion String

AWS region in which the user pool was created.

GraphQLApiLambdaAuthorizerConfig

AuthorizerUri string

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

AuthorizerResultTtlInSeconds int

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

IdentityValidationExpression string

Regular expression for validation of tokens before the Lambda function is called.

AuthorizerUri string

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

AuthorizerResultTtlInSeconds int

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

IdentityValidationExpression string

Regular expression for validation of tokens before the Lambda function is called.

authorizerUri String

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

authorizerResultTtlInSeconds Integer

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

identityValidationExpression String

Regular expression for validation of tokens before the Lambda function is called.

authorizerUri string

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

authorizerResultTtlInSeconds number

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

identityValidationExpression string

Regular expression for validation of tokens before the Lambda function is called.

authorizer_uri str

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

authorizer_result_ttl_in_seconds int

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

identity_validation_expression str

Regular expression for validation of tokens before the Lambda function is called.

authorizerUri String

ARN of the Lambda function to be called for authorization. Note: This Lambda function must have a resource-based policy assigned to it, to allow lambda:InvokeFunction from service principal appsync.amazonaws.com.

authorizerResultTtlInSeconds Number

Number of seconds a response should be cached for. The default is 5 minutes (300 seconds). The Lambda function can override this by returning a ttlOverride key in its response. A value of 0 disables caching of responses. Minimum value of 0. Maximum value of 3600.

identityValidationExpression String

Regular expression for validation of tokens before the Lambda function is called.

GraphQLApiLogConfig

CloudwatchLogsRoleArn string

Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.

FieldLogLevel string

Field logging level. Valid values: ALL, ERROR, NONE.

ExcludeVerboseContent bool

Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false

CloudwatchLogsRoleArn string

Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.

FieldLogLevel string

Field logging level. Valid values: ALL, ERROR, NONE.

ExcludeVerboseContent bool

Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false

cloudwatchLogsRoleArn String

Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.

fieldLogLevel String

Field logging level. Valid values: ALL, ERROR, NONE.

excludeVerboseContent Boolean

Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false

cloudwatchLogsRoleArn string

Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.

fieldLogLevel string

Field logging level. Valid values: ALL, ERROR, NONE.

excludeVerboseContent boolean

Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false

cloudwatch_logs_role_arn str

Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.

field_log_level str

Field logging level. Valid values: ALL, ERROR, NONE.

exclude_verbose_content bool

Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false

cloudwatchLogsRoleArn String

Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.

fieldLogLevel String

Field logging level. Valid values: ALL, ERROR, NONE.

excludeVerboseContent Boolean

Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: true, false. Default value: false

GraphQLApiOpenidConnectConfig

Issuer string

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

AuthTtl int

Number of milliseconds a token is valid after being authenticated.

ClientId string

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

IatTtl int

Number of milliseconds a token is valid after being issued to a user.

Issuer string

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

AuthTtl int

Number of milliseconds a token is valid after being authenticated.

ClientId string

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

IatTtl int

Number of milliseconds a token is valid after being issued to a user.

issuer String

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

authTtl Integer

Number of milliseconds a token is valid after being authenticated.

clientId String

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

iatTtl Integer

Number of milliseconds a token is valid after being issued to a user.

issuer string

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

authTtl number

Number of milliseconds a token is valid after being authenticated.

clientId string

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

iatTtl number

Number of milliseconds a token is valid after being issued to a user.

issuer str

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

auth_ttl int

Number of milliseconds a token is valid after being authenticated.

client_id str

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

iat_ttl int

Number of milliseconds a token is valid after being issued to a user.

issuer String

Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.

authTtl Number

Number of milliseconds a token is valid after being authenticated.

clientId String

Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.

iatTtl Number

Number of milliseconds a token is valid after being issued to a user.

GraphQLApiUserPoolConfig

DefaultAction string

Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY

UserPoolId string

User pool ID.

AppIdClientRegex string

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

AwsRegion string

AWS region in which the user pool was created.

DefaultAction string

Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY

UserPoolId string

User pool ID.

AppIdClientRegex string

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

AwsRegion string

AWS region in which the user pool was created.

defaultAction String

Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY

userPoolId String

User pool ID.

appIdClientRegex String

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

awsRegion String

AWS region in which the user pool was created.

defaultAction string

Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY

userPoolId string

User pool ID.

appIdClientRegex string

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

awsRegion string

AWS region in which the user pool was created.

default_action str

Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY

user_pool_id str

User pool ID.

app_id_client_regex str

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

aws_region str

AWS region in which the user pool was created.

defaultAction String

Action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: ALLOW and DENY

userPoolId String

User pool ID.

appIdClientRegex String

Regular expression for validating the incoming Amazon Cognito User Pool app client ID.

awsRegion String

AWS region in which the user pool was created.

Import

AppSync GraphQL API can be imported using the GraphQL API ID, e.g.,

 $ pulumi import aws:appsync/graphQLApi:GraphQLApi example 0123456789

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.