I am trying to provide multitenancy checks in a VTL that runs as part of a custom subscription. I am using the @function and @aws_subscribe annotations; the @function references an amplify function I added using amplify add function, naming it perfectQueuePortalReceiveOrder . Here are excerpts from my schema.graphql:
type ReceiveOrderResponse {
brandSlug: String! @aws_iam @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin", "tablet"])
storeNumber: String! @aws_iam @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin", "tablet"])
orderDetails: String! @aws_iam @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin", "tablet"])
}
type Mutation {
receiveOrder(brandSlug: String!, storeNumber: String!, orderDetails: String!): ReceiveOrderResponse @function(name: "perfectQueuePortalReceiveOrder-${env}") @aws_iam @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin"])
}
type Subscription {
onReceiveOrder(brandSlug: String!, storeNumber: String!): ReceiveOrderResponse @aws_subscribe(mutations: ["receiveOrder"]) @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin", "tablet"])
}
The issue is that it does not appear that any VTL templates are generated for the Subscription. After issuing amplify api gql-compile, I see in the build/resolvers directory that VTL resolvers were generated both for the mutation, Mutation.receiveOrder.res.vtl as well as the lambda request/response templates: InvokePerfectQueuePortalReceiveOrderLambdaDataSource.req.vtl InvokePerfectQueuePortalReceiveOrderLambdaDataSource.res.vtl. However, no Subscription.onReceiveOrder.* VTL template gets generated at all.
My goal is simply to override the VTL template only for the subscription, in order to compare custom cognito user attributes against the arguments provided to the subscription, and give an unauthorized error if the arguments do not match the identity claims. But no VTL templates seem to get generated for the subscription; only for the mutation. How can I compare the arguments to a custom Subscription that is @aws_subscribed to a custom Mutation, itself using @function, against the cognito-based identity claims provided in the $ctx during VTL processing for the initiation of the subscription?
What is particularly confusing is that everywhere else I have used the @aws_cognito_user_pools and @aws_iam tags, the results have appeared in the build/resolvers VTL templates. But not for subscriptions. Why not? Strangely, these annotations do seem to be honored, however, I cannot find any VTL code that implements that honoring, as I can with Queries and Mutations. Help?
AWS OFFICIALUpdated a year ago
More detailed research culminated on this stackoverflow post: https://stackoverflow.com/questions/72718125/how-to-specify-custom-subscription-resolvers-for-aws-subscribe-d-types-in-aws-a
essentially: is Amplify simply not capable of maintaining a custom DS_NONE-backed resolver with custom request mapping template for custom Subscriptions using @aws_subscribe? Is my only option to depend on amplify for almost everything appsync-related, and then manually maintain the DS_NONE resolvers with custom request mapping templates for all subscriptions defined using @aws_subscribe in schema.graphql?