在查询登录用户应可访问的数据时,我遇到 AWS AppSync 授权问题。尽管使用拥有数据的有效用户登录,但当我尝试查询用户的数据时,AppSync 仍返回“未经授权”错误。
错误信息:
{
"data": {
"getXXXXXXUserAccount": null
},
"errors": [
{
"path": [
"getXXXXXXUserAccount"
],
"data": null,
"errorType": "Unauthorized",
"errorInfo": null,
"locations": [
{
"line": 2,
"column": 3,
"sourceName": null
}
],
"message": "Not Authorized to access getXXXXXXUserAccount on type Query"
}
]
}
GraphQL 查询:
query MyQuery {
getXXXXXXUserAccount(id: "c13cdc53-8a2b-4d05-8ede-5fc66a8ac4e3") {
id
}
}
AWS Amplify AppSync 架构:
type XXXXXXUserAccount @model @auth(rules: [{ allow: owner, operations: [create, read, update, delete] }]) {
...
}
我已经检查了该项目的 IAM 身份验证策略,看起来一切都在那里:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "appsync:GraphQL",
"Resource": [
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/XXXXXXXXXXXXXContactForm/*",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Query/fields/getXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Query/fields/listXXXXXXXXXXXXXContactForms",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Mutation/fields/createXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Mutation/fields/updateXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Mutation/fields/deleteXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Subscription/fields/onCreateXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Subscription/fields/onUpdateXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Subscription/fields/onDeleteXXXXXXXXXXXXXContactForm"
],
"Effect": "Allow"
}
]
}```
您可以检查:
就我而言,是第 2 点。