aws-amplify
Custom mutation not accessible with IAM
Environment information
System:
OS: macOS 14.6.1
CPU: (24) arm64 Apple M2 Ultra
Memory: 117.35 GB / 192.00 GB
Shell: /bin/zsh
Binaries:
Node: 18.20.4 - ~/.nvm/versions/node/v18.20.4/bin/node
Yarn: 1.22.22 - /opt/homebrew/bin/yarn
npm: 10.7.0 - ~/.nvm/versions/node/v18.20.4/bin/npm
pnpm: undefined - undefined
NPM Packages:
@aws-amplify/auth-construct: 1.3.0
@aws-amplify/backend: 1.1.1
@aws-amplify/backend-auth: 1.1.3
@aws-amplify/backend-cli: 1.2.4
@aws-amplify/backend-data: 1.1.2
@aws-amplify/backend-deployer: 1.0.6
@aws-amplify/backend-function: 1.3.3
@aws-amplify/backend-output-schemas: 1.2.0
@aws-amplify/backend-output-storage: 1.1.1
@aws-amplify/backend-secret: 1.0.1
@aws-amplify/backend-storage: 1.1.2
@aws-amplify/cli-core: 1.1.2
@aws-amplify/client-config: 1.2.1
@aws-amplify/deployed-backend-client: 1.4.0
@aws-amplify/form-generator: 1.0.1
@aws-amplify/model-generator: 1.0.5
@aws-amplify/platform-core: 1.0.6
@aws-amplify/plugin-types: 1.2.1
@aws-amplify/sandbox: 1.1.3
@aws-amplify/schema-generator: 1.2.1
aws-amplify: 6.5.1
aws-cdk: 2.153.0
aws-cdk-lib: 2.153.0
typescript: 5.5.4
AWS environment variables:
AWS_STS_REGIONAL_ENDPOINTS = regional
AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables
Describe the bug
A custom mutation ("increment") is not accessible by a Lambda function. Upon checking the generated schema in AppSync, the mutation is missing the @aws_iam directive, which is likely causing the access issue.
Reproduction steps
amplify/data/resource.ts:
import { type ClientSchema, a, defineData } from "@aws-amplify/backend";
import { postConfirmation } from "../auth/post-confirmation/resource";
const schema = a
.schema({
UserProfile: a
.model({
email: a.string(),
profileOwner: a.string(),
kdnr: a.integer(),
})
.authorization((allow) => [
allow.ownerDefinedIn("profileOwner"),
]),
AtomicCounter: a
.model({
id: a.id(),
value: a.integer()
})
.authorization((allow)=> [
allow.authenticated()
]),
increment: a
.mutation()
.arguments({
id: a.string().required()
})
// return type of the query
.returns(a.integer())
.handler(a.handler.custom({
dataSource: a.ref('AtomicCounter'),
entry: './increment.js',
}))
.authorization((allow)=> [
allow.authenticated()
])
})
.authorization((allow) => [allow.resource(postConfirmation)]);
export type Schema = ClientSchema<typeof schema>
export const data = defineData({
schema: schema,
authorizationModes: {
defaultAuthorizationMode: "userPool",
apiKeyAuthorizationMode: {
expiresInDays: 365,
},
},
});
amplify/data/increment.js
export function request(ctx) {
return {
operation: 'UpdateItem',
key: {
id: { S: ctx.args.id }
},
update: {
expression: 'ADD #value :one',
expressionValues: { ':one': { N: 1 } },
expressionNames: { '#value': 'value' },
}
}
}
export function response(ctx) {
return ctx.result.value;
}
The generated schema looks like this:
type Mutation {
increment(id: String!): Int
@aws_cognito_user_pools
createUserProfile(input: CreateUserProfileInput!, condition: ModelUserProfileConditionInput): UserProfile
@aws_iam
@aws_cognito_user_pools
updateUserProfile(input: UpdateUserProfileInput!, condition: ModelUserProfileConditionInput): UserProfile
@aws_iam
@aws_cognito_user_pools
deleteUserProfile(input: DeleteUserProfileInput!, condition: ModelUserProfileConditionInput): UserProfile
@aws_iam
@aws_cognito_user_pools
createAtomicCounter(input: CreateAtomicCounterInput!, condition: ModelAtomicCounterConditionInput): AtomicCounter
@aws_iam
@aws_cognito_user_pools
updateAtomicCounter(input: UpdateAtomicCounterInput!, condition: ModelAtomicCounterConditionInput): AtomicCounter
@aws_iam
@aws_cognito_user_pools
deleteAtomicCounter(input: DeleteAtomicCounterInput!, condition: ModelAtomicCounterConditionInput): AtomicCounter
@aws_iam
@aws_cognito_user_pools
}
The increment is missing the "@aws_iam". After manually adding it, it works. Shouldn't the .authorization((allow) => [allow.resource(postConfirmation)]); add that?
Hey,👋 thanks for raising this! I'm going to transfer this over to our API repository for better assistance 🙂
Hi @VincentvdE, Apologies for the delay. Thanks for bringing this up. We’re able to reproduce the issue by following the steps outlined in the description, so we’re marking it as a bug for the team to investigate further.
This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
We have released this in @aws-amplify/[email protected], @aws-amplify/[email protected]. Update your project dependencies with an npm update to consume the fix.
This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.