Maintained with ☕️ by
IcePanel logo

AWS AppSync forwards application request headers to AWS Lambda custom authorizer functions

Share

Services

AWS AppSync is a fully managed service that enables developers to build digital experiences based on multiple data sources. With AppSync, you create GraphQL APIs that your applications interact with over the internet (public APIs) or inside your VPC (private APIs). A method of authorization is always required to access your AppSync API. Developers can chose from several authorization modes to authorize their requests based on their business requirements, including calling an AWS Lambda function to implement custom authorization. Today, AppSync is enabling application request headers to be passed to the AWS Lambda custom authorizer function when authorizing GraphQL requests. Custom authorizers can now make authorization decisions based on the value of the authorization header, and the value of other headers that were sent with the request from the application client. When using custom authorizers, developers can continue to use the AppSync functionality that allows them to cache the response from their Lambda function based on the value of the authorization header. AppSync will use the last cached response until the configured Time To Live (TTL) expires. This reduces the amount of calls that are made to your Lambda function for authorization. This feature is now available in all [AWS Regions](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/) where AppSync is available. For more details, refer to the AppSync [documentation](https://docs.aws.amazon.com/appsync/latest/devguide/security-authz.html).