Invoking AWS Services from AppSync HTTP Resolvers

AWS released data type AuthorizationConfig for HTTP resolvers recently .

The authorization config in case the HTTP endpoint requires authorization.

This means that you can call AWS services without invoking Lambda functions.

AWS AppSync has now been extended to support calling AWS services via HTTP data sources. In order for AWS to identify and authorize HTTP requests, they must be signed with the Signature Version 4 process. Otherwise, those requests are rejected. AWS AppSync can now calculate the signature on your behalf, based on the IAM role that’s provided as part of the HTTP data source configuration. From Josh Kahn

In this post, I show an example of sending SES emails from HTTP resolvers directly.

Getting started with Serverless framework

The example project is based on Serverless framework, You need to add two plugins: serverless-appsync-plugin and serverless-pseudo-parameters.

NOTE that serverless-appsync-plugin doesn’t support authorization config for HTTP resolvers yet. For temporary solution, you can get plugin from my forked Git repo.

$ npm install serverless-pseudo-parameters
$ npm install git+https://github.com/yai333/serverless-appsync-plugin.git

Edit the serverless.yml file and add the plugins to plugins section:

plugins:
  - serverless-appsync-plugin
  - serverless-pseudo-parameters

Define the AWS AppSync Schema

Let’s look at the schema. Schema files are text files, usually named schema.graphql, I only added mutation for sending email in this example:

type Mutation {
  sendNotification: String
}

Define the HTTP data source

Next Let’s define the AWS AppSync HTTP data source and sendNotification mutation, Add the following config to the custom section in serverless.yml .

<a href="https://medium.com/media/8949588862bb8df0b7d87f1a13d377b2/href">https://medium.com/media/8949588862bb8df0b7d87f1a13d377b2/href</a>

Define the IAM role for HTTP data source

In this example, HTTP resolver invokes Amazon Simple Email Service(SES) to send emails, you need to create an IAM role AppSyncSESserviceRole that allows HTTP resolver access to SES and send email, add following config to resource section in serverless.yml.

<a href="https://medium.com/media/9c6cbe4537edd49672c65b0d3a0c143f/href">https://medium.com/media/9c6cbe4537edd49672c65b0d3a0c143f/href</a>

Create Mapping Templates

Now we have our yml configured we need to add resolvers, The mapping template files should be located in a directory called mapping-templates relative to the serverless.yml file.

Let’s create the request template for send notification mutation in a file called mapping-templates/Mutation-sendNotification-reques.vtl.

{
  "version": "2018-05-29",
  "method": "GET",
  "resourcePath": "/",
  "params":{
    "query":
      {
       "Action":"SendEmail",
       "Source":"[email protected]",
       "Destination.ToAddresses.member.1":"[email protected]",
       "Destination.ToAddresses.member.2":"[email protected]",
       "Message.Subject.Data":"test subject",
       "Message.Body.Text.Data": "test content"
      }
  }
}

Then create response template mapping-templates/Mutation-sendNotification-request.vtl.

#if($ctx.error)
  $util.error($ctx.error.message, $ctx.error.type)
#end

#if($ctx.result.statusCode == 200)
    $util.toJson($ctx.result)
#else
    $utils.error("Delivery failed")
#end

Let’s deploy the service

$ sls deploy --stage dev

All set to go, Try it out!

You can use the AWS AppSync console to test sendNotification mutation we just deployed.

Then check whether email has been sent and received.

That’s all about it, I hope you have found this article useful, You can find complete project in my GitHub repo.