You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Amplify's backend currently makes anything outside of the expected patterns extremely difficult. This is because of a combination of two things:
Automated resource creation
Inability to access the low-level CDK constructs from said resource creation in a typesafe or object-oriented way with the ARNs attached
Example/steps to reproduce:
I have a custom resolver in my schema, it needs a role with access to write to DynamoDB.
I can see the problem from the console and its an easy fix:
Failed to process request: User: arn:aws:sts::592261843145:assumed-role/amplify-paritaeapp-chris--getMessagesByConversation-iAvA6ZVYEWJM/amplify-paritaeapp-chris--getMessagesByConversatio-esQehfeuATUS is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:eu-west-2:592261843145:table/ChatTable because no identity-based policy allows the dynamodb:Query action
but defineFunction does not allow me to modify any of the constructs. Next logical step would be to add a dynamodbdatasource to the handler but that is also not an option because a.handler.function only has the property brandSymbol and no additional parameters besides the function. Next bet is to try a.query()...authorization(allow => ['dynamodb:Query']) or something similar but that allow only includes IAM options. Event the defineData factory returns nothing of use.
After exhausting options in data/resource.ts I looked for possibilities in backend.ts but unfortunately this turned out to be impossible without running into a circular dependency. It also doesn't help that while the cloudformation outputs are present somewhere in backend its not easy to navigate as the typing system here is very loose and the random hash applied to resources by amplify make it impossible to guess/hardcode the arn.
// backend.ts
import { defineBackend } from '@aws-amplify/backend';
import { auth } from './auth/resource';
import { data } from './data/resource';
import { AttributeType, BillingMode, Table } from 'aws-cdk-lib/aws-dynamodb';
import { Stack } from 'aws-cdk-lib';
const backend = defineBackend({
auth,
data,
});
// Define the DynamoDB table
const chatTable = new Table(Stack.of(backend.data), "ChatTable", {
tableName: "ChatTable",
partitionKey: {
name: "pk",
type: AttributeType.STRING,
},
sortKey: {
name: "sk",
type: AttributeType.STRING,
},
billingMode: BillingMode.PAY_PER_REQUEST,
});
// Add the DynamoDB data source to the backend
backend.data.addDynamoDbDataSource("ChatTableDataSource", chatTable);
export default backend;
Hey @sisygoboom, thank you for reaching out.
From the error message and behavior observed on the backend.ts, the issue appears to similar to #1375 #1552
You should be able to access the table name on the backend.ts for example backend.data.resources.tables["Todo"].tableArn which should return a token and resolved by CloudFormation.
Do let us know if i may have misunderstood anything.
But i do agree, a prop to add datasources on the function would be great. Marking this as feature request.
Environment information
Description
Amplify's backend currently makes anything outside of the expected patterns extremely difficult. This is because of a combination of two things:
Example/steps to reproduce:
I have a custom resolver in my schema, it needs a role with access to write to DynamoDB.
I can see the problem from the console and its an easy fix:
but
defineFunction
does not allow me to modify any of the constructs. Next logical step would be to add a dynamodbdatasource to the handler but that is also not an option becausea.handler.function
only has the propertybrandSymbol
and no additional parameters besides the function. Next bet is to trya.query()...authorization(allow => ['dynamodb:Query'])
or something similar but that allow only includes IAM options. Event thedefineData
factory returns nothing of use.After exhausting options in
data/resource.ts
I looked for possibilities inbackend.ts
but unfortunately this turned out to be impossible without running into a circular dependency. It also doesn't help that while the cloudformation outputs are present somewhere in backend its not easy to navigate as the typing system here is very loose and the random hash applied to resources by amplify make it impossible to guess/hardcode the arn.// backend.ts
// data/resource.ts
The text was updated successfully, but these errors were encountered: