Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS Amplify Graph API that can be accessed without authorization (login)

Tags:

amazon-web-services

graphql

aws-amplify

aws-amplify-cli

I am new to Amplify and I am building a simple list of items (votes) with GraphQL. While the items visibility should be public (read access) without authentication, creating, updating and deleting should be done authenticated via Cognito user pool.

The model can be seen in following AWS Amplify Admin UI screenshot:

AWS Amplify Admin UI Data

I am not able to set the read access to Anyone (since this option is greyed out). Furthermore following statement in the AWS docs puzzles me a bit:

While the API endpoints are publicly reachable, they never allow unauthorized access.
GraphQL API Security with AWS AppSync and mplify

Am I on the wrong track when I want to publish a Graph API with Amplify to the public without authentication? Did I misconfigure my API or is there a way to bypass authentication? Honestly I am not sure if I understand the concept behind this.

For me it is hardly imaginable that only authenticated users can access the API. Respectively I assume there are many other cases (beside my one) where accessing the API without authentication is a requirement.

Thanks in advance for your feedback.

PS: #52601860 seems to be a similar question.

like image 410
Philipp Avatar asked Sep 15 '25 01:09

Philipp

1 Answers

This is achievable in AppSync. I think what you are looking for is a way to use different authentication mode for different API. So some API like query can be done by any unauthenticated users(i.e open to public) while others ike mutation is guarded behind the authentication.

One simple approach would be to enable authentication via Cogntito Identity Pool

Identity pool can be configured with two roles, one authorized role and another unauthorized role. Unauthorized role policy can be updated to, default ALLOW permission on AppSync query endpoint.

Here is a sample guide by Daniel Bayerlein which you can follow to achieve this: https://dev.to/danielbayerlein/aws-appsync-without-authentication-3fnm

It has detailed step and configuration change that is needed.

One more references for your help, in case if you just want to manually update the Cognito identity pool permission manually from AWS console: https://dev.to/sedkis/setting-up-aws-appsync-for-unauthenticated-users-1879

I hope this would be useful. Please feel free to reach out in case if you get stuck. Would be more then happy to assist in your configuration.

like image 182
mango Avatar answered Sep 17 '25 18:09

mango

Sign in to Comment

Related questions

AWS EMR - EMR_DefaultRole has insufficient EC2 permissions
AWS codebuild is not gaining access to repos even after allowing it
How do you host AWS S3 website with a GoDaddy domain?
aws-xray captureAWS annotations
Is it possible in aws to have the same IP for EC2 and for a Lambda?
Typescript not bundling modules
Ampliy withAuthenticator v/s with withOAuth
Route 53 for hosting different environments on multiple AWS accounts
Cloudwatch Agent with wildcard file path InvalidParameterException
Illegal query expression: No hash key condition is found in the query in AWS Query
Amazon SNS - is it possible to subscribe after publication and still get the message?
AWS Deploying environment and create environments for dev and prod
Not able to create folder on /home/ec2-user/MyDir/ on AWS
Retrieve object user metadata in S3 - aws sdk v3 php
What happens when boto3 client.put_object() is unsuccessful?
Sharing of resources on AWS
AWS code Pipeline error FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
How to manage EKS cluster with a user that is not the original creator?
Why AWS Lambda keeps timing out when using Knex.js
Why can my code run in a standard Node.js file, but not in a AWS Lambda Function?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!