Terraform works by calling AWS APIs to describe the resources in the account and then to modify them. It maintains a state file that is by default a JSON file in the local system, but it can be configured to use an S3 bucket, a place more suitable for teams.
To get started with Terraform, you'll need to install it. For this, follow the official Install Terraform guide.
Then the basics are simple: whenever you start working on a Terraform-based code, you'll need to initialize the project with terraform init
, then to deploy, use terraform apply
, and to cleanup terraform destroy
.
In this chapter we'll focus on the resources needed for an AppSync API and how to configure them efficiently.
The main resource is the API, so we'll start with that. A simple resource:
resource "aws_appsync_graphql_api" "appsync" {
name = "subscriptions-access-control"
schema = file("schema.graphql")
authentication_type = "AWS_IAM"
}
The schema is usually in a separate file, and the file()
Terraform-provided function loads the contents. Then the authorization_type
defines that IAM is used for authorizing to the API.
There are different configurations available for the different authorization modes, and there is also the additional_authentication_provider
block to add more providers:
resource "aws_appsync_graphql_api" "appsync" {
name = "subscriptions-access-control"
schema = file("schema.graphql")
authentication_type = "AMAZON_COGNITO_USER_POOLS"
user_pool_config {
default_action = "ALLOW"
user_pool_id = aws_cognito_user_pool.pool.id
}
additional_authentication_provider {
authentication_type = "AWS_IAM"
}
}
Logging is also defined in the API config: