serverless-application-model
serverless-application-model copied to clipboard
aws
Feature request: AppSync Resources
AppSync being in its very early stages, i am curious about hearing the future compatibility for AppSync deploys? Currently i am utilizing a serverless framework plugin for the purpose.
We will be looking into adding AppSync support into SAM, thanks for your interest!
I currently have opened up a feature branch and have started implementing this feature.
I've currently created a new resource
MyGraphAPI:
Type: AWS::Serverless::GraphQLApi
Properties:
Name: MyGraphAPI
AuthenticationType: API_KEY
LogConfig:
Enabled: true
FieldLogLevel: ALL
Retention: 3
UserPoolConfig:
AppIdClientRegex : '1234'
AwsRegion : us-west-2
DefaultAction : DENY
UserPoolId : '4321'
ApiKeys:
- Description: Key1
Expires: 1
- Description: Key2
Expires: 2
Which will become this after transform:
MyGraphAPIKey1:
Type: AWS::AppSync::ApiKey
Properties:
ApiId:
Fn::GetAtt:
- MyGraphAPI
- ApiId
Expires: 2
Description: Key2
MyGraphAPIKey0:
Type: AWS::AppSync::ApiKey
Properties:
ApiId:
Fn::GetAtt:
- MyGraphAPI
- ApiId
Expires: 1
Description: Key1
MyGraphAPIRole:
Type: AWS::IAM::Role
Properties:
Policies:
- PolicyName: CloudWatchLogPolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- logs:CreateLogGroup
- logs:PutRetentionPolicy
Resource: arn:aws:logs:*:*:log-group:/aws/appsync/apis/*
Effect: Allow
- Action:
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogStreams
- logs:GetLogEvents
Resource: arn:aws:logs:*:*:log-group:/aws/appsync/apis/*:log-stream:*
Effect: Allow
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- appsync.amazonaws.com
MyGraphAPILogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 3
LogGroupName:
Fn::Sub:
- "/aws/appsync/apis/${ApiId}"
- ApiId:
Fn::GetAtt:
- MyGraphAPI
- ApiId
MyGraphAPI:
Type: AWS::AppSync::GraphQLApi
Properties:
LogConfig:
FieldLogLevel: ALL
CloudWatchLogsRoleArn:
Fn::GetAtt:
- MyGraphAPIRole
- Arn
AuthenticationType: API_KEY
Name: MyGraphAPI
This solution i think will simplify the creation of appsync apis, however i haven't been able to come up with a design for implementing Functions, Data Sources, and Resolvers. Part of me doesn't see the benefit of add new resources for theses ad they are already pretty simple to create. Any thoughts or ideas would be appreciated.
Update: A schema resource would also get created.
MyGraphAPISchema:
Type: AWS::AppSync::GraphQLSchema
Properties:
ApiId:
Fn::GetAtt:
- MyGraphAPI
- ApiId
DefinitionS3Location: "s3://bucket/schema.gql"
Thank you for the feature proposal and starting to work on this! We will review this proposal and get back to you with our feedback soon. Really appreciate your work on this!
Could we expand this to include support for the new AdditionalAuthenticationProviders?
I think there might be a benefit to adding an AWS::Serverless::GraphQLDataSource where the ServiceRoleArn is replaced with an IamRoleStatements which would expand into an AWS::AppSync::DataSource and AWS::IAM::Role for the data source.
Also possibly extending AWS::Serverless::Function with an attribute to create AWS::AppSync::DataSource resource automatically? And an event source for AWS::Serverless::Function to be triggered by AWS::AppSync::Resolver !
@mtstrong17 I want to collaborate on it, share your progress!
Would it be possible to add an AppSync or Graphql event source to AWS::Serverless::Function? I think this could work like Lambda Proxy integration with the API Gateway. You would need to provide
ApiIdfor the AppSync APITypeNameandFieldNamefor the schema
SAM could generate the
AWS::AppSync::DataSourcefor the LambdaAWS::IAM::Roleto invoke the LambdaAWS::AppSync::Resolver+ Request/Response templates to pass everything to/from Lambda (making it function like Lambda Proxy integration)
I'd like to request this feature as well. I find it much simpler to deploy services using AppSync and resolver templates. Aside from the benefits of GraphQL/AppSync for app development with features like subscriptions and nested responses, its also significantly faster to develop with. Especially when executing generic CRUD activities on DynamoDB Tables
Unfortunately implementation with SAM is a headache in comparison to the serverless framework serverless-appsync-plugin which makes it significantly simpler to breakout the schema, mapping templates and data source links into separate files/folders. Thereby making it easier to make changes and track them with version control
template.yml
This is an example of the structure I would like to see
MyGraphAPISchema:
Type: AWS::AppSync::GraphQLSchema
Properties:
Schema: path/to/schema.graphql
MappingTemplates: path/to/folder #folder with resolver templates
Configuration: path/to/appsync.yml #config file for AppSync parameters
Breaking out parameters for configuration of:
- data sources
- mapping template resolver linking
- authentication methods
into a separate file makes it much easier to flesh out the configuration of the schema. The list of MappingTemplates can be quite large and would quickly make template.yml more cumbersome to navigate.
We have an RFC open for supporting AppSync resources, please let us know your thoughts: https://github.com/aws/serverless-application-model/discussions/3075
We listened and made building a serverless GraphQL API a bit easier with a new abstraction AWS::Serverless::GraphQLApi. https://aws.amazon.com/about-aws/whats-new/2023/06/aws-appsync-abstraction/
