From d7e263d5d175f5f189f3ea3d1a5501b975a26281 Mon Sep 17 00:00:00 2001 From: jamedf <94416252+jamedf@users.noreply.github.com> Date: Tue, 16 May 2023 09:36:47 -0700 Subject: [PATCH] feat(appsync): Add Private API support when creating a GraphqlApi (#25569) Adds support for the GraphqlApi `Visibility` parameter that allows AppSync GraphQL APIs to be scoped as either `GLOBAL`, open to the internet, or `PRIVATE`, access is restricted to the VPC. Visibility is an optional string property that can be set when creating an API. We pass it through if provided. Related blog post: https://aws.amazon.com/blogs/mobile/introducing-private-apis-on-aws-appsync/ ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- ...efaultTestDeployAssert018781F2.assets.json | 19 ++ ...aultTestDeployAssert018781F2.template.json | 36 +++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 129 +++++++++++ .../stack.assets.json | 19 ++ .../stack.template.json | 85 ++++++++ .../tree.json | 205 ++++++++++++++++++ .../test/integ.appsync-global-api.ts | 23 ++ ...efaultTestDeployAssert018781F2.assets.json | 19 ++ ...aultTestDeployAssert018781F2.template.json | 36 +++ .../cdk.out | 1 + .../integ.json | 12 + .../manifest.json | 129 +++++++++++ .../stack.assets.json | 19 ++ .../stack.template.json | 85 ++++++++ .../tree.json | 205 ++++++++++++++++++ .../test/integ.appsync-private-api.ts | 23 ++ packages/aws-cdk-lib/aws-appsync/README.md | 20 ++ .../aws-cdk-lib/aws-appsync/lib/graphqlapi.ts | 23 ++ .../aws-appsync/test/appsync.test.ts | 15 ++ 21 files changed, 1116 insertions(+) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/stack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/stack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.ts create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/stack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/stack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json new file mode 100644 index 0000000000000..2237ea23fb0c4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "apiDefaultTestDeployAssert018781F2.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/cdk.out new file mode 100644 index 0000000000000..7925065efbcc4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/integ.json new file mode 100644 index 0000000000000..1f53d4ca6f18d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "31.0.0", + "testCases": { + "api/DefaultTest": { + "stacks": [ + "stack" + ], + "assertionStack": "api/DefaultTest/DeployAssert", + "assertionStackName": "apiDefaultTestDeployAssert018781F2" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/manifest.json new file mode 100644 index 0000000000000..d0db045b83653 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/manifest.json @@ -0,0 +1,129 @@ +{ + "version": "31.0.0", + "artifacts": { + "stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "stack.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5c90e4423671419971d1b5546661e52e2331796971ad32053a46ff0cf4ef2dbe.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "stack.assets" + ], + "metadata": { + "/stack/GlobalApi/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GlobalApiDF743291" + } + ], + "/stack/GlobalApi/Schema": [ + { + "type": "aws:cdk:logicalId", + "data": "GlobalApiSchema59B7A7F8" + } + ], + "/stack/GlobalApi/DefaultApiKey": [ + { + "type": "aws:cdk:logicalId", + "data": "GlobalApiDefaultApiKey407F28FF" + } + ], + "/stack/GlobalApi/NoneDS/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "GlobalApiNoneDSA6A1C75B" + } + ], + "/stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "stack" + }, + "apiDefaultTestDeployAssert018781F2.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "apiDefaultTestDeployAssert018781F2.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "apiDefaultTestDeployAssert018781F2": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "apiDefaultTestDeployAssert018781F2.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "apiDefaultTestDeployAssert018781F2.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "apiDefaultTestDeployAssert018781F2.assets" + ], + "metadata": { + "/api/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/api/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "api/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/stack.assets.json new file mode 100644 index 0000000000000..363e6927429a9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/stack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "5c90e4423671419971d1b5546661e52e2331796971ad32053a46ff0cf4ef2dbe": { + "source": { + "path": "stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "5c90e4423671419971d1b5546661e52e2331796971ad32053a46ff0cf4ef2dbe.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/stack.template.json new file mode 100644 index 0000000000000..e1c7cebe99002 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/stack.template.json @@ -0,0 +1,85 @@ +{ + "Resources": { + "GlobalApiDF743291": { + "Type": "AWS::AppSync::GraphQLApi", + "Properties": { + "AuthenticationType": "API_KEY", + "Name": "GlobalApi", + "Visibility": "GLOBAL" + } + }, + "GlobalApiSchema59B7A7F8": { + "Type": "AWS::AppSync::GraphQLSchema", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "GlobalApiDF743291", + "ApiId" + ] + }, + "Definition": "type test {\n version: String!