I am facing an authorization issue with AWS AppSync when querying data that should be accessible by the logged-in user. Despite being logged in with a valid user who owns the data, AppSync returns an "Unauthorized" error when I attempt to query the user's data.
Error Message:
{
"data": {
"getXXXXXXUserAccount": null
},
"errors": [
{
"path": [
"getXXXXXXUserAccount"
],
"data": null,
"errorType": "Unauthorized",
"errorInfo": null,
"locations": [
{
"line": 2,
"column": 3,
"sourceName": null
}
],
"message": "Not Authorized to access getXXXXXXUserAccount on type Query"
}
]
}
GraphQL Query:
query MyQuery {
getXXXXXXUserAccount(id: "c13cdc53-8a2b-4d05-8ede-5fc66a8ac4e3") {
id
}
}
AWS Amplify AppSync Schema:
type XXXXXXUserAccount @model @auth(rules: [{ allow: owner, operations: [create, read, update, delete] }]) {
...
}
I've checked the IAM auth policy for the project, and it looks like everything is there:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "appsync:GraphQL",
"Resource": [
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/XXXXXXXXXXXXXContactForm/*",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Query/fields/getXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Query/fields/listXXXXXXXXXXXXXContactForms",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Mutation/fields/createXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Mutation/fields/updateXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Mutation/fields/deleteXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Subscription/fields/onCreateXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Subscription/fields/onUpdateXXXXXXXXXXXXXContactForm",
"arn:aws:appsync:XXXXXXXXXXX:apis/XXXXXXXXXXXXXXXXX/types/Subscription/fields/onDeleteXXXXXXXXXXXXXContactForm"
],
"Effect": "Allow"
}
]
}```
