GraphQLApi
Provides an AppSync GraphQL API.
Example Usage
API Key Authentication
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.AppSync.GraphQLApi("example", new Aws.AppSync.GraphQLApiArgs
{
AuthenticationType = "API_KEY",
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/appsync"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
AuthenticationType: pulumi.String("API_KEY"),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.appsync.GraphQLApi("example", authentication_type="API_KEY")import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.appsync.GraphQLApi("example", {
authenticationType: "API_KEY",
});AWS Cognito User Pool Authentication
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.AppSync.GraphQLApi("example", new Aws.AppSync.GraphQLApiArgs
{
AuthenticationType = "AMAZON_COGNITO_USER_POOLS",
UserPoolConfig = new Aws.AppSync.Inputs.GraphQLApiUserPoolConfigArgs
{
AwsRegion = data.Aws_region.Current.Name,
DefaultAction = "DENY",
UserPoolId = aws_cognito_user_pool.Example.Id,
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/appsync"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
AuthenticationType: pulumi.String("AMAZON_COGNITO_USER_POOLS"),
UserPoolConfig: &appsync.GraphQLApiUserPoolConfigArgs{
AwsRegion: pulumi.String(data.Aws_region.Current.Name),
DefaultAction: pulumi.String("DENY"),
UserPoolId: pulumi.String(aws_cognito_user_pool.Example.Id),
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.appsync.GraphQLApi("example",
authentication_type="AMAZON_COGNITO_USER_POOLS",
user_pool_config={
"awsRegion": data["aws_region"]["current"]["name"],
"default_action": "DENY",
"user_pool_id": aws_cognito_user_pool["example"]["id"],
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.appsync.GraphQLApi("example", {
authenticationType: "AMAZON_COGNITO_USER_POOLS",
userPoolConfig: {
awsRegion: aws_region_current.name,
defaultAction: "DENY",
userPoolId: aws_cognito_user_pool_example.id,
},
});AWS IAM Authentication
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.AppSync.GraphQLApi("example", new Aws.AppSync.GraphQLApiArgs
{
AuthenticationType = "AWS_IAM",
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/appsync"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
AuthenticationType: pulumi.String("AWS_IAM"),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.appsync.GraphQLApi("example", authentication_type="AWS_IAM")import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.appsync.GraphQLApi("example", {
authenticationType: "AWS_IAM",
});With Schema
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.AppSync.GraphQLApi("example", new Aws.AppSync.GraphQLApiArgs
{
AuthenticationType = "AWS_IAM",
Schema = @"schema {
query: Query
}
type Query {
test: Int
}
",
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/appsync"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
AuthenticationType: pulumi.String("AWS_IAM"),
Schema: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v", "schema {\n", " query: Query\n", "}\n", "type Query {\n", " test: Int\n", "}\n", "\n")),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.appsync.GraphQLApi("example",
authentication_type="AWS_IAM",
schema="""schema {
query: Query
}
type Query {
test: Int
}
""")import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.appsync.GraphQLApi("example", {
authenticationType: "AWS_IAM",
schema: `schema {
query: Query
}
type Query {
test: Int
}
`,
});OpenID Connect Authentication
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.AppSync.GraphQLApi("example", new Aws.AppSync.GraphQLApiArgs
{
AuthenticationType = "OPENID_CONNECT",
OpenidConnectConfig = new Aws.AppSync.Inputs.GraphQLApiOpenidConnectConfigArgs
{
Issuer = "https://example.com",
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/appsync"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
AuthenticationType: pulumi.String("OPENID_CONNECT"),
OpenidConnectConfig: &appsync.GraphQLApiOpenidConnectConfigArgs{
Issuer: pulumi.String("https://example.com"),
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.appsync.GraphQLApi("example",
authentication_type="OPENID_CONNECT",
openid_connect_config={
"issuer": "https://example.com",
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.appsync.GraphQLApi("example", {
authenticationType: "OPENID_CONNECT",
openidConnectConfig: {
issuer: "https://example.com",
},
});With Multiple Authentication Providers
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.AppSync.GraphQLApi("example", new Aws.AppSync.GraphQLApiArgs
{
AdditionalAuthenticationProviders =
{
new Aws.AppSync.Inputs.GraphQLApiAdditionalAuthenticationProviderArgs
{
AuthenticationType = "AWS_IAM",
