Create GraphQLClient using user_pool rather than api_key in appsync-lambda-bedrock-async-stream-subscription-cdk

[alindsharmasimply]

Kindly suggest how can the following pattern be used if the application uses COGNITO_USER_POOLS for auth.

In the current codebase the lambda uses APPSYNC_API_KEY in the GraphQLClient headers as follows:
const graphQLClient = new GraphQLClient(process.env.APPSYNC_ENDPOINT!, { headers: { 'x-api-key': process.env.APPSYNC_API_KEY! }, });

I understand using the User_Pool for appsync auth. Beyond that, what can be done?

[julianwood]

Hi @kaustavbecs. Do you have any suggestions?

[proton0210]

Hey @alindsharmasimply, you can configure authorizationConfig in Appsync construct

`import * as appsync from 'aws-cdk-lib/aws-appsync';

const api = new appsync.GraphqlApi(this, 'api', {
name: 'api',
definition: appsync.Definition.fromFile('schema.graphql'),
authorizationConfig: {
defaultAuthorization: { authorizationType: appsync.AuthorizationType.USER_POOL }
},
});`

here for more details : https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_appsync.AuthorizationConfig.html

[julianwood]

Closed as answered