appsync-auth-and-unauth icon indicating copy to clipboard operation
appsync-auth-and-unauth copied to clipboard

Published 20 hours ago verified publisher icon dabit3

listTodos should be Query?

Open selipso opened this issue 6 years ago • 2 comments

I noticed that in the IAM access policies, all roles are mutations, including listTodos. I believe that one should be a query for both auth and unauthenticated identities.

selipso avatar Feb 20 '19 05:02 selipso

Also, why is 'fields' there? What does 'fields' mean, and why isn't it just 'query/[QUERY_NAME]'

reggie3 avatar Feb 23 '19 21:02 reggie3

For the unauthenticated inline policy, I simplified it to this:

"Resource": [
                "arn:aws:appsync:<REGION>:<ACCOUNT>:apis/<API_ID>/types/Query/*"
            ]

But use of .../fields/... allows more fine-grained control: https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsappsync.html

kwhitejr avatar Jul 12 '19 03:07 kwhitejr