aws-amplify · stocaaro · Dec 4, 2024 · Nov 15, 2024 · Nov 15, 2024 · Nov 15, 2024
@@ -0,0 +1,7 @@
+---
+'@aws-amplify/backend': minor
+'@aws-amplify/backend-function': minor
+'@aws-amplify/backend-data': patch
+---
+
+Add lambda data client
@@ -19,7 +19,7 @@
   },
   "license": "Apache-2.0",
   "devDependencies": {
-    "@aws-amplify/data-schema": "^1.0.0",
+    "@aws-amplify/data-schema": "^1.13.4",
     "@aws-amplify/backend-platform-test-stubs": "^0.3.6",
     "@aws-amplify/platform-core": "^1.2.0"
   },
@@ -31,7 +31,8 @@
     "@aws-amplify/backend-output-storage": "^1.1.3",
     "@aws-amplify/backend-output-schemas": "^1.4.0",
     "@aws-amplify/data-construct": "^1.10.1",
-    "@aws-amplify/plugin-types": "^1.4.0",
-    "@aws-amplify/data-schema-types": "^1.2.0"
+    "@aws-amplify/data-schema-types": "^1.2.0",
+    "@aws-amplify/graphql-generator": "^0.5.1",
+    "@aws-amplify/plugin-types": "^1.4.0"
   }
 }
@@ -14,7 +14,10 @@ export class AppSyncPolicyGenerator {
   /**
    * Initialize with the GraphqlAPI that the policies will be scoped to
    */
-  constructor(private readonly graphqlApi: IGraphqlApi) {
+  constructor(
+    private readonly graphqlApi: IGraphqlApi,
+    private readonly modelIntrospectionSchemaArn?: string
+  ) {
     this.stack = Stack.of(graphqlApi);
   }
   /**
@@ -29,13 +32,25 @@ export class AppSyncPolicyGenerator {
       .map((action) => actionToTypeMap[action])
       // convert Type to resourceName
       .map((type) => [this.graphqlApi.arn, 'types', type, '*'].join('/'));
-    return new Policy(this.stack, `${this.policyPrefix}${this.policyCount++}`, {
-      statements: [
+
+    const statements = [
+      new PolicyStatement({
+        actions: ['appsync:GraphQL'],
+        resources,
+      }),
+    ];
+
+    if (this.modelIntrospectionSchemaArn) {
+      statements.push(
         new PolicyStatement({
-          actions: ['appsync:GraphQL'],
-          resources,
-        }),
-      ],
+          actions: ['s3:GetObject'],
+          resources: [this.modelIntrospectionSchemaArn],
+        })
+      );
+    }
+
+    return new Policy(this.stack, `${this.policyPrefix}${this.policyCount++}`, {
+      statements,
     });
   }
 }

@@ -85,7 +85,6 @@ const createConstructContainerWithUserPoolAuthRegistered = (
         authenticatedUserIamRole: new Role(stack, 'testAuthRole', {
           assumedBy: new ServicePrincipal('test.amazon.com'),
         }),
-        identityPoolId: 'identityPoolId',
         cfnResources: {
           cfnUserPool: new CfnUserPool(stack, 'CfnUserPool', {}),
           cfnUserPoolClient: new CfnUserPoolClient(stack, 'CfnUserPoolClient', {
@@ -101,6 +100,7 @@ const createConstructContainerWithUserPoolAuthRegistered = (
           ),
         },
         groups: {},
+        identityPoolId: 'identityPool',
       },
     }),
   });
@@ -567,6 +567,23 @@ void describe('DataFactory', () => {
                 },
               ],
             },
+            {
+              Action: 's3:GetObject',
+              Resource: {
+                'Fn::Join': [
+                  '',
+                  [
+                    {
+                      'Fn::GetAtt': [
+                        'modelIntrospectionSchemaBucketF566B665',
+                        'Arn',
+                      ],
+                    },
+                    '/modelIntrospectionSchema.json',
+                  ],
+                ],
+              },
+            },
           ],
         },
         Roles: [
@@ -675,6 +692,23 @@ void describe('DataFactory', () => {
                 ],
               },
             },
+            {
+              Action: 's3:GetObject',
+              Resource: {
+                'Fn::Join': [
+                  '',
+                  [
+                    {
+                      'Fn::GetAtt': [
+                        'modelIntrospectionSchemaBucketF566B665',
+                        'Arn',
+                      ],
+                    },
+                    '/modelIntrospectionSchema.json',
+                  ],
+                ],
+              },
+            },
           ],
         },
         Roles: [
@@ -701,6 +735,23 @@ void describe('DataFactory', () => {
                 ],
               },
             },
+            {
+              Action: 's3:GetObject',
+              Resