Resource: awsAppsyncDatasource
Provides an AppSync Data Source.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsAppsyncGraphqlApiExample = new aws.appsyncGraphqlApi.AppsyncGraphqlApi(
this,
"example",
{
authenticationType: "API_KEY",
name: "tf_appsync_example",
}
);
const awsDynamodbTableExample = new aws.dynamodbTable.DynamodbTable(
this,
"example_1",
{
attribute: [
{
name: "UserId",
type: "S",
},
],
hashKey: "UserId",
name: "example",
readCapacity: 1,
writeCapacity: 1,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDynamodbTableExample.overrideLogicalId("example");
const dataAwsIamPolicyDocumentAssumeRole =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"assume_role",
{
statement: [
{
actions: ["sts:AssumeRole"],
effect: "Allow",
principals: [
{
identifiers: ["appsync.amazonaws.com"],
type: "Service",
},
],
},
],
}
);
const dataAwsIamPolicyDocumentExample =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example_3", {
statement: [
{
actions: ["dynamodb:*"],
effect: "Allow",
resources: [awsDynamodbTableExample.arn],
},
],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsIamPolicyDocumentExample.overrideLogicalId("example");
const awsIamRoleExample = new aws.iamRole.IamRole(this, "example_4", {
assumeRolePolicy: dataAwsIamPolicyDocumentAssumeRole.json,
name: "example",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRoleExample.overrideLogicalId("example");
const awsIamRolePolicyExample = new aws.iamRolePolicy.IamRolePolicy(
this,
"example_5",
{
name: "example",
policy: dataAwsIamPolicyDocumentExample.json,
role: awsIamRoleExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsIamRolePolicyExample.overrideLogicalId("example");
const awsAppsyncDatasourceExample = new aws.appsyncDatasource.AppsyncDatasource(
this,
"example_6",
{
apiId: awsAppsyncGraphqlApiExample.id,
dynamodbConfig: {
tableName: awsDynamodbTableExample.name,
},
name: "tf_appsync_example",
serviceRoleArn: awsIamRoleExample.arn,
type: "AMAZON_DYNAMODB",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsAppsyncDatasourceExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
apiId- (Required) API ID for the GraphQL API for the data source.name- (Required) User-supplied name for the data source.type- (Required) Type of the Data Source. Valid values:AWS_LAMBDA,AMAZON_DYNAMODB,AMAZON_ELASTICSEARCH,http,none,RELATIONAL_DATABASE,AMAZON_EVENTBRIDGE.description- (Optional) Description of the data source.serviceRoleArn- (Optional) IAM service role ARN for the data source.dynamodbConfig- (Optional) DynamoDB settings. See belowelasticsearchConfig- (Optional) Amazon Elasticsearch settings. See belowhttpConfig- (Optional) HTTP settings. See belowlambdaConfig- (Optional) AWS Lambda settings. See belowrelationalDatabaseConfig(Optional) AWS RDS settings. See Relational Database ConfigeventBridgeConfig- (Optional) AWS EventBridge settings. See below
dynamodbConfig
The following arguments are supported:
tableName- (Required) Name of the DynamoDB table.region- (Optional) AWS region of the DynamoDB table. Defaults to current region.useCallerCredentials- (Optional) Set totrueto use Amazon Cognito credentials with this data source.
elasticsearchConfig
The following arguments are supported:
endpoint- (Required) HTTP endpoint of the Elasticsearch domain.region- (Optional) AWS region of Elasticsearch domain. Defaults to current region.
httpConfig
The following arguments are supported:
endpoint- (Required) HTTP URL.authorizationConfig- (Optional) Authorization configuration in case the HTTP endpoint requires authorization. See Authorization Config.
authorizationConfig
The following arguments are supported:
authorizationType- (Optional) Authorization type that the HTTP endpoint requires. Default values isAWS_IAM.awsIamConfig- (Optional) Identity and Access Management (IAM) settings. See AWS IAM Config.
awsIamConfig
The following arguments are supported:
signingRegion- (Optional) Signing Amazon Web Services Region for IAM authorization.signingServiceName- (Optional) Signing service name for IAM authorization.
relationalDatabaseConfig
The following arguments are supported:
httpEndpointConfig- (Required) Amazon RDS HTTP endpoint configuration. See HTTP Endpoint Config.sourceType- (Optional) Source type for the relational database. Valid values:RDS_HTTP_ENDPOINT.
httpEndpointConfig
The following arguments are supported:
dbClusterIdentifier- (Required) Amazon RDS cluster identifier.awsSecretStoreArn- (Required) AWS secret store ARN for database credentials.databaseName- (Optional) Logical database name.region- (Optional) AWS Region for RDS HTTP endpoint. Defaults to current region.schema- (Optional) Logical schema name.
lambdaConfig
The following arguments are supported:
functionArn- (Required) ARN for the Lambda function.
eventBridgeConfig
The following arguments are supported:
eventBusArn- (Required) ARN for the EventBridge bus.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn- ARN
Import
awsAppsyncDatasource can be imported with their apiId, a hyphen, and name, e.g.,