\n}\ntype Query {\n getTests: [test]!\n}\ntype Mutation {\n addTest(version: String!): test\n}\n" + } + }, + "GlobalApiDefaultApiKey407F28FF": { + "Type": "AWS::AppSync::ApiKey", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "GlobalApiDF743291", + "ApiId" + ] + } + }, + "DependsOn": [ + "GlobalApiSchema59B7A7F8" + ] + }, + "GlobalApiNoneDSA6A1C75B": { + "Type": "AWS::AppSync::DataSource", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "GlobalApiDF743291", + "ApiId" + ] + }, + "Name": "NoneDS", + "Type": "NONE" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/tree.json new file mode 100644 index 0000000000000..7b88b37e51fd6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.js.snapshot/tree.json @@ -0,0 +1,205 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "stack": { + "id": "stack", + "path": "stack", + "children": { + "GlobalApi": { + "id": "GlobalApi", + "path": "stack/GlobalApi", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/GlobalApi/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLApi", + "aws:cdk:cloudformation:props": { + "authenticationType": "API_KEY", + "name": "GlobalApi", + "visibility": "GLOBAL" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLApi", + "version": "0.0.0" + } + }, + "Schema": { + "id": "Schema", + "path": "stack/GlobalApi/Schema", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLSchema", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "GlobalApiDF743291", + "ApiId" + ] + }, + "definition": "type test {\n version: String!\n}\ntype Query {\n getTests: [test]!\n}\ntype Mutation {\n addTest(version: String!): test\n}\n" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLSchema", + "version": "0.0.0" + } + }, + "DefaultApiKey": { + "id": "DefaultApiKey", + "path": "stack/GlobalApi/DefaultApiKey", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::ApiKey", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "GlobalApiDF743291", + "ApiId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnApiKey", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "stack/GlobalApi/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "NoneDS": { + "id": "NoneDS", + "path": "stack/GlobalApi/NoneDS", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/GlobalApi/NoneDS/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::DataSource", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "GlobalApiDF743291", + "ApiId" + ] + }, + "name": "NoneDS", + "type": "NONE" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnDataSource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.NoneDataSource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.GraphqlApi", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "api": { + "id": "api", + "path": "api", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "api/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "api/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.17" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "api/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "api/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "api/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.ts new file mode 100644 index 0000000000000..4b8e6424f7584 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-global-api.ts @@ -0,0 +1,23 @@ +import * as path from 'path'; +import * as cdk from 'aws-cdk-lib'; +import * as appsync from 'aws-cdk-lib/aws-appsync'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'stack'); + +const api = new appsync.GraphqlApi(stack, 'GlobalApi', { + name: 'GlobalApi', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + visibility: appsync.Visibility.GLOBAL, +}); + +api.addNoneDataSource('NoneDS', { + name: cdk.Lazy.string({ produce(): string { return 'NoneDS'; } }), +}); + +new IntegTest(app, 'api', { + testCases: [stack], +}); + +app.synth(); \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json new file mode 100644 index 0000000000000..2237ea23fb0c4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/apiDefaultTestDeployAssert018781F2.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "apiDefaultTestDeployAssert018781F2.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/apiDefaultTestDeployAssert018781F2.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/cdk.out new file mode 100644 index 0000000000000..7925065efbcc4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"31.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/integ.json new file mode 100644 index 0000000000000..1f53d4ca6f18d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "31.0.0", + "testCases": { + "api/DefaultTest": { + "stacks": [ + "stack" + ], + "assertionStack": "api/DefaultTest/DeployAssert", + "assertionStackName": "apiDefaultTestDeployAssert018781F2" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/manifest.json new file mode 100644 index 0000000000000..cbf75b55e1459 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/manifest.json @@ -0,0 +1,129 @@ +{ + "version": "31.0.0", + "artifacts": { + "stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "stack.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/deaa467a4a08f9180518f95567f7cc89cb2073b05c1f88f15bea1ad17a85e5cc.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "stack.assets" + ], + "metadata": { + "/stack/PrivateApi/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PrivateApi1FA926D9" + } + ], + "/stack/PrivateApi/Schema": [ + { + "type": "aws:cdk:logicalId", + "data": "PrivateApiSchema8313BB1A" + } + ], + "/stack/PrivateApi/DefaultApiKey": [ + { + "type": "aws:cdk:logicalId", + "data": "PrivateApiDefaultApiKey1F26A0C1" + } + ], + "/stack/PrivateApi/NoneDS/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PrivateApiNoneDSF76D677A" + } + ], + "/stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "stack" + }, + "apiDefaultTestDeployAssert018781F2.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "apiDefaultTestDeployAssert018781F2.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "apiDefaultTestDeployAssert018781F2": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "apiDefaultTestDeployAssert018781F2.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "apiDefaultTestDeployAssert018781F2.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "apiDefaultTestDeployAssert018781F2.assets" + ], + "metadata": { + "/api/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/api/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "api/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/stack.assets.json new file mode 100644 index 0000000000000..d229201679c94 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/stack.assets.json @@ -0,0 +1,19 @@ +{ + "version": "31.0.0", + "files": { + "deaa467a4a08f9180518f95567f7cc89cb2073b05c1f88f15bea1ad17a85e5cc": { + "source": { + "path": "stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "deaa467a4a08f9180518f95567f7cc89cb2073b05c1f88f15bea1ad17a85e5cc.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/stack.template.json new file mode 100644 index 0000000000000..d990b366e34db --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/stack.template.json @@ -0,0 +1,85 @@ +{ + "Resources": { + "PrivateApi1FA926D9": { + "Type": "AWS::AppSync::GraphQLApi", + "Properties": { + "AuthenticationType": "API_KEY", + "Name": "PrivateApi", + "Visibility": "PRIVATE" + } + }, + "PrivateApiSchema8313BB1A": { + "Type": "AWS::AppSync::GraphQLSchema", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "PrivateApi1FA926D9", + "ApiId" + ] + }, + "Definition": "type test {\n version: String!\n}\ntype Query {\n getTests: [test]!\n}\ntype Mutation {\n addTest(version: String!): test\n}\n" + } + }, + "PrivateApiDefaultApiKey1F26A0C1": { + "Type": "AWS::AppSync::ApiKey", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "PrivateApi1FA926D9", + "ApiId" + ] + } + }, + "DependsOn": [ + "PrivateApiSchema8313BB1A" + ] + }, + "PrivateApiNoneDSF76D677A": { + "Type": "AWS::AppSync::DataSource", + "Properties": { + "ApiId": { + "Fn::GetAtt": [ + "PrivateApi1FA926D9", + "ApiId" + ] + }, + "Name": "NoneDS", + "Type": "NONE" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/tree.json new file mode 100644 index 0000000000000..112d7fd8c5b88 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.js.snapshot/tree.json @@ -0,0 +1,205 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "stack": { + "id": "stack", + "path": "stack", + "children": { + "PrivateApi": { + "id": "PrivateApi", + "path": "stack/PrivateApi", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/PrivateApi/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLApi", + "aws:cdk:cloudformation:props": { + "authenticationType": "API_KEY", + "name": "PrivateApi", + "visibility": "PRIVATE" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLApi", + "version": "0.0.0" + } + }, + "Schema": { + "id": "Schema", + "path": "stack/PrivateApi/Schema", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::GraphQLSchema", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "PrivateApi1FA926D9", + "ApiId" + ] + }, + "definition": "type test {\n version: String!\n}\ntype Query {\n getTests: [test]!\n}\ntype Mutation {\n addTest(version: String!): test\n}\n" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnGraphQLSchema", + "version": "0.0.0" + } + }, + "DefaultApiKey": { + "id": "DefaultApiKey", + "path": "stack/PrivateApi/DefaultApiKey", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::ApiKey", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "PrivateApi1FA926D9", + "ApiId" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnApiKey", + "version": "0.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "stack/PrivateApi/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "NoneDS": { + "id": "NoneDS", + "path": "stack/PrivateApi/NoneDS", + "children": { + "Resource": { + "id": "Resource", + "path": "stack/PrivateApi/NoneDS/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::AppSync::DataSource", + "aws:cdk:cloudformation:props": { + "apiId": { + "Fn::GetAtt": [ + "PrivateApi1FA926D9", + "ApiId" + ] + }, + "name": "NoneDS", + "type": "NONE" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.CfnDataSource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.NoneDataSource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_appsync.GraphqlApi", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "api": { + "id": "api", + "path": "api", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "api/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "api/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.17" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "api/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "api/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "api/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.ts new file mode 100644 index 0000000000000..14f1b6cea555c --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-appsync/test/integ.appsync-private-api.ts @@ -0,0 +1,23 @@ +import * as path from 'path'; +import * as cdk from 'aws-cdk-lib'; +import * as appsync from 'aws-cdk-lib/aws-appsync'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'stack'); + +const api = new appsync.GraphqlApi(stack, 'PrivateApi', { + name: 'PrivateApi', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + visibility: appsync.Visibility.PRIVATE, +}); + +api.addNoneDataSource('NoneDS', { + name: cdk.Lazy.string({ produce(): string { return 'NoneDS'; } }), +}); + +new IntegTest(app, 'api', { + testCases: [stack], +}); + +app.synth(); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-appsync/README.md b/packages/aws-cdk-lib/aws-appsync/README.md index 38c0c1c599482..4b14d3a147096 100644 --- a/packages/aws-cdk-lib/aws-appsync/README.md +++ b/packages/aws-cdk-lib/aws-appsync/README.md @@ -463,6 +463,26 @@ If you don't specify `graphqlArn` in `fromXxxAttributes`, CDK will autogenerate the expected `arn` for the imported api, given the `apiId`. For creating data sources and resolvers, an `apiId` is sufficient. +## Private APIs + +By default all AppSync GraphQL APIs are public and can be accessed from the internet. +For customers that want to limit access to be from their VPC, the optional API `visibility` property can be set to `Visibility.PRIVATE` +at creation time. To explicitly create a public API, the `visibility` property should be set to `Visibility.GLOBAL`. +If visbility is not set, the service will default to `GLOBAL`. + +CDK stack file `app-stack.ts`: + +```ts +const api = new appsync.GraphqlApi(stack, 'api', { + name: 'MyPrivateAPI', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.schema.graphql')), + visbility: appsync.Visibility.PRIVATE, +}); +``` + +See [documentation](https://docs.aws.amazon.com/appsync/latest/devguide/using-private-apis.html) +for more details about Private APIs + ## Authorization There are multiple authorization types available for GraphQL API to cater to different diff --git a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts index a08153b92db81..603fab563897f 100644 --- a/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts +++ b/packages/aws-cdk-lib/aws-appsync/lib/graphqlapi.ts @@ -258,6 +258,21 @@ export interface LogConfig { readonly retention?: RetentionDays } +/** + * Visibility type for a GraphQL API + */ +export enum Visibility { + + /** + * Public, open to the internet + */ + GLOBAL = 'GLOBAL', + /** + * Only accessible through a VPC + */ + PRIVATE = 'PRIVATE' +} + /** * Domain name configuration for AppSync */ @@ -312,6 +327,13 @@ export interface GraphqlApiProps { */ readonly xrayEnabled?: boolean; + /** + * A value indicating whether the API is accessible from anywhere (GLOBAL) or can only be access from a VPC (PRIVATE). + * + * @default - GLOBAL + */ + readonly visibility?: Visibility; + /** * The domain name configuration for the GraphQL API * @@ -498,6 +520,7 @@ export class GraphqlApi extends GraphqlApiBase { lambdaAuthorizerConfig: this.setupLambdaAuthorizerConfig(defaultMode.lambdaAuthorizerConfig), additionalAuthenticationProviders: this.setupAdditionalAuthorizationModes(additionalModes), xrayEnabled: props.xrayEnabled, + visibility: props.visibility, }); this.apiId = this.api.attrApiId; diff --git a/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts b/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts index d5cbfe73712b9..094ae8984263b 100644 --- a/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts +++ b/packages/aws-cdk-lib/aws-appsync/test/appsync.test.ts @@ -239,3 +239,18 @@ test('log retention should not appear when no retention time is specified', () = // THEN Template.fromStack(stack).resourceCountIs('Custom::LogRetention', 0); }); + +test('when visibility is set it should be used when creating the API', () => { + // WHEN + new appsync.GraphqlApi(stack, 'api-x-ray', { + authorizationConfig: {}, + name: 'api', + schema: appsync.SchemaFile.fromAsset(path.join(__dirname, 'appsync.test.graphql')), + visibility: appsync.Visibility.PRIVATE, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::AppSync::GraphQLApi', { + Visibility: 'PRIVATE', + }); +}); \ No newline at end of file