2

I've been playing around with AWS Amplify. Being relatively new to AWS I'm a huge fan of how Amplify provisions the necessary resources and IAM roles on AWS for me. My question is in regards to using Lambda with GraphQL. Following the documentation I'm able to create a custom GraphQL query that calls a Lambda function and returns a GraphQL response. However, I can't find anywhere in the documentation on how to interact with other AWS resources from within this Lambda function. For example, I'm looking to interact with DynamoDB or even RDS services. The documentation mentions being able to pull data from other resources (a MySQL database, for example) so I'm assuming it's possible.

When I've attempted to interact with DynamoDB (for example) I've received "access denied" errors and I'm assuming this is because the Lambda function doesn't have the necessary policy / permissions to do so. One idea I had was to manually login to the IAM console and attach these policies myself but given that Amplify generates all these for you and essentially manages your "cloud infrastructure / state" I'm not sure if this is the correct way to do this. I do notice the Cloud Formation template that Amplify generates when you add the Lambda resource for GraphQL so my next guess was to add the DynamoDB policy there and then run amplify push to have Amplify generate and manage the policies for me. If this is the correct way to do so, I guess I'll have to learn how to write Cloud Formation templates. Lastly, I'm wondering if my brain is getting in the way and if I'm able to just pass Cognito identity info via the AWS JavaScript SDK within Lambda and then things will just "work" - but I'm not entirely sure. My apologies in advance if I'm not using the correct terminology - as I said, I'm relatively new to AWS. Any help or direction is greatly appreciated.

Improve this question

2 Answers 2

Reset to default
0

You are right. You can modify the cloud formation script to add the permissions for the lambda.

But keep in mind, that lambda is per default not in a VPC, you can interact with RDS, but not with an RDS instance in a VPC. Once you put the lambda inside the same VPC as the RDS instance, you can communicate with the instance, but not with the RDS service, because the lambda has no access to the internet. For that you need a VPC endpoint or Nat Gateway.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

-1

With the latest aws-amplify release on May 30, 2019, you can

... easily grant create/read/update/delete permissions for interacting with AWS resources (such as DynamoDB) from a Lambda function.

Sample code:

/* Amplify Params - DO NOT EDIT
You can access the following resource attributes as environment variables from your Lambda function
var environment = process.env.ENV
var region = process.env.REGION
var storageTeststorageName = process.env.STORAGE_TESTSTORAGE_NAME
var storageTeststorageArn = process.env.STORAGE_TESTSTORAGE_ARN

Amplify Params - DO NOT EDIT */

var AWS = require('aws-sdk');
var region = process.env.REGION
var storageTeststorageName = process.env.STORAGE_TESTSTORAGE_NAME
AWS.config.update({region: region});
var ddb = new AWS.DynamoDB({apiVersion: '2012-08-10'});
var ddb_table_name = storageTeststorageName
var ddb_primary_key = 'id';

function write(params, context){
    ddb.putItem(params, function(err, data) {
    if (err) {
      console.log("Error", err);
    } else {
      console.log("Success", data);
    }
  });
}


exports.handler = function (event, context) { //eslint-disable-line

  var params = {
    TableName: ddb_table_name,
    Item: AWS.DynamoDB.Converter.input(event.arguments)
  };

  console.log('len: ' + Object.keys(event).length)
  if (Object.keys(event).length > 0) {
    write(params, context);
  } 
};

Please read the blog post for details.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.