AWS Amplify AppSync IAM 401

Question

I'm getting GraphQLError: Request failed with status code 401

I followed the automatic configuration instructions from:

https://aws.github.io/aws-amplify/media/api_guide#automated-configuration-with-cli

I tried looking, but there are a lack of resources for IAM. It looks like everything should be setup automatically, and done with the Amplify CLI after I put in the IAM access key and secret.

Is further setup required? Here is my code:

import Amplify, { API, graphqlOperation, Hub } from "aws-amplify";
import aws_config from "../../aws-exports";

Amplify.configure(aws_config);

const ListKeywords = `query ListKeywords {
  listKeyword {
    keyword {
      id
      name
    }
  }
}`;

const loop = async () => {
  const allKeywords = await API.graphql(graphqlOperation(ListKeywords));
}

Could it also be because my GraphQL resolvers are not setup yet for ListKeywords?

Richard Richard · Accepted Answer · 2018-05-17T18:33:21

If you're using IAM as the Authorization type on your AppSync API then the issue is the Cognito Role being used with the Auth category when invoking Amplify.configure() isn't granted permissions for GraphQL operations. It needs something like this attached:

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
            "appsync:GraphQL"
         ],
         "Resource": [
            "arn:aws:appsync:us-west-2:123456789012:apis/YourGraphQLApiId/*"
         ]
      }
   ]
}

More details here: https://docs.aws.amazon.com/appsync/latest/devguide/security.html

AWS Amplify AppSync IAM 401

3 Answers