Last active
May 5, 2023 18:21
-
-
Save sators/1d10e81bc1667994dea382fcb35c4000 to your computer and use it in GitHub Desktop.
Set all App Sync API Key Expiration Dates to 365 Days from <Today> to support Public / Guest APIs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var AWS = require('aws-sdk'); | |
| async function asyncForEach(array, callback) | |
| { | |
| for (let index = 0; index < array.length; index++) { | |
| await callback(array[index], index, array); | |
| } | |
| } | |
| exports.handler = async (event) => | |
| { | |
| const response = { | |
| statusCode: 500, | |
| body: JSON.stringify("Error"), | |
| }; | |
| var keyCount = 0; | |
| var appsync = new AWS.AppSync({ apiVersion: '2017-07-25' }); | |
| var d = new Date(); | |
| d.setDate(d.getDate() + 365); | |
| d.setHours(0, 0, 0); | |
| d.setMilliseconds(0); | |
| const expires = d / 1000 | 0; | |
| const graphQlResponse = await appsync.listGraphqlApis().promise(); | |
| if (!graphQlResponse.graphqlApis || graphQlResponse.graphqlApis.length === 0) { | |
| response.statusCode = 200; | |
| response.body = JSON.stringify("No APIs found."); | |
| return response; | |
| } | |
| await asyncForEach(graphQlResponse.graphqlApis, async api => | |
| { | |
| const apiId = api.apiId; | |
| const keysResponse = await appsync.listApiKeys({ apiId }).promise(); | |
| if (!keysResponse.apiKeys || keysResponse.apiKeys.length === 0) { | |
| return; | |
| } | |
| await asyncForEach(keysResponse.apiKeys, async key => { | |
| var params = { | |
| apiId, | |
| id: key.id, | |
| expires, | |
| }; | |
| const result = await appsync.updateApiKey(params).promise(); | |
| if (result.apiKey){ | |
| keyCount++; | |
| } | |
| }); | |
| }); | |
| response.statusCode = 200; | |
| response.body = JSON.stringify(`${keyCount} key${keyCount !== 1 ? "s" : ""} updated.`); | |
| return response; | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "appsync:ListGraphqlApis", | |
| "appsync:ListApiKeys", | |
| "appsync:UpdateApiKey" | |
| ], | |
| "Resource": "*" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This lambda function will traverse through all of your AppSync GraphQL APIs, and extend each of their API keys to 1 year from today. This is helpful in trying to create public/guest AppSync API queries and get around AWS's enforcement of API key expiration when defining an AppSync GraphQL instance to be supported by both guest and registered users.
The IAM role for this lambda execution will require the above IAM policy to also be added to it.
To use, create this Lambda with the IAM Policy attached to it's role, and set a Cloudwatch Event to trigger this lambda on a desired schedule...say every 11 months. This will ensure your API keys never expire.
See https://stackoverflow.com/a/61851568/659188 for further explanation/reasoning.