By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to cross acocunt access an AppSync API from another AppSync API?

0

I have two AppSync services in two accounts, A and B. I'd like to call AppSync A from AppSyncB. AppSync B is protected by IAM auth. AppSync A has an HTTP data source to make requests to AppSync B. I created a role in account B that permits all API actions on AppSync B.

When I pass role B to the HTTP data source in account A I get this error.

Cross-account pass role is not allowed. (Service: AWSAppSync; Status Code: 403; Error Code: AccessDeniedException...)`

Then I created a role in account A, with permission to assume the role in account B. I added this role to the account A data source. I still get access denied exception when trying an HTTP request.

Any ideas? Is there a better recommendation for how to architect this?

Thanks

Topics
ServerlessFront-End Web & MobileApplication IntegrationSecurity, Identity, & Compliance
Tags
AWS AppSyncAWS Identity and Access Management
Language
English
rePost-User-8340020
asked a year ago274 views
2 Answers
0

I suggest you check this document here- https://aws.amazon.com/blogs/mobile/appsync-lambda-cross-account/

AWS
rePost-User-5076019
answered a year ago
0

This does not seem possible for DynamoDB data source as there is no option for a manual arn. Is there anything supported for cross account DynamoDB access?

liamab
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content