Calling AppSync from Lambda

index.js

const https = require('https');
const AWS = require("aws-sdk");
const urlParse = require("url").URL;
const appsyncUrl = process.env.API_BACKENDGRAPHQL_GRAPHQLAPIENDPOINTOUTPUT;
const region = process.env.REGION;
const endpoint = new urlParse(appsyncUrl).hostname.toString();
const graphqlQuery = require('./query.js').mutation;
const apiKey = process.env.API_KEY;

exports.handler = async (event) => {
    const req = new AWS.HttpRequest(appsyncUrl, region);

    const item = {
        input: {
            title: "Lambda Item",
            Content: "Item Generated from Lambda"
        }
    };

    req.method = "POST";
    req.headers.host = endpoint;
    req.headers["Content-Type"] = "application/json";
    req.body = JSON.stringify({
        query: graphqlQuery,
        operationName: "createLambdaGraphQL",
        variables: item
    });

    if (apiKey) {
        req.headers["x-api-key"] = apiKey;
    } else {
        const signer = new AWS.Signers.V4(req, "appsync", true);
        signer.addAuthorization(AWS.config.credentials, AWS.util.date.getDate());
    }

    const data = await new Promise((resolve, reject) => {
        const httpRequest = https.request({ ...req, host: endpoint }, (result) => {
            result.on('data', (data) => {
                resolve(JSON.parse(data.toString()));
            });
        });

        httpRequest.write(req.body);
        httpRequest.end();
    });

    return {
        statusCode: 200,
        body: data
    };
};

query.js

module.exports = {
    mutation: `mutation createLambdaGraphQL($input: CreateLambdaGraphQLInput!) {
      createLambdaGraphQL(input: $input) {
        id
        title
        Content
      }
    }
    `
}

Thanks again for this gist. I have a couple of questions:

1. Is there a reason you access the environment variables once as let env = require("process").env; instead of process.env.AWS_ACCESS_KEY_ID?

2. Why do you set the credentials manually?

  credentials: new AWS.Credentials(
    env.AWS_ACCESS_KEY_ID,
    env.AWS_SECRET_ACCESS_KEY,
    env.AWS_SESSION_TOKEN
  )

It seems like you don't have to do that for Lambda functions with proper access. On another note, why are you calling update at all? As far as I know, region is also set automatically.

3. I've looked into the HttpRequest API from aws-sdk, but couldn't find out, why you set req.host = endpoint and req.headers.host = endpoint. What is the reason for this?

4. How is there anything in data if you don't resolve the promise in line 42? NVM, I'm blind.

Thank you a lot, if you find the time to answer these questions 🤗

BTW, line 40 (signer.addAuthorization(AWS.config.credentials, AWS.util.date.getDate());) always throws TypeError: Data must be a string or a buffer for me. Do you have any clue about what's going wrong?

Full stack trace:

2019-06-25T13:26:54.957Z	6527b6ef-df88-4936-9050-ff8e176ab8ea	TypeError: Data must be a string or a buffer
at Hmac.update (crypto.js:99:16)
at Object.hmac (/var/task/node_modules/aws-sdk/lib/util.js:423:50)
at Object.getSigningKey (/var/task/node_modules/aws-sdk/lib/signers/v4_credentials.js:74:35)
at V4.signature (/var/task/node_modules/aws-sdk/lib/signers/v4.js:98:36)
at V4.authorization (/var/task/node_modules/aws-sdk/lib/signers/v4.js:93:36)
at V4.addAuthorization (/var/task/node_modules/aws-sdk/lib/signers/v4.js:35:12)
at /var/task/app.js:72:12
at Layer.handle [as handle_request] (/var/task/node_modules/express/lib/router/layer.js:95:5)
at next (/var/task/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/var/task/node_modules/express/lib/router/route.js:112:3)

@janhesters did you find the cause of this issue or any work around.
Facing same issue.

@abukabar491 I did. But I don't remember what fixed it. I think I started working backwards. I copy and pasted the example verbatim and then began changing the code to my needs after I made sure the verbatim code worked.

I ended up going with a slightly different approach as described in my article "How To Use AWS AppSync in Lambda Functions". Hope this helps.

@janhesters I made a few updates above. Remember this was a gist as a quick sample, so yes most likely the credentials aren't needed I just need to double check the default Lambda SDK import is setting credentials. The host endpoint is needed as a signer param but I moved it to use a spread operator for readability. I'm not sure why you're seeing the error on line 40, maybe it was a typo or something copied/pasted wrong? It also might be that you didn't have the environment variables set for the region or graphql endpoint.

Confirmed - The latest code above works. BTW I also verified I think the reason you were getting that "Data must be string or buffer" was because you didn't have the env vars in your lambda for the endpoint and region. If you didn't use the CLI to create your function after creating an AppSync backend, you would need to manually create them.

the line #5:
const region = process.env.REGION;

should be:
const region = process.env.AWS_REGION;

Thanks for this gist.

Thanks a lot for this gist!

Just FYI, this was taken from the official AWS Amplify docs here: https://docs.amplify.aws/cli/function#signing-a-request-from-lambda