AppSync HTTP Resolver: Storing credentials

Question

For an AppSync HTTP Resolver / Data Source, is there a recommended approach to retrieve backend credentials that I need to access the source URL? (e.g. API tokens / Basic Authentication)

The only sensible thing I can find is this – https://advancedweb.hu/how-to-call-a-protected-external-api-using-appsync-http-data-source/ – but I'd rather not use that approach (rate limits, latency, KMS costs).

I'm now considering a lambda function that simply caches the credentials and use it as first part of a pipeline resolver, but that seems kinda hacky too.

Answer

Hi,

AWS Secrets Manager is the recommended way to securely store and access such credentials: https://aws.amazon.com/secrets-manager/

See https://advancedweb.hu/how-to-read-values-from-ssm-parameter-store-and-secrets-manager-with-appsync-http-data-source/ for guidance on how to do it.

Best,

Didier

AppSync HTTP Resolver: Storing credentials

相关内容