Terraform works by calling AWS APIs to describe the resources in the account and then to modify them. It maintains a state file that is by default a JSON file in the local system, but it can be configured to use an S3 bucket, a place more suitable for teams.
To get started with Terraform, you'll need to install it. For this, follow the official Install Terraform guide.
Then the basics are simple: whenever you start working on a Terraform-based code, you'll need to initialize the project with terraform init, then to deploy, use terraform apply, and to cleanup terraform destroy.
In this chapter we'll focus on the resources needed for an AppSync API and how to configure them efficiently.
The main resource is the API, so we'll start with that. A simple resource:
resource "aws_appsync_graphql_api" "appsync" {
name = "subscriptions-access-control"
schema = file("schema.graphql")
authentication_type = "AWS_IAM"
}The schema is usually in a separate file, and the file() Terraform-provided function loads the contents. Then the authorization_type defines that IAM is used for authorizing to the API.
There are different configurations available for the different authorization modes, and there is also the additional_authentication_provider block to add more providers:
resource "aws_appsync_graphql_api" "appsync" {
name = "subscriptions-access-control"
schema = file("schema.graphql")
authentication_type = "AMAZON_COGNITO_USER_POOLS"
user_pool_config {
default_action = "ALLOW"
user_pool_id = aws_cognito_user_pool.pool.id
}
additional_authentication_provider {
authentication_type = "AWS_IAM"
}
}Logging is also defined in the API config: