New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(appsync): support custom domain mappings #19368
Changes from 2 commits
8c82b2a
1419f27
87a87c1
9bf500b
60ca733
42c379c
96ca54c
ed9cdb5
831fcf7
0856ecf
64c1dd7
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,10 @@ | ||
import { ICertificate } from '@aws-cdk/aws-certificatemanager'; | ||
import { IUserPool } from '@aws-cdk/aws-cognito'; | ||
import { ManagedPolicy, Role, IRole, ServicePrincipal, Grant, IGrantable } from '@aws-cdk/aws-iam'; | ||
import { IFunction } from '@aws-cdk/aws-lambda'; | ||
import { ArnFormat, CfnResource, Duration, Expiration, IResolvable, Stack } from '@aws-cdk/core'; | ||
import { Construct } from 'constructs'; | ||
import { CfnApiKey, CfnGraphQLApi, CfnGraphQLSchema } from './appsync.generated'; | ||
import { CfnApiKey, CfnGraphQLApi, CfnGraphQLSchema, CfnDomainName, CfnDomainNameApiAssociation } from './appsync.generated'; | ||
import { IGraphqlApi, GraphqlApiBase } from './graphqlapi-base'; | ||
import { Schema } from './schema'; | ||
import { IIntermediateType } from './schema-base'; | ||
|
@@ -254,6 +255,18 @@ export interface LogConfig { | |
readonly role?: IRole; | ||
} | ||
|
||
export interface DomainOptions { | ||
/** | ||
* The certificate to use with the domain name | ||
*/ | ||
readonly certificate: ICertificate; | ||
|
||
/** | ||
* The actual domain name e.g. api.example.com | ||
cgarvis marked this conversation as resolved.
Show resolved
Hide resolved
|
||
*/ | ||
readonly domainName: string; | ||
} | ||
|
||
/** | ||
* Properties for an AppSync GraphQL API | ||
*/ | ||
|
@@ -292,6 +305,16 @@ export interface GraphqlApiProps { | |
* @default - false | ||
*/ | ||
readonly xrayEnabled?: boolean; | ||
|
||
/** | ||
* The domain name configuration for the GraphQL API | ||
* | ||
* The hosted zone and CName must be configured in addition to this setting to | ||
* enable custom domain URL | ||
* | ||
* @default - none a unique name is generated | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you add a comma or parenthesis after "none" ?
This comment was marked as outdated.
Sorry, something went wrong. |
||
*/ | ||
readonly domainName?: DomainOptions; | ||
cgarvis marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
|
||
/** | ||
|
@@ -391,7 +414,7 @@ export class GraphqlApi extends GraphqlApiBase { | |
class Import extends GraphqlApiBase { | ||
public readonly apiId = attrs.graphqlApiId; | ||
public readonly arn = arn; | ||
constructor (s: Construct, i: string) { | ||
constructor(s: Construct, i: string) { | ||
super(s, i); | ||
} | ||
} | ||
|
@@ -450,7 +473,7 @@ export class GraphqlApi extends GraphqlApiBase { | |
const additionalModes = props.authorizationConfig?.additionalAuthorizationModes ?? []; | ||
const modes = [defaultMode, ...additionalModes]; | ||
|
||
this.modes = modes.map((mode) => mode.authorizationType ); | ||
this.modes = modes.map((mode) => mode.authorizationType); | ||
|
||
this.validateAuthorizationProps(modes); | ||
|
||
|
@@ -472,6 +495,18 @@ export class GraphqlApi extends GraphqlApiBase { | |
this.schema = props.schema ?? new Schema(); | ||
this.schemaResource = this.schema.bind(this); | ||
|
||
if (props.domainName) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In the docs for Are we leaving that requirement as a deploy-time check right now? If so, we probably need to think about how we can make it a synth-time check. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Again based on how the rest api works today this is a separate action. I felt like we should tell the user to do this, but if we nested this all in this construct I think it would be doing too much. I assume the rest api developers felt the same way, but of course I do not know. |
||
new CfnDomainName(this, 'DomainName', { | ||
domainName: props.domainName.domainName, | ||
certificateArn: props.domainName.certificate.certificateArn, | ||
description: `domain for ${this.name} at ${this.graphqlUrl}`, | ||
}); | ||
new CfnDomainNameApiAssociation(this, 'DomainAssociation', { | ||
domainName: props.domainName.domainName, | ||
apiId: this.apiId, | ||
}); | ||
} | ||
|
||
if (modes.some((mode) => mode.authorizationType === AuthorizationType.API_KEY)) { | ||
const config = modes.find((mode: AuthorizationMode) => { | ||
return mode.authorizationType === AuthorizationType.API_KEY && mode.apiKeyConfig; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this work? You're not initializing it to anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this work? no. Can it compile this way? yes. This is something we are using in our examples for necessary properties that are not essential to the overall example. We don't want to clutter our examples with a
new lambda.Function(this, 'myfn', {...});
each time we need one, so it is simpler to writedeclare const fn: lambda.Function
and leave it to the user to provide the exact function they need if they want to use the example.That being said, I feel like providing a real
certificate
is necessary to this example, since it is part of thedomainName
property we are demonstrating. So I do think in this situation we should provide a real certificate.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I did not invent this pattern I modeled most of the work from the rest api pattern here