amplify-backend
amplify-backend copied to clipboard
aws-amplify
Auto-detect and grant DynamoDB batch operation permissions for custom AppSync resolvers
Environment information
amplify develop env after deploy develop branch
Describe the bug
I was working on AWS Amplify Gen2 batch insert.
Here’s the code I used:
BatchCreateAssignmentPeerReview: a .mutation() .arguments({ data: a.json() }) .returns(a.ref('AssignmentPeerReview').array()) .authorization(allow => [allow.publicApiKey()]) .handler( a.handler.custom({ dataSource: a.ref('AssignmentPeerReview'), entry: '../db/BatchCreateAssignmentPeerReviewHandler.js', }), ),
` //BatchCreateAssignmentPeerReviewHandler.js import { util } from '@aws-appsync/utils';
export function request(ctx) {
var now = util.time.nowISO8601();
console.log(AssignmentPeerReview1-${ctx.stash.awsAppsyncApiId}-${ctx.stash.amplifyApiEnvironmentName});
var rawEnv = ctx.stash.amplifyApiEnvironmentName;
var envName = rawEnv.split('/').join('-');
var tableName = AssignmentPeerReview-${ctx.stash.awsAppsyncApiId}-${envName};
console.log(Table name: ${tableName});
console.log("data -->", ctx.args.data);
return { operation: 'BatchPutItem', tables: { [tableName]: ctx.args.data.map((data) => util.dynamodb.toMapValues({ ...data, id: util.autoId(), createdAt: now, updatedAt: now, }) ), }, }; }
export function response(ctx) {
var tableName = AssignmentPeerReview-${ctx.stash.awsAppsyncApiId}-${ctx.stash.amplifyApiEnvironmentName};
if (ctx.error) { util.error(ctx.error.message, ctx.error.type); }
return ctx.result.data[tableName]; } `
This worked perfectly in the sandbox environment. But after I deployed it to dev, it stopped working and I got this error:
User: arn:aws:sts::516060755828:assumed-role/AssignmentPeerReviewa12244-yzu26257cjdl5eugvlxz3rcp74-NONE/APPSYNC_ASSUME_ROLE is not authorized to perform: dynamodb:BatchWriteItem on resource: arn:aws:dynamodb:eu-west-2:516060755828:table/AssignmentPeerReview-yzu26257cjdl5eugvlxz3rcp74-feature-fix-submitted-assignment-issue-batch-insert because no identity-based policy allows the dynamodb:BatchWriteItem action (Service: DynamoDb, Status Code: 400, Request ID: AN28NJIDH9FJ4CV5C4V758USU3VV4KQNSO5AEMVJF66Q9ASUAAJG) (SDK Attempt Count: 1)
Please suggest me some solution to solve this.
Reproduction steps
resource.ts
BatchCreateAssignmentPeerReview: a .mutation() .arguments({ data: a.json() }) .returns(a.ref('AssignmentPeerReview').array()) .authorization(allow => [allow.publicApiKey()]) .handler( a.handler.custom({ dataSource: a.ref('AssignmentPeerReview'), entry: '../db/BatchCreateAssignmentPeerReviewHandler.js', }), ),
` //BatchCreateAssignmentPeerReviewHandler.js import { util } from '@aws-appsync/utils';
export function request(ctx) {
var now = util.time.nowISO8601();
console.log(AssignmentPeerReview1-${ctx.stash.awsAppsyncApiId}-${ctx.stash.amplifyApiEnvironmentName});
var rawEnv = ctx.stash.amplifyApiEnvironmentName;
var envName = rawEnv.split('/').join('-');
var tableName = AssignmentPeerReview-${ctx.stash.awsAppsyncApiId}-${envName};
console.log(Table name: ${tableName});
console.log("data -->", ctx.args.data);
return { operation: 'BatchPutItem', tables: { [tableName]: ctx.args.data.map((data) => util.dynamodb.toMapValues({ ...data, id: util.autoId(), createdAt: now, updatedAt: now, }) ), }, }; }
export function response(ctx) {
var tableName = AssignmentPeerReview-${ctx.stash.awsAppsyncApiId}-${ctx.stash.amplifyApiEnvironmentName};
if (ctx.error) { util.error(ctx.error.message, ctx.error.type); }
return ctx.result.data[tableName]; } `
