AWS API Gateway as a proxy to AppSync
Learn how to setup AWS API Gateway as a proxy to AppSync.
But why need a proxy to AWS AppSync?
Reasons:
- AWS AppSync does not support Rate Limiting OOTB.
- AWS AppSync does not support installing an SSL certificate without having to use a CloudFront Distribution.
Worry not! API Gateway can be used as the perfect proxy for the GraphQL requests to AppSync and it supports rate limiting and installation of SSL certificates.
How to integrate API Gateway as a proxy to AWS AppSync?
Approach 1:
Routed through AWS network: AWS Service Integration (recommended)
Step 1: Create API in API Gateway
Step 2: Create graphql resource under root (/) path
Step 3: Create POST method and setup AWS Service integration
Execution Role — IAM Policy:
// Note: Please replace AWS Account Number and AppSync API ID in the below policy// Policy Begin{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"appsync:GraphQL"
],
"Resource": [
"arn:aws:appsync:us-east-1:{AWS-Account-Number}:apis/{AppSync-API-ID}/*"
],
"Effect": "Allow"
}
]
}// Policy End
Step 4: AWS Integration complete
(Don’t forget to deploy your API under Actions -> API Actions)
Approach 2:
Routed through the Internet: HTTP Integration
Follow Steps 1 & 2 from Approach 1
Step 3: Create POST method and setup HTTP integration
Step 4: HTTP Integration complete
(Don’t forget to deploy your API under Actions -> API Actions)
Voila! you should now be able to send a GraphQL request to the API Gateway and the API Gateway will proxy the request to AppSync and return the response from AppSync.
Some best practices to consider after the proxy setup:
- Consider using API Gateway API Key on the proxy API rather than AWS AppSync API key to avoid exposing AppSync API key.
(you can pass in AppSync API key as a header under HTTP Headers while setting up AWS Service Integration)
2. Enable Rate Limiting on API Gateway API Key.
3. Install an SSL certificate in API Gateway and set up a custom domain.
