This document discusses API modernization with GraphQL and AWS AppSync. It provides an overview of prerequisites and the agenda, which includes modernization use cases, customizations like authorization and caching, and operating GraphQL APIs at scale. It also provides examples of how AWS AppSync can be used to build universal, real-time APIs that connect to various data sources and support features like offline usage.
4. Agenda. Use Cases, Customizations, Operation
Complex business logic VS Complex resolvers
Authorization
Offline and Caching
Conflict resolution, delta sync, API Cache vs Resolver Cache
Plug in any data source… for offline and real-time !
Multiple auth method, users vs systems, auth for real-time use cases
7. Today, customers are building:
Universal APIs
Enterprise data
Apps connect to many
data sources
Real-time apps
Chat functionality
Fan engagement
Location-aware notifications
Mobile-first apps
Consumer
IoT/connected
Field service
Offline support
10. AWS AppSync
Conflict detection and
resolution in
the cloud
GraphQL facade for any
AWS service
Enterprise security features:
IAM, Amazon Cognito, OIDC,
API keys
Managed serverless
GraphQL service
Add data sync, real-time, and
offline capabilities for any
data source or API
Connect to data sources
in
your account
11. AWS AppSync
Amazon DynamoDB
Amazon Aurora
Amazon Elasticsearch
Service (Amazon ES)
AWS Lambda
HTTP
query sync {
syncPosts {
items {
id
}
}
}
Query language
for APIs
Runtime for fulfilling
those queries
GraphQL, the GraphQL logo and any related marks are trademarks of Facebook, Inc.
Local
(publish/subscribe)
Your
existing data
12. AWS AppSync
Amazon DynamoDB
Amazon Aurora
Amazon Elasticsearch
Service (Amazon ES)
AWS Lambda
HTTP
query sync {
syncPosts {
items {
id
}
}
}
Query language
for APIs
Runtime for fulfilling
those queries
GraphQL, the GraphQL logo and any related marks are trademarks of Facebook, Inc.
Local
(publish/subscribe)
Your
existing data
32. AWS AppSync – authorization modes
Sign in with OIDC idP
Use JSON web tokens (JWTs)
When to use
Existing user directory
Authenticating users in app
Not interacting with other
AWS services
OpenID Connect
Granular access control based on claims
#set( $userGroups =
ctx.identity.claims.get("oidc:groups”))
#set( $allowedGroups = ["Bloggers", "Readers"] )
#foreach( $userGroup in $userGroups )
#if( $allowedGroups.contains($userGroup) )
#set( $isStaticGroupAuthorized = true )
#break
#end
#end
#if( !($isStaticGroupAuthorized == true ) )
$util.unauthorized()
#end
33. AppSync – authorization modes
Backend systems
AWS credentials
IoT systems
When to use
Amazon EC2 instances
AWS Lambda functions
AWS Identity and Access Management (IAM)
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["appsync:GraphQL"],
"Resource": [
"arn:*:apis/GraphQLApiId/types/Query/fields/<field>",
"arn:*:apis/GraphQLApiId/types/Mutation/fields/<field>",
"arn:*:apis/GraphQLApiId/types/Post/fields/<field>"
]
}]
}
35. Multi-auth for real-time: Chat application
Get signature for signed URL
based on identity
getSignedPolicy Secrets Manager
Conversations
User conversations
Messages DynamoDBB
Stream
readCountUpdater
uploadHandler
putObject event
Update message with
attachment/thumbnail
Update user conversation’s
read count
Media Bucket
Distribution
Download Upload
chatAPI
postConfirmTrigger
UserPool
Users
45. Amplify DataStore: developer experience
Model app data
and relationships
(locally or in admin UI)
Set up
authentication and
authorization
Work with app data using an “offline-first” programming
model—receive updates to shared data in real-time
47. Define: DataStore-compliant API
Supports a Sync operation for
all models
Supports a subscription operation
for all models
May Support create/update/delete
operations for some models
Selection sets specify mandatory
fields for each model
id
_lastChangedAt
_version
_deleted
When it exists, selection sets specify
mandatory fields of a parent model
Id
_deleted (as a minimum)