AWS AppSync Authorization

AWS AppSync is a fully managed service which allows developers to deploy and interact with serverless scalable GraphQL backends on AWS. AppSync handles the parsing and resolution of requests as well as connecting to other AWS services like AWS Lambda, NoSQL and SQL data stores, and HTTP APIs to gather backend data for the API.

AppSync makes it easy to connect applications to multiple data sources using a single API.

AppSync supports multiple authorization modes to cater to different access use cases:

  • API Keys (API_KEY)
  • Amazon Cognito User Pools (AMAZON_COGNITO_USER_POOLS)
  • OpenID Connect (OPENID_CONNECT)
  • AWS Identity and Access Management (AWS_IAM)
  • AWS Lambda (AWS_LAMBDA)

AppSync does not support unauthorized access. A request with no Authorization header is automatically denied, this enforces security for our API as no unauthorized client can access data backends.