},
},
AuthenticationType = "API_KEY",
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/appsync"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := appsync.NewGraphQLApi(ctx, "example", &appsync.GraphQLApiArgs{
AdditionalAuthenticationProviders: appsync.GraphQLApiAdditionalAuthenticationProviderArray{
&appsync.GraphQLApiAdditionalAuthenticationProviderArgs{
AuthenticationType: pulumi.String("AWS_IAM"),
},
},
AuthenticationType: pulumi.String("API_KEY"),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.appsync.GraphQLApi("example",
additional_authentication_providers=[{
"authentication_type": "AWS_IAM",
}],
authentication_type="API_KEY")import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.appsync.GraphQLApi("example", {
additionalAuthenticationProviders: [{
authenticationType: "AWS_IAM",
}],
authenticationType: "API_KEY",
});Enabling Logging
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""appsync.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("exampleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
Role = exampleRole.Name,
});
var exampleGraphQLApi = new Aws.AppSync.GraphQLApi("exampleGraphQLApi", new Aws.AppSync.GraphQLApiArgs
{
LogConfig = new Aws.AppSync.Inputs.GraphQLApiLogConfigArgs
{
CloudwatchLogsRoleArn = exampleRole.Arn,
FieldLogLevel = "ERROR",
},
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/appsync"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleRole, err := iam.NewRole(ctx, "exampleRole", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"Service\": \"appsync.amazonaws.com\"\n", " },\n", " \"Action\": \"sts:AssumeRole\"\n", " }\n", " ]\n", "}\n", "\n")),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "exampleRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"),
Role: exampleRole.Name,
})
if err != nil {
return err
}
_, err = appsync.NewGraphQLApi(ctx, "exampleGraphQLApi", &appsync.GraphQLApiArgs{
LogConfig: &appsync.GraphQLApiLogConfigArgs{
CloudwatchLogsRoleArn: exampleRole.Arn,
FieldLogLevel: pulumi.String("ERROR"),
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example_role = aws.iam.Role("exampleRole", assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
""")
example_role_policy_attachment = aws.iam.RolePolicyAttachment("exampleRolePolicyAttachment",
policy_arn="arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
role=example_role.name)
example_graph_ql_api = aws.appsync.GraphQLApi("exampleGraphQLApi", log_config={
"cloudwatchLogsRoleArn": example_role.arn,
"fieldLogLevel": "ERROR",
})import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleRole = new aws.iam.Role("example", {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
`,
});
const exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("example", {
policyArn: "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
role: exampleRole.name,
});
const exampleGraphQLApi = new aws.appsync.GraphQLApi("example", {
logConfig: {
cloudwatchLogsRoleArn: exampleRole.arn,
fieldLogLevel: "ERROR",
},
});Create a GraphQLApi Resource
new GraphQLApi(name: string, args: GraphQLApiArgs, opts?: CustomResourceOptions);def GraphQLApi(resource_name, opts=None, additional_authentication_providers=None, authentication_type=None, log_config=None, name=None, openid_connect_config=None, schema=None, tags=None, user_pool_config=None, xray_enabled=None, __props__=None);func NewGraphQLApi(ctx *Context, name string, args GraphQLApiArgs, opts ...ResourceOption) (*GraphQLApi, error)public GraphQLApi(string name, GraphQLApiArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args GraphQLApiArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GraphQLApiArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GraphQLApiArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
GraphQLApi Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The GraphQLApi resource accepts the following input properties:
- Authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- Additional
Authentication List<GraphProviders QLApi Additional Authentication Provider Args> One or more additional authentication providers for the GraphqlApi. Defined below.
- Log
Config GraphQLApi Log Config Args Nested argument containing logging configuration. Defined below.
- Name string
A user-supplied name for the GraphqlApi.
- Openid
Connect GraphConfig QLApi Openid Connect Config Args Nested argument containing OpenID Connect configuration. Defined below.
- Schema string
The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
- Dictionary<string, string>
A map of tags to assign to the resource.
- User
Pool GraphConfig QLApi User Pool Config Args The Amazon Cognito User Pool configuration. Defined below.
- Xray
Enabled bool Whether tracing with X-ray is enabled. Defaults to false.
- Authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- Additional
Authentication []GraphProviders QLApi Additional Authentication Provider One or more additional authentication providers for the GraphqlApi. Defined below.
- Log
Config GraphQLApi Log Config Nested argument containing logging configuration. Defined below.
- Name string
A user-supplied name for the GraphqlApi.
- Openid
Connect GraphConfig QLApi Openid Connect Config Nested argument containing OpenID Connect configuration. Defined below.
- Schema string
The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
- map[string]string
A map of tags to assign to the resource.
- User
Pool GraphConfig QLApi User Pool Config The Amazon Cognito User Pool configuration. Defined below.
- Xray
Enabled bool Whether tracing with X-ray is enabled. Defaults to false.
- authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- additional
Authentication GraphProviders QLApi Additional Authentication Provider[] One or more additional authentication providers for the GraphqlApi. Defined below.
- log
Config GraphQLApi Log Config Nested argument containing logging configuration. Defined below.
- name string
A user-supplied name for the GraphqlApi.
- openid
Connect GraphConfig QLApi Openid Connect Config Nested argument containing OpenID Connect configuration. Defined below.
- schema string
The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
- {[key: string]: string}
A map of tags to assign to the resource.
- user
Pool GraphConfig QLApi User Pool Config The Amazon Cognito User Pool configuration. Defined below.
- xray
Enabled boolean Whether tracing with X-ray is enabled. Defaults to false.
- authentication_
type str The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- additional_
authentication_ List[Graphproviders QLApi Additional Authentication Provider] One or more additional authentication providers for the GraphqlApi. Defined below.
- log_
config Dict[GraphQLApi Log Config] Nested argument containing logging configuration. Defined below.
- name str
A user-supplied name for the GraphqlApi.
- openid_
connect_ Dict[Graphconfig QLApi Openid Connect Config] Nested argument containing OpenID Connect configuration. Defined below.
- schema str
The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
- Dict[str, str]
A map of tags to assign to the resource.
- user_
pool_ Dict[Graphconfig QLApi User Pool Config] The Amazon Cognito User Pool configuration. Defined below.
- xray_
enabled bool Whether tracing with X-ray is enabled. Defaults to false.
Outputs
All input properties are implicitly available as output properties. Additionally, the GraphQLApi resource produces the following output properties:
Look up an Existing GraphQLApi Resource
Get an existing GraphQLApi resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GraphQLApiState, opts?: CustomResourceOptions): GraphQLApistatic get(resource_name, id, opts=None, additional_authentication_providers=None, arn=None, authentication_type=None, log_config=None, name=None, openid_connect_config=None, schema=None, tags=None, uris=None, user_pool_config=None, xray_enabled=None, __props__=None);func GetGraphQLApi(ctx *Context, name string, id IDInput, state *GraphQLApiState, opts ...ResourceOption) (*GraphQLApi, error)public static GraphQLApi Get(string name, Input<string> id, GraphQLApiState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Additional
Authentication List<GraphProviders QLApi Additional Authentication Provider Args> One or more additional authentication providers for the GraphqlApi. Defined below.
- Arn string
The ARN
- Authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- Log
Config GraphQLApi Log Config Args Nested argument containing logging configuration. Defined below.
- Name string
A user-supplied name for the GraphqlApi.
- Openid
Connect GraphConfig QLApi Openid Connect Config Args Nested argument containing OpenID Connect configuration. Defined below.
- Schema string
The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
- Dictionary<string, string>
A map of tags to assign to the resource.
- Uris Dictionary<string, string>
Map of URIs associated with the API. e.g.
uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql- User
Pool GraphConfig QLApi User Pool Config Args The Amazon Cognito User Pool configuration. Defined below.
- Xray
Enabled bool Whether tracing with X-ray is enabled. Defaults to false.
- Additional
Authentication []GraphProviders QLApi Additional Authentication Provider One or more additional authentication providers for the GraphqlApi. Defined below.
- Arn string
The ARN
- Authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- Log
Config GraphQLApi Log Config Nested argument containing logging configuration. Defined below.
- Name string
A user-supplied name for the GraphqlApi.
- Openid
Connect GraphConfig QLApi Openid Connect Config Nested argument containing OpenID Connect configuration. Defined below.
- Schema string
The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
- map[string]string
A map of tags to assign to the resource.
- Uris map[string]string
Map of URIs associated with the API. e.g.
uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql- User
Pool GraphConfig QLApi User Pool Config The Amazon Cognito User Pool configuration. Defined below.
- Xray
Enabled bool Whether tracing with X-ray is enabled. Defaults to false.
- additional
Authentication GraphProviders QLApi Additional Authentication Provider[] One or more additional authentication providers for the GraphqlApi. Defined below.
- arn string
The ARN
- authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- log
Config GraphQLApi Log Config Nested argument containing logging configuration. Defined below.
- name string
A user-supplied name for the GraphqlApi.
- openid
Connect GraphConfig QLApi Openid Connect Config Nested argument containing OpenID Connect configuration. Defined below.
- schema string
The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
- {[key: string]: string}
A map of tags to assign to the resource.
- uris {[key: string]: string}
Map of URIs associated with the API. e.g.
uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql- user
Pool GraphConfig QLApi User Pool Config The Amazon Cognito User Pool configuration. Defined below.
- xray
Enabled boolean Whether tracing with X-ray is enabled. Defaults to false.
- additional_
authentication_ List[Graphproviders QLApi Additional Authentication Provider] One or more additional authentication providers for the GraphqlApi. Defined below.
- arn str
The ARN
- authentication_
type str The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- log_
config Dict[GraphQLApi Log Config] Nested argument containing logging configuration. Defined below.
- name str
A user-supplied name for the GraphqlApi.
- openid_
connect_ Dict[Graphconfig QLApi Openid Connect Config] Nested argument containing OpenID Connect configuration. Defined below.
- schema str
The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
- Dict[str, str]
A map of tags to assign to the resource.
- uris Dict[str, str]
Map of URIs associated with the API. e.g.
uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql- user_
pool_ Dict[Graphconfig QLApi User Pool Config] The Amazon Cognito User Pool configuration. Defined below.
- xray_
enabled bool Whether tracing with X-ray is enabled. Defaults to false.
Supporting Types
GraphQLApiAdditionalAuthenticationProvider
- Authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- Openid
Connect GraphConfig QLApi Additional Authentication Provider Openid Connect Config Args Nested argument containing OpenID Connect configuration. Defined below.
- User
Pool GraphConfig QLApi Additional Authentication Provider User Pool Config Args The Amazon Cognito User Pool configuration. Defined below.
- Authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- Openid
Connect GraphConfig QLApi Additional Authentication Provider Openid Connect Config Nested argument containing OpenID Connect configuration. Defined below.
- User
Pool GraphConfig QLApi Additional Authentication Provider User Pool Config The Amazon Cognito User Pool configuration. Defined below.
- authentication
Type string The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- openid
Connect GraphConfig QLApi Additional Authentication Provider Openid Connect Config Nested argument containing OpenID Connect configuration. Defined below.
- user
Pool GraphConfig QLApi Additional Authentication Provider User Pool Config The Amazon Cognito User Pool configuration. Defined below.
- authentication_
type str The authentication type. Valid values:
API_KEY,AWS_IAM,AMAZON_COGNITO_USER_POOLS,OPENID_CONNECT- openid_
connect_ Dict[Graphconfig QLApi Additional Authentication Provider Openid Connect Config] Nested argument containing OpenID Connect configuration. Defined below.
- user_
pool_ Dict[Graphconfig QLApi Additional Authentication Provider User Pool Config] The Amazon Cognito User Pool configuration. Defined below.
GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig
- Issuer string
Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
- Auth
Ttl int Number of milliseconds a token is valid after being authenticated.
- Client
Id string Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
- Iat
Ttl int Number of milliseconds a token is valid after being issued to a user.
- Issuer string
Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
- Auth
Ttl int Number of milliseconds a token is valid after being authenticated.
- Client
Id string Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
- Iat
Ttl int Number of milliseconds a token is valid after being issued to a user.
- issuer string
Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
- auth
Ttl number Number of milliseconds a token is valid after being authenticated.
- client
Id string Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
- iat
Ttl number Number of milliseconds a token is valid after being issued to a user.
- issuer str
Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
- auth
Ttl float Number of milliseconds a token is valid after being authenticated.
- client_
id str Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
- iat
Ttl float Number of milliseconds a token is valid after being issued to a user.
GraphQLApiAdditionalAuthenticationProviderUserPoolConfig
- User
Pool stringId The user pool ID.
- App
Id stringClient Regex A regular expression for validating the incoming Amazon Cognito User Pool app client ID.
- Aws
Region string The AWS region in which the user pool was created.
- User
Pool stringId The user pool ID.
- App
Id stringClient Regex A regular expression for validating the incoming Amazon Cognito User Pool app client ID.
- Aws
Region string The AWS region in which the user pool was created.
- user
Pool stringId The user pool ID.
- app
Id stringClient Regex A regular expression for validating the incoming Amazon Cognito User Pool app client ID.
- aws
Region string The AWS region in which the user pool was created.
- user_
pool_ strid The user pool ID.
- app
Id strClient Regex A regular expression for validating the incoming Amazon Cognito User Pool app client ID.
- aws
Region str The AWS region in which the user pool was created.
GraphQLApiLogConfig
- Cloudwatch
Logs stringRole Arn Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
- Field
Log stringLevel Field logging level. Valid values:
ALL,ERROR,NONE.- Exclude
Verbose boolContent Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values:
true,false. Default value:false
- Cloudwatch
Logs stringRole Arn Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
- Field
Log stringLevel Field logging level. Valid values:
ALL,ERROR,NONE.- Exclude
Verbose boolContent Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values:
true,false. Default value:false
- cloudwatch
Logs stringRole Arn Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
- field
Log stringLevel Field logging level. Valid values:
ALL,ERROR,NONE.- exclude
Verbose booleanContent Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values:
true,false. Default value:false
- cloudwatch
Logs strRole Arn Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.
- field
Log strLevel Field logging level. Valid values:
ALL,ERROR,NONE.- exclude
Verbose boolContent Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values:
true,false. Default value:false
GraphQLApiOpenidConnectConfig
- Issuer string
Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
- Auth
Ttl int Number of milliseconds a token is valid after being authenticated.
- Client
Id string Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
- Iat
Ttl int Number of milliseconds a token is valid after being issued to a user.
- Issuer string
Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
- Auth
Ttl int Number of milliseconds a token is valid after being authenticated.
- Client
Id string Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
- Iat
Ttl int Number of milliseconds a token is valid after being issued to a user.
- issuer string
Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
- auth
Ttl number Number of milliseconds a token is valid after being authenticated.
- client
Id string Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
- iat
Ttl number Number of milliseconds a token is valid after being issued to a user.
- issuer str
Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.
- auth
Ttl float Number of milliseconds a token is valid after being authenticated.
- client_
id str Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.
- iat
Ttl float Number of milliseconds a token is valid after being issued to a user.
GraphQLApiUserPoolConfig
- Default
Action string The action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn’t match the Amazon Cognito User Pool configuration. Valid:
ALLOWandDENY- User
Pool stringId The user pool ID.
- App
Id stringClient Regex A regular expression for validating the incoming Amazon Cognito User Pool app client ID.
- Aws
Region string The AWS region in which the user pool was created.
- Default
Action string The action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn’t match the Amazon Cognito User Pool configuration. Valid:
ALLOWandDENY- User
Pool stringId The user pool ID.
- App
Id stringClient Regex A regular expression for validating the incoming Amazon Cognito User Pool app client ID.
- Aws
Region string The AWS region in which the user pool was created.
- default
Action string The action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn’t match the Amazon Cognito User Pool configuration. Valid:
ALLOWandDENY- user
Pool stringId The user pool ID.
- app
Id stringClient Regex A regular expression for validating the incoming Amazon Cognito User Pool app client ID.
- aws
Region string The AWS region in which the user pool was created.
- default_
action str The action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn’t match the Amazon Cognito User Pool configuration. Valid:
ALLOWandDENY- user_
pool_ strid The user pool ID.
- app
Id strClient Regex A regular expression for validating the incoming Amazon Cognito User Pool app client ID.
- aws
Region str The AWS region in which the user pool was created.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.