AppSync
Note: if you are running CloudGraph locally you can view the interactive, automatically generated documentation in either GraphQL Playground or Altair by clicking the docs button on the right-hand side of the screen. After reading the below information we highly suggest you use one of these tools to test your queries as they will autocomplete fields for you and let you know if your queries are valid before you even submit them.
Overview
You can currently query the following attributes and connections on an AWS AppSync instance
query{ queryawsAppSync { id accountId arn region name authenticationType logFieldLogLevel logCloudWatchLogsRoleArn logExcludeVerboseContent userPoolId userPoolDefaultAction userPoolAppIdClientRegex openIDConnectIssuer openIDConnectClientId openIDConnectIatTTL openIDConnectAuthTTL xrayEnabled wafWebAclArn lambdaAuthorizerResultTtlInSeconds lambdaAuthorizerUri lambdaAuthorizerIdentityValidationExpression uris { id key value } tags { id key value } additionalAuthenticationProviders { id authenticationType openIDConnectIssuer openIDConnectClientId openIDConnectIatTTL openIDConnectAuthTTL userPoolId userPoolAwsRegion userPoolAppIdClientRegex } apiKeys { id description expires } dataSources { id arn name description type serviceRoleArn dynamodbTableName dynamodbAwsRegion dynamodbUseCallerCredentials dynamodbDeltaSyncBaseTableTTL dynamodbDeltaSyncTableName dynamodbDeltaSyncTableTTL dynamodbVersioned lambdaFunctionArn elasticsearchEndpoint elasticsearchAwsRegion httpEndpoint httpAuthorizationType httpAuthorizationIamSigningRegion httpAuthorizationIamSigningServiceName relationalDatabaseSourceType relationalDatabaseAwsRegion relationalDatabaseClusterIdentifier relationalDatabaseName relationalDatabaseSchema relationalDatabaseAwsSecretStoreArn } functions { id arn name description dataSourceName requestMappingTemplate responseMappingTemplate functionVersion resolvers { id arn typeName fieldName dataSourceName requestMappingTemplate responseMappingTemplate kind pipelineFunctionIds syncConflictHandler syncConflictDetection syncLambdaConflictHandlerArn cachingTTL cachingKeys } } types { id arn name description definition format resolvers { id arn typeName fieldName dataSourceName requestMappingTemplate responseMappingTemplate kind pipelineFunctionIds syncConflictHandler syncConflictDetection syncLambdaConflictHandlerArn cachingTTL cachingKeys } } cognitoUserPool { arn # Other fields and connections here... } dynamodb { arn # Other fields and connections here... } lambda { arn # Other fields and connections here... } rdsCluster { arn # Other fields and connections here... } } }
Filtering
Get data for a single AWS AppSync instance that you know the ID or arn for:
query { getawsAppSync(id: "12345") { arn # Other fields and connections here... } }
query { getawsAppSync(arn: "arn:aws:ec2:us-east-1:111122223333:apis/11122223333f466ec") { arn # Other fields and connections here... } }
Get data for all of the AppSync instances in a certain AWS account:
query { queryawsAppSync(filter: { accountId: { eq: "12345" } }) { arn # Other fields and connections here... } } # Note that in addition to "accountId" you can # Filter based on any of the following attributes: # id # arn # region # name # authenticationType # logFieldLogLevel # logCloudWatchLogsRoleArn # logExcludeVerboseContent # userPoolId # userPoolDefaultAction # userPoolAppIdClientRegex # openIDConnectIssuer # openIDConnectClientId # openIDConnectIatTTL # openIDConnectAuthTTL # xrayEnabled # wafWebAclArn # lambdaAuthorizerResultTtlInSeconds # lambdaAuthorizerUri # lambdaAuthorizerIdentityValidationExpression # And the following Dgraph filters can also be applied: # has # and # or # not # regexp (regular expressions)
Get data for all of the AppSync instances that are NOT in a certain AWS account:
query { queryawsAppSync(filter: { not: { accountId: { eq: "12345" } } }) { arn # Other fields and connections here... } }
Advanced Filtering
Get data for all of the AppSync instances that have a connected cognitoUserPool:
query { queryawsAppSync(filter: { has: cognitoUserPool }) { arn # Other fields and connections here... } } # Note that in addition to "cognitoUserPool" you can filter # Using "has" based on any of the following attributes: # id # accountId # arn # region # name # authenticationType # logFieldLogLevel # logCloudWatchLogsRoleArn # logExcludeVerboseContent # userPoolId # userPoolDefaultAction # userPoolAppIdClientRegex # openIDConnectIssuer # openIDConnectClientId # openIDConnectIatTTL # openIDConnectAuthTTL # xrayEnabled # wafWebAclArn # lambdaAuthorizerResultTtlInSeconds # lambdaAuthorizerUri # lambdaAuthorizerIdentityValidationExpression # uris # tags # additionalAuthenticationProviders # apiKeys # dataSources # functions # types # dynamodb # lambda # rdsCluster
