我在尝试在用户确认后触发的 AWS Lambda 函数中执行 GraphQL 突变 (createPlayer) 时遇到授权错误。我收到的错误消息是:
**PostConfirmation 失败,并出现错误 GraphQL 错误:未授权访问类型 Mutattion 上的 createPlayer **
Lambda 函数(Node.js):
const appsync = require("aws-appsync");
const gql = require("graphql-tag");
require("cross-fetch/polyfill");
exports.handler = async (event, context, callback) => {
const graphqlClient = new appsync.AWSAppSyncClient({
url: process.env.API_TICTACTOE010147_GRAPHQLAPIENDPOINTOUTPUT,
region: process.env.REGION,
auth: {
type: "AWS_IAM",
credentials: {
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
sessionToken: process.env.AWS_SESSION_TOKEN,
},
},
disableOffline: true,
});
const mutation = gql`
mutation createPlayer(
$name: String!
$cognitoID: String!
$username: String!
$email: AWSEmail!
) {
createPlayer(
input: {
cognitoID: $cognitoID
email: $email
name: $name
username: $username
}
) {
id
}
}
`;
try {
await graphqlClient.mutate({
mutation,
variables: {
name: event.request.userAttributes.name,
username: event.userName,
cognitoID: event.request.userAttributes.sub,
email: event.request.userAttributes.email,
},
});
callback(null, event);
} catch (error) {
callback(error);
}
};
GraphQL 架构(相关部分):
type Player
@model
@auth(
rules: [
{ allow: private, operations: [read] }
{ allow: owner, ownerField: "username", operations: [update] }
{
allow: private
provider: iam
operations: [read, create, update, delete]
}
]
) {
id: ID!
cognitoID: String!
username: String! @primaryKey
name: String!
email: AWSEmail!
}
错误消息:
PostConfirmation failed with error GraphQL error: Not Authorized to access createPlayer on type Mutattion
确保您的 lambda 角色有权在 API 上调用 mutate。
arn:aws:appsync:{REGION}:{ACCOUNT_ID}:apis/{API_ID}/types/Mutation/*
允许:appsync:GraphQL