From df5744d6a05731d4268e161ad35b9f180bd332b3 Mon Sep 17 00:00:00 2001 From: Duarte Nunes Date: Wed, 12 Feb 2020 20:01:09 -0300 Subject: [PATCH] feat(appsync): allow specifying additional authorization modes Currently the AppSync L2 constructs don't provide a way to configure additional authorization modes. Add the ability to specify additional authorization modes, currently limited to Cognito user pools and API keys. Fixes #6247 Signed-off-by: Duarte Nunes --- packages/@aws-cdk/aws-appsync/README.md | 5 +++++ packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/packages/@aws-cdk/aws-appsync/README.md b/packages/@aws-cdk/aws-appsync/README.md index 38cd003435f73..310212f41af81 100644 --- a/packages/@aws-cdk/aws-appsync/README.md +++ b/packages/@aws-cdk/aws-appsync/README.md @@ -64,6 +64,11 @@ export class ApiStack extends Stack { userPool, defaultAction: UserPoolDefaultAction.ALLOW, }, + additionalAuthorizationModes: [ + { + apiKeyDesc: 'My API Key', + }, + ], }, schemaDefinitionFile: './schema.graphql', }); diff --git a/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts b/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts index c000cf77eb060..f9d57d99ecb87 100644 --- a/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts +++ b/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts @@ -81,6 +81,13 @@ export interface AuthorizationConfig { * @default - API Key authorization */ readonly defaultAuthorization?: AuthModes; + + /** + * Additional authorization modes + * + * @default - No other modes + */ + readonly additionalAuthorizationModes?: [AuthModes] } /** @@ -268,6 +275,15 @@ export class GraphQLApi extends Construct { } else if (isApiKeyConfig(auth.defaultAuthorization)) { this.api.authenticationType = this.apiKeyDesc(auth.defaultAuthorization).authenticationType; } + + this.api.additionalAuthenticationProviders = []; + for (const mode of (auth.additionalAuthorizationModes || [])) { + if (isUserPoolConfig(mode)) { + this.api.additionalAuthenticationProviders.push(this.userPoolDescFrom(mode)); + } else if (isApiKeyConfig(mode)) { + this.api.additionalAuthenticationProviders.push(this.apiKeyDesc(mode)); + } + } } private userPoolDescFrom(upConfig: UserPoolConfig): { authenticationType: string; userPoolConfig: CfnGraphQLApi.UserPoolConfigProperty } {