AWS API Gateway as a proxy to AppSync

Learn how to setup AWS API Gateway as a proxy to AppSync.

But why need a proxy to AWS AppSync?

Reasons:

  • AWS AppSync does not support Rate Limiting OOTB.
  • AWS AppSync does not support installing an SSL certificate without having to use a CloudFront Distribution.

Worry not! API Gateway can be used as the perfect proxy for the GraphQL requests to AppSync and it supports rate limiting and installation of SSL certificates.

How to integrate API Gateway as a proxy to AWS AppSync?

Approach 1:

Routed through AWS network: AWS Service Integration (recommended)

Step 1: Create API in API Gateway

Create API in API Gateway

Step 2: Create graphql resource under root (/) path

Create graphql resource under root (/) path

Step 3: Create POST method and setup AWS Service integration

Create POST method and setup AWS Service integration

Execution Role — IAM Policy:

// Note: Please replace AWS Account Number and AppSync API ID in the below policy// Policy Begin{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"appsync:GraphQL"
],
"Resource": [
"arn:aws:appsync:us-east-1:{AWS-Account-Number}:apis/{AppSync-API-ID}/*"
],
"Effect": "Allow"
}
]
}
// Policy End

Step 4: AWS Integration complete
(Don’t forget to deploy your API under Actions -> API Actions)

AWSIntegration complete

Approach 2:

Routed through the Internet: HTTP Integration

Follow Steps 1 & 2 from Approach 1

Step 3: Create POST method and setup HTTP integration

Create POST method and setup HTTP integration

Step 4: HTTP Integration complete
(Don’t forget to deploy your API under Actions -> API Actions)

HTTP Integration complete

Voila! you should now be able to send a GraphQL request to the API Gateway and the API Gateway will proxy the request to AppSync and return the response from AppSync.

Some best practices to consider after the proxy setup:

  1. Consider using API Gateway API Key on the proxy API rather than AWS AppSync API key to avoid exposing AppSync API key.
    (you can pass in AppSync API key as a header under HTTP Headers while setting up AWS Service Integration)

2. Enable Rate Limiting on API Gateway API Key.

3. Install an SSL certificate in API Gateway and set up a custom domain.

Learn something new every day — Cheers!

Lead full-stack engineer — AWS, GCP Certified Solutions Architect working at Presidio with love & experience in building cloud-native applications.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store