Skip to content

support IAM role credentials for Events API subscription #14211

New issue
New issue
Open
Feature
Open
support IAM role credentials for Events API subscription#14211
Feature
Labels
EventsRelated to AppSync Eventsfeature-requestRequest a new featurepending-maintainer-responseIssue is pending a response from the Amplify team.
@tmokmss

Description

@tmokmss
tmokmss
opened on Feb 13, 2025

Is this related to a new or existing framework?

No response

Is this related to a new or existing API?

GraphQL API

Is this related to another service?

AppSync Events

Describe the feature you'd like to request

When I try to use AppSync Events client in Node.js, I cannot use IAM role credentials due to the below error:

/.../node_modules/@aws-amplify/core/src/clients/middleware/signing/signer/signatureV4/utils/getSigningValues.ts:18
    const { accessKeyId, secretAccessKey, sessionToken } = credentials;
            ^

TypeError: Cannot destructure property 'accessKeyId' of 'credentials' as it is undefined.
    at getSigningValues (/.../node_modules/@aws-amplify/core/src/clients/middleware/signing/signer/signatureV4/utils/getSigningValues.ts:18:13)
    at signRequest (/.../node_modules/@aws-amplify/core/src/clients/middleware/signing/signer/signatureV4/signRequest.ts:18:66)
    at awsRealTimeIAMHeader (/.../node_modules/@aws-amplify/api-graphql/src/Providers/AWSWebSocketProvider/authHeaders.ts:39:60)
    at awsRealTimeHeaderBasedAuth (/.../node_modules/@aws-amplify/api-graphql/src/Providers/AWSWebSocketProvider/authHeaders.ts:85:24)
    at <anonymous> (/.../node_modules/@aws-amplify/api-graphql/src/Providers/AWSWebSocketProvider/index.ts:523:40)

code to reproduce:

import { Amplify } from 'aws-amplify';
import { events } from 'aws-amplify/data';
Object.assign(global, { WebSocket: require('ws') });

Amplify.configure({
  API: {
    Events: {
      endpoint: 'https://asdf.appsync-api.ap-northeast-1.amazonaws.com/event',
      region: 'ap-northeast-1',
      defaultAuthMode: 'iam',
    },
  },
});

const main = async () => {
  const broadcast = await events.connect('/event-bus/broadcast');
  broadcast.subscribe({
    next: (data) => {
      console.log('received broadcast', data);
    },
    error: (err) => console.error('error', err),
  });
};

main();

Describe the solution you'd like

I guess Amplify libraries mainly targets at browser environment, so IAM role support is omitted. However, because Amplify libraries is currently the only easy way to interact with AppSync Events, it'd be great if it supported Node.js environment and IAM role authentication as well.

Describe alternatives you've considered

We can use defaultAuthMode: 'apiKey' without problem in Node.js environment. I'm using it as a workaround, but ideally we want to use temporary credentials such as IAM role for security.

We can also use role credentials via Cognito identity pool, but it is clearly not ideal with additional cost and resources to manage.

Additional context

No response

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

Metadata

Metadata

Assignees

No one assigned

    Labels

    EventsRelated to AppSync Eventsfeature-requestRequest a new featurepending-maintainer-responseIssue is pending a response from the Amplify team.

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions