@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
475 lines (474 loc) • 21 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Provides an AppSync GraphQL API.
*
* ## Example Usage
*
* ### API Key Authentication
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.appsync.GraphQLApi("example", {
* authenticationType: "API_KEY",
* name: "example",
* });
* ```
*
* ### AWS IAM Authentication
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.appsync.GraphQLApi("example", {
* authenticationType: "AWS_IAM",
* name: "example",
* });
* ```
*
* ### AWS Cognito User Pool Authentication
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.appsync.GraphQLApi("example", {
* authenticationType: "AMAZON_COGNITO_USER_POOLS",
* name: "example",
* userPoolConfig: {
* awsRegion: current.region,
* defaultAction: "DENY",
* userPoolId: exampleAwsCognitoUserPool.id,
* },
* });
* ```
*
* ### OpenID Connect Authentication
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.appsync.GraphQLApi("example", {
* authenticationType: "OPENID_CONNECT",
* name: "example",
* openidConnectConfig: {
* issuer: "https://example.com",
* },
* });
* ```
*
* ### AWS Lambda Authorizer Authentication
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.appsync.GraphQLApi("example", {
* authenticationType: "AWS_LAMBDA",
* name: "example",
* lambdaAuthorizerConfig: {
* authorizerUri: "arn:aws:lambda:us-east-1:123456789012:function:custom_lambda_authorizer",
* },
* });
* const appsyncLambdaAuthorizer = new aws.lambda.Permission("appsync_lambda_authorizer", {
* statementId: "appsync_lambda_authorizer",
* action: "lambda:InvokeFunction",
* "function": "custom_lambda_authorizer",
* principal: "appsync.amazonaws.com",
* sourceArn: example.arn,
* });
* ```
*
* ### With Multiple Authentication Providers
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.appsync.GraphQLApi("example", {
* authenticationType: "API_KEY",
* name: "example",
* additionalAuthenticationProviders: [{
* authenticationType: "AWS_IAM",
* }],
* });
* ```
*
* ### With Schema
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.appsync.GraphQLApi("example", {
* authenticationType: "AWS_IAM",
* name: "example",
* schema: `schema {
* \x09query: Query
* }
* type Query {
* test: Int
* }
* `,
* });
* ```
*
* ### Enabling Logging
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const assumeRole = aws.iam.getPolicyDocument({
* statements: [{
* effect: "Allow",
* principals: [{
* type: "Service",
* identifiers: ["appsync.amazonaws.com"],
* }],
* actions: ["sts:AssumeRole"],
* }],
* });
* const example = new aws.iam.Role("example", {
* name: "example",
* assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
* });
* const exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment("example", {
* policyArn: "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
* role: example.name,
* });
* const exampleGraphQLApi = new aws.appsync.GraphQLApi("example", {logConfig: {
* cloudwatchLogsRoleArn: example.arn,
* fieldLogLevel: "ERROR",
* }});
* ```
*
* ### GraphQL run complexity, query depth, and introspection
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.appsync.GraphQLApi("example", {
* authenticationType: "AWS_IAM",
* name: "example",
* introspectionConfig: "ENABLED",
* queryDepthLimit: 2,
* resolverCountLimit: 2,
* });
* ```
*
* ## Import
*
* Using `pulumi import`, import AppSync GraphQL API using the GraphQL API ID. For example:
*
* ```sh
* $ pulumi import aws:appsync/graphQLApi:GraphQLApi example 0123456789
* ```
*/
export declare class GraphQLApi extends pulumi.CustomResource {
/**
* Get an existing GraphQLApi resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GraphQLApiState, opts?: pulumi.CustomResourceOptions): GraphQLApi;
/**
* Returns true if the given object is an instance of GraphQLApi. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is GraphQLApi;
/**
* One or more additional authentication providers for the GraphQL API. See `additionalAuthenticationProvider` Block for details.
*/
readonly additionalAuthenticationProviders: pulumi.Output<outputs.appsync.GraphQLApiAdditionalAuthenticationProvider[] | undefined>;
/**
* API type. Valid values are `GRAPHQL` or `MERGED`. A `MERGED` type requires `mergedApiExecutionRoleArn` to be set.
*/
readonly apiType: pulumi.Output<string | undefined>;
/**
* ARN
*/
readonly arn: pulumi.Output<string>;
/**
* Authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`
*/
readonly authenticationType: pulumi.Output<string>;
/**
* Enables and controls the enhanced metrics feature. See `enhancedMetricsConfig` Block for details.
*/
readonly enhancedMetricsConfig: pulumi.Output<outputs.appsync.GraphQLApiEnhancedMetricsConfig | undefined>;
/**
* Sets the value of the GraphQL API to enable (`ENABLED`) or disable (`DISABLED`) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see [GraphQL introspection](https://graphql.org/learn/introspection/).
*/
readonly introspectionConfig: pulumi.Output<string | undefined>;
/**
* Nested argument containing Lambda authorizer configuration. See `lambdaAuthorizerConfig` Block for details.
*/
readonly lambdaAuthorizerConfig: pulumi.Output<outputs.appsync.GraphQLApiLambdaAuthorizerConfig | undefined>;
/**
* Nested argument containing logging configuration. See `logConfig` Block for details.
*/
readonly logConfig: pulumi.Output<outputs.appsync.GraphQLApiLogConfig | undefined>;
/**
* ARN of the execution role when `apiType` is set to `MERGED`.
*/
readonly mergedApiExecutionRoleArn: pulumi.Output<string | undefined>;
/**
* User-supplied name for the GraphQL API.
*
* The following arguments are optional:
*/
readonly name: pulumi.Output<string>;
/**
* Nested argument containing OpenID Connect configuration. See `openidConnectConfig` Block for details.
*/
readonly openidConnectConfig: pulumi.Output<outputs.appsync.GraphQLApiOpenidConnectConfig | undefined>;
/**
* The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is `0` (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between `1` and `75` nested levels. This field will produce a limit error if the operation falls out of bounds.
*
* Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.
*/
readonly queryDepthLimit: pulumi.Output<number | undefined>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
readonly region: pulumi.Output<string>;
/**
* The maximum number of resolvers that can be invoked in a single request. The default value is `0` (or unspecified), which will set the limit to `10000`. When specified, the limit value can be between `1` and `10000`. This field will produce a limit error if the operation falls out of bounds.
*/
readonly resolverCountLimit: pulumi.Output<number | undefined>;
/**
* Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
*/
readonly schema: pulumi.Output<string | undefined>;
/**
* Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
readonly tags: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
*/
readonly tagsAll: pulumi.Output<{
[key: string]: string;
}>;
/**
* Map of URIs associated with the API E.g., `uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql`
*/
readonly uris: pulumi.Output<{
[key: string]: string;
}>;
/**
* Amazon Cognito User Pool configuration. See `userPoolConfig` Block for details.
*/
readonly userPoolConfig: pulumi.Output<outputs.appsync.GraphQLApiUserPoolConfig | undefined>;
/**
* Sets the value of the GraphQL API to public (`GLOBAL`) or private (`PRIVATE`). If no value is provided, the visibility will be set to `GLOBAL` by default. This value cannot be changed once the API has been created.
*/
readonly visibility: pulumi.Output<string | undefined>;
/**
* Whether tracing with X-ray is enabled. Defaults to false.
*/
readonly xrayEnabled: pulumi.Output<boolean | undefined>;
/**
* Create a GraphQLApi resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: GraphQLApiArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering GraphQLApi resources.
*/
export interface GraphQLApiState {
/**
* One or more additional authentication providers for the GraphQL API. See `additionalAuthenticationProvider` Block for details.
*/
additionalAuthenticationProviders?: pulumi.Input<pulumi.Input<inputs.appsync.GraphQLApiAdditionalAuthenticationProvider>[]>;
/**
* API type. Valid values are `GRAPHQL` or `MERGED`. A `MERGED` type requires `mergedApiExecutionRoleArn` to be set.
*/
apiType?: pulumi.Input<string>;
/**
* ARN
*/
arn?: pulumi.Input<string>;
/**
* Authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`
*/
authenticationType?: pulumi.Input<string>;
/**
* Enables and controls the enhanced metrics feature. See `enhancedMetricsConfig` Block for details.
*/
enhancedMetricsConfig?: pulumi.Input<inputs.appsync.GraphQLApiEnhancedMetricsConfig>;
/**
* Sets the value of the GraphQL API to enable (`ENABLED`) or disable (`DISABLED`) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see [GraphQL introspection](https://graphql.org/learn/introspection/).
*/
introspectionConfig?: pulumi.Input<string>;
/**
* Nested argument containing Lambda authorizer configuration. See `lambdaAuthorizerConfig` Block for details.
*/
lambdaAuthorizerConfig?: pulumi.Input<inputs.appsync.GraphQLApiLambdaAuthorizerConfig>;
/**
* Nested argument containing logging configuration. See `logConfig` Block for details.
*/
logConfig?: pulumi.Input<inputs.appsync.GraphQLApiLogConfig>;
/**
* ARN of the execution role when `apiType` is set to `MERGED`.
*/
mergedApiExecutionRoleArn?: pulumi.Input<string>;
/**
* User-supplied name for the GraphQL API.
*
* The following arguments are optional:
*/
name?: pulumi.Input<string>;
/**
* Nested argument containing OpenID Connect configuration. See `openidConnectConfig` Block for details.
*/
openidConnectConfig?: pulumi.Input<inputs.appsync.GraphQLApiOpenidConnectConfig>;
/**
* The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is `0` (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between `1` and `75` nested levels. This field will produce a limit error if the operation falls out of bounds.
*
* Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.
*/
queryDepthLimit?: pulumi.Input<number>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* The maximum number of resolvers that can be invoked in a single request. The default value is `0` (or unspecified), which will set the limit to `10000`. When specified, the limit value can be between `1` and `10000`. This field will produce a limit error if the operation falls out of bounds.
*/
resolverCountLimit?: pulumi.Input<number>;
/**
* Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
*/
schema?: pulumi.Input<string>;
/**
* Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
*/
tagsAll?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Map of URIs associated with the API E.g., `uris["GRAPHQL"] = https://ID.appsync-api.REGION.amazonaws.com/graphql`
*/
uris?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Amazon Cognito User Pool configuration. See `userPoolConfig` Block for details.
*/
userPoolConfig?: pulumi.Input<inputs.appsync.GraphQLApiUserPoolConfig>;
/**
* Sets the value of the GraphQL API to public (`GLOBAL`) or private (`PRIVATE`). If no value is provided, the visibility will be set to `GLOBAL` by default. This value cannot be changed once the API has been created.
*/
visibility?: pulumi.Input<string>;
/**
* Whether tracing with X-ray is enabled. Defaults to false.
*/
xrayEnabled?: pulumi.Input<boolean>;
}
/**
* The set of arguments for constructing a GraphQLApi resource.
*/
export interface GraphQLApiArgs {
/**
* One or more additional authentication providers for the GraphQL API. See `additionalAuthenticationProvider` Block for details.
*/
additionalAuthenticationProviders?: pulumi.Input<pulumi.Input<inputs.appsync.GraphQLApiAdditionalAuthenticationProvider>[]>;
/**
* API type. Valid values are `GRAPHQL` or `MERGED`. A `MERGED` type requires `mergedApiExecutionRoleArn` to be set.
*/
apiType?: pulumi.Input<string>;
/**
* Authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`, `AWS_LAMBDA`
*/
authenticationType: pulumi.Input<string>;
/**
* Enables and controls the enhanced metrics feature. See `enhancedMetricsConfig` Block for details.
*/
enhancedMetricsConfig?: pulumi.Input<inputs.appsync.GraphQLApiEnhancedMetricsConfig>;
/**
* Sets the value of the GraphQL API to enable (`ENABLED`) or disable (`DISABLED`) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. This field will produce an error if the operation attempts to use the introspection feature while this field is disabled. For more information about introspection, see [GraphQL introspection](https://graphql.org/learn/introspection/).
*/
introspectionConfig?: pulumi.Input<string>;
/**
* Nested argument containing Lambda authorizer configuration. See `lambdaAuthorizerConfig` Block for details.
*/
lambdaAuthorizerConfig?: pulumi.Input<inputs.appsync.GraphQLApiLambdaAuthorizerConfig>;
/**
* Nested argument containing logging configuration. See `logConfig` Block for details.
*/
logConfig?: pulumi.Input<inputs.appsync.GraphQLApiLogConfig>;
/**
* ARN of the execution role when `apiType` is set to `MERGED`.
*/
mergedApiExecutionRoleArn?: pulumi.Input<string>;
/**
* User-supplied name for the GraphQL API.
*
* The following arguments are optional:
*/
name?: pulumi.Input<string>;
/**
* Nested argument containing OpenID Connect configuration. See `openidConnectConfig` Block for details.
*/
openidConnectConfig?: pulumi.Input<inputs.appsync.GraphQLApiOpenidConnectConfig>;
/**
* The maximum depth a query can have in a single request. Depth refers to the amount of nested levels allowed in the body of query. The default value is `0` (or unspecified), which indicates there's no depth limit. If you set a limit, it can be between `1` and `75` nested levels. This field will produce a limit error if the operation falls out of bounds.
*
* Note that fields can still be set to nullable or non-nullable. If a non-nullable field produces an error, the error will be thrown upwards to the first nullable field available.
*/
queryDepthLimit?: pulumi.Input<number>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* The maximum number of resolvers that can be invoked in a single request. The default value is `0` (or unspecified), which will set the limit to `10000`. When specified, the limit value can be between `1` and `10000`. This field will produce a limit error if the operation falls out of bounds.
*/
resolverCountLimit?: pulumi.Input<number>;
/**
* Schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.
*/
schema?: pulumi.Input<string>;
/**
* Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Amazon Cognito User Pool configuration. See `userPoolConfig` Block for details.
*/
userPoolConfig?: pulumi.Input<inputs.appsync.GraphQLApiUserPoolConfig>;
/**
* Sets the value of the GraphQL API to public (`GLOBAL`) or private (`PRIVATE`). If no value is provided, the visibility will be set to `GLOBAL` by default. This value cannot be changed once the API has been created.
*/
visibility?: pulumi.Input<string>;
/**
* Whether tracing with X-ray is enabled. Defaults to false.
*/
xrayEnabled?: pulumi.Input<boolean>;
}