问题
I've been playing around with AWS Amplify. Being relatively new to AWS I'm a huge fan of how Amplify provisions the necessary resources and IAM roles on AWS for me. My question is in regards to using Lambda with GraphQL. Following the documentation I'm able to create a custom GraphQL query that calls a Lambda function and returns a GraphQL response. However, I can't find anywhere in the documentation on how to interact with other AWS resources from within this Lambda function. For example, I'm looking to interact with DynamoDB or even RDS services. The documentation mentions being able to pull data from other resources (a MySQL database, for example) so I'm assuming it's possible.
When I've attempted to interact with DynamoDB (for example) I've received "access denied" errors and I'm assuming this is because the Lambda function doesn't have the necessary policy / permissions to do so. One idea I had was to manually login to the IAM console and attach these policies myself but given that Amplify generates all these for you and essentially manages your "cloud infrastructure / state" I'm not sure if this is the correct way to do this. I do notice the Cloud Formation template that Amplify generates when you add the Lambda resource for GraphQL so my next guess was to add the DynamoDB policy there and then run amplify push to have Amplify generate and manage the policies for me. If this is the correct way to do so, I guess I'll have to learn how to write Cloud Formation templates. Lastly, I'm wondering if my brain is getting in the way and if I'm able to just pass Cognito identity info via the AWS JavaScript SDK within Lambda and then things will just "work" - but I'm not entirely sure. My apologies in advance if I'm not using the correct terminology - as I said, I'm relatively new to AWS. Any help or direction is greatly appreciated.
回答1:
With the latest aws-amplify release on May 30, 2019, you can
... easily grant create/read/update/delete permissions for interacting with AWS resources (such as DynamoDB) from a Lambda function.
Sample code:
/* Amplify Params - DO NOT EDIT
You can access the following resource attributes as environment variables from your Lambda function
var environment = process.env.ENV
var region = process.env.REGION
var storageTeststorageName = process.env.STORAGE_TESTSTORAGE_NAME
var storageTeststorageArn = process.env.STORAGE_TESTSTORAGE_ARN
Amplify Params - DO NOT EDIT */
var AWS = require('aws-sdk');
var region = process.env.REGION
var storageTeststorageName = process.env.STORAGE_TESTSTORAGE_NAME
AWS.config.update({region: region});
var ddb = new AWS.DynamoDB({apiVersion: '2012-08-10'});
var ddb_table_name = storageTeststorageName
var ddb_primary_key = 'id';
function write(params, context){
ddb.putItem(params, function(err, data) {
if (err) {
console.log("Error", err);
} else {
console.log("Success", data);
}
});
}
exports.handler = function (event, context) { //eslint-disable-line
var params = {
TableName: ddb_table_name,
Item: AWS.DynamoDB.Converter.input(event.arguments)
};
console.log('len: ' + Object.keys(event).length)
if (Object.keys(event).length > 0) {
write(params, context);
}
};
Please read the blog post for details.
来源:https://stackoverflow.com/questions/56349200/how-to-access-additional-aws-resources-from-within-an-amplify-generated-lambda-f