Use multiple filter selectors, (i.e. has, and, not, or) to get data for all of the AppSync instances that have cognitoUserPool instances AND dynamodb instances connected to them OR that do not have lambda instances connected to them. Note that you can use has, and, not, or completely independently of each other:
query { queryawsAppSync( filter: { has: cognitoUserPool and: { has: dynamodb } or: { not: { has: lambda } } } ) { arn # Other fields and connections here... } }
You may also filter using a regex when filtering on a string field like, region if you want to look for a value that matches say, us- to get all AppSync instances in us regions:
query { queryawsAppSync(filter: { region: { regexp: "/.*us-*/" } }) { arn # Other fields and connections here... } }
Ordering
You can order the results you get back either asc or desc depending on your preference:
query { queryawsAppSync(order: { desc: region }) { arn # Other fields and connections here... } } # Note that in addition to "region" you can filter # Using "asc" or "desc" based on any of the following attributes: # id # accountId # arn # name # authenticationType # logFieldLogLevel # logCloudWatchLogsRoleArn # logExcludeVerboseContent # userPoolId # userPoolDefaultAction # userPoolAppIdClientRegex # openIDConnectIssuer # openIDConnectClientId # openIDConnectIatTTL # openIDConnectAuthTTL # xrayEnabled # wafWebAclArn # lambdaAuthorizerResultTtlInSeconds # lambdaAuthorizerUri # lambdaAuthorizerIdentityValidationExpression
Only select and return the first two AppSync instances that are found:
query { queryawsAppSync(first: 2, order: { desc: region }) { arn # Other fields and connections here... } }
Only select and return the first two AppSync instances that are found, but offset by one so AppSync instance two & three are returned:
query { queryawsAppSync(first: 2, order: { desc: region }, offset: 1) { arn # Other fields and connections here... } }
Aggregation
Count the number AppSync across all scanned AWS accounts:
query { aggregateawsAppSync { count # Other fields and connections here... } } # Note that in addition to "count" you can request the # Following min and max values based on attributes of your AppSync: # idMin # idMax # accountIdMin # accountIdMax # arnMin # arnMax # regionMin # regionMax # nameMin # nameMax # authenticationTypeMin # authenticationTypeMAx # logFieldLogLevelMin # logFieldLogLevelMax # logCloudWatchLogsRoleArnMin # logCloudWatchLogsRoleArnMax # logExcludeVerboseContentMin # logExcludeVerboseContentMax # userPoolIdMin # userPoolIdMax # userPoolDefaultActionMin # userPoolDefaultActionMax # userPoolAppIdClientRegexMin # userPoolAppIdClientRegexMax # openIDConnectIssuerMin # openIDConnectIssuerMax # openIDConnectClientIdMin # openIDConnectClientIdMax # openIDConnectIatTTLMin # openIDConnectIatTTLMax # openIDConnectAuthTTLMin # openIDConnectAuthTTLMax # xrayEnabledMin # xrayEnabledMax # wafWebAclArnMin # wafWebAclArnMax # lambdaAuthorizerResultTtlInSecondsMin # lambdaAuthorizerResultTtlInSecondsMax # lambdaAuthorizerUriMin # lambdaAuthorizerUriMax # lambdaAuthorizerIdentityValidationExpressionMin # lambdaAuthorizerIdentityValidationExpressionMax
Count the number of AppSync in a single account. Note that you can apply all of the same filters that are listed above to aggregate queries:
query { aggregateawsAppSync(filter: { accountId: { eq: "12345" } }) { count # Other fields and connections here... } }
Examples
Find all of the AppSync that are in the us-east-1 region across all your accounts:
query { queryawsAppSync(filter: { region: { eq: "us-east-1" } }) { arn # Other fields and connections here... } }
Kitchen Sink
Putting it all together; get all data for all AppSync across all regions for all scanned AWS accounts in a single query. For the purposes of this example we will only get direct children of the AppSync but if you want to it's easy to go from say, appSync -> lambda -> vpc ...etc:
query{ queryawsAppSync { id accountId arn region name authenticationType logFieldLogLevel logCloudWatchLogsRoleArn logExcludeVerboseContent userPoolId userPoolDefaultAction userPoolAppIdClientRegex openIDConnectIssuer openIDConnectClientId openIDConnectIatTTL openIDConnectAuthTTL xrayEnabled wafWebAclArn lambdaAuthorizerResultTtlInSeconds lambdaAuthorizerUri lambdaAuthorizerIdentityValidationExpression uris { id key value } tags { id key value } additionalAuthenticationProviders { id authenticationType openIDConnectIssuer openIDConnectClientId openIDConnectIatTTL openIDConnectAuthTTL userPoolId userPoolAwsRegion userPoolAppIdClientRegex } apiKeys { id description expires } dataSources { id arn name description type serviceRoleArn dynamodbTableName dynamodbAwsRegion dynamodbUseCallerCredentials dynamodbDeltaSyncBaseTableTTL dynamodbDeltaSyncTableName dynamodbDeltaSyncTableTTL dynamodbVersioned lambdaFunctionArn elasticsearchEndpoint elasticsearchAwsRegion httpEndpoint httpAuthorizationType httpAuthorizationIamSigningRegion httpAuthorizationIamSigningServiceName relationalDatabaseSourceType relationalDatabaseAwsRegion relationalDatabaseClusterIdentifier relationalDatabaseName relationalDatabaseSchema relationalDatabaseAwsSecretStoreArn } functions { id arn name description dataSourceName requestMappingTemplate responseMappingTemplate functionVersion resolvers { id arn typeName fieldName dataSourceName requestMappingTemplate responseMappingTemplate kind pipelineFunctionIds syncConflictHandler syncConflictDetection syncLambdaConflictHandlerArn cachingTTL cachingKeys } } types { id arn name description definition format resolvers { id arn typeName fieldName dataSourceName requestMappingTemplate responseMappingTemplate kind pipelineFunctionIds syncConflictHandler syncConflictDetection syncLambdaConflictHandlerArn cachingTTL cachingKeys } } cognitoUserPool { id accountId arn name policies { id # Other fields and connections here... } lambdaConfig { id # Other fields and connections here... } status lastModifiedDate creationDate schemaAttributes { id # Other fields and connections here... } autoVerifiedAttributes aliasAttributes usernameAttributes smsVerificationMessage emailVerificationMessage emailVerificationSubject verificationMessageTemplateSmsMessage verificationMessageTemplateEmailMessage verificationMessageTemplateEmailSubject verificationMessageTemplateEmailMessageByLink verificationMessageTemplateEmailSubjectByLink verificationMessageTemplateDefaultEmailOption smsAuthenticationMessage mfaConfiguration deviceConfigChallengeRequiredOnNewDevice deviceConfigDeviceOnlyRememberedOnUserPrompt estimatedNumberOfUsers emailConfigSourceArn emailConfigReplyToEmailAddress emailConfigEmailSendingAccount emailConfigFrom emailConfigConfigurationSet smsConfigurationSnsCallerArn smsConfigurationExternalId smsConfigurationFailure emailConfigurationFailure domain customDomain adminCreateUserConfigAllowAdminCreateUserOnly adminCreateUserConfigUnusedAccountValidityDays adminCreateUserConfigInviteMessageTemplateSMSMessage adminCreateUserConfigInviteMessageTemplateEmailMessage adminCreateUserConfigInviteMessageTemplateEmailSubject userPoolAddOnsAdvancedSecurityMode usernameConfigurationCaseSensitive accountRecoverySettings { id # Other fields and connections here... } region tags { id key value } lambda { arn # Other fields and connections here... } } dynamodb { id arn region accountId attributes { id name type } billingModeSummary { billingMode lastUpdateToPayPerRequestDateTime } creationDate globalIndexes { id name arn itemCount keySchema { id attributeName keyType } projection { type nonKeyAttributes } sizeInBytes status backfilling provisionedThroughput { lastIncreaseDateTime lastDecreaseDateTime numberOfDecreasesToday readCapacityUnits writeCapacityUnits } } globalTableVersion itemCount keySchema { id attributeName keyType } latestStreamArn latestStreamLabel localIndexes { name arn itemCount keySchema { id attributeName keyType } projection { type nonKeyAttributes } sizeInBytes } name pointInTimeRecoveryEnabled provisionedThroughput { lastIncreaseDateTime lastDecreaseDateTime numberOfDecreasesToday readCapacityUnits writeCapacityUnits } replicas { id regionName status statusDescription statusPercentProgress kmsMasterKeyId readCapacityUnits globalSecondaryIndexes { name readCapacityUnits } replicaInaccessibleDateTime } restoreSummary { sourceBackupArn sourceTableArn restoreDateTime restoreInProgress } sizeInBytes sseDescription { status sseType kmsMasterKeyArn inaccessibleEncryptionDateTime } tags { id key value } ttlEnabled appSync { arn # Other fields and connections here... } } lambda { id accountId arn description handler kmsKeyArn lastModified memorySize reservedConcurrentExecutions role runtime sourceCodeSize timeout tracingConfig version environmentVariables { id key value } tags { id key value } kms { arn # Other fields and connections here... } securityGroups { arn # Other fields and connections here... } subnet { arn # Other fields and connections here... } vpc { arn # Other fields and connections here... } cognitoUserPool { arn # Other fields and connections here... } } rdsCluster { id accountId arn allocatedStorage backupRetentionPeriod characterSetName databaseName dbClusterIdentifier subnets status percentProgress readerEndpoint multiAZ engine engineVersion port username replicationSourceIdentifier hostedZoneId encrypted kmsKey resourceId iamDbAuthenticationEnabled cloneGroupId createdTime capacity engineMode deletionProtection httpEndpointEnabled copyTagsToSnapshot crossAccountClone tags { id key value } globalWriteForwardingRequested instances { arn # Other fields and connections here... } securityGroups { arn # Other fields and connections here... } } } }
References


