# Amplify Graphql API Construct This package vends an L3 CDK Construct wrapping the behavior of the Amplify GraphQL Transformer. This enables quick development and interation of AppSync APIs which support the Amplify GraphQL Directives. For more information on schema modeling in GraphQL, please refer to the [amplify developer docs](https://docs.amplify.aws/cli/graphql/overview/). The primary way to use this construct is to invoke it with a provided schema (either as an inline graphql string, or as one or more `appsync.SchemaFile`) objects, and with authorization config provided. There are 5 supported methods for authorization of an AppSync API, all of which are supported by this construct. For more information on authorization rule definitions in Amplify, refer to the [authorization docs](https://docs.amplify.aws/cli/graphql/authorization-rules/). Note: currently at least one authorization rule is required, and if multiple are specified, a `defaultAuthMode` must be specified on the api as well. Specified authorization modes must be a superset of those configured in the graphql schema. ## Examples ### Simple Todo List With Cognito Userpool-based Owner Authorization In this example, we create a single model, which will use `user pool` auth in order to allow logged in users to create and manage their own `todos` privately. We create a cdk App and Stack, though you may be deploying this to a custom stack, this is purely illustrative for a concise demo. We then wire this through to import a user pool which was already deployed (creating and deploying is out of scope for this example). ```ts import { App, Stack } from 'aws-cdk-lib'; import { UserPool } from 'aws-cdk-lib/aws-cognito'; import { AmplifyGraphqlApi } from '@aws-amplify/graphql-construct-alpha'; const app = new App(); const stack = new Stack(app, 'TodoStack'); new AmplifyGraphqlApi(stack, 'TodoApp', { schema: /* GraphQL */ ` type Todo @model @auth(rules: [{ allow: owner }]) { description: String! completed: Boolean } `, authorizationConfig: { userPoolConfig: { userPool: UserPool.fromUserPoolId(stack, 'ImportedUserPool', ''), }, }, }); ``` ### Multiple related models, with public read access, and admin read/write access In this example, we create a two related models, which will use which logged in users in the 'Author' and 'Admin' user groups will have full access to, and customers requesting with api key will only have read permissions on. ```ts import { App, Stack } from 'aws-cdk-lib'; import { UserPool } from 'aws-cdk-lib/aws-cognito'; import { AmplifyGraphqlApi } from '@aws-amplify/graphql-construct-alpha'; const app = new App(); const stack = new Stack(app, 'BlogStack'); new AmplifyGraphqlApi(stack, 'BlogApp', { schema: /* GraphQL */ ` type Blog @model @auth(rules: [{ allow: public, operations: [read] }, { allow: groups, groups: ["Author", "Admin"] }]) { title: String! description: String posts: [Post] @hasMany } type Post @model @auth(rules: [{ allow: public, operations: [read] }, { allow: groups, groups: ["Author", "Admin"] }]) { title: String! content: [String] blog: Blog @belongsTo } `, authorizationConfig: { defaultAuthMode: 'API_KEY', apiKeyConfig: { description: 'Api Key for public access', expires: cdk.Duration.days(7), }, userPoolConfig: { userPool: UserPool.fromUserPoolId(stack, 'ImportedUserPool', ''), }, }, }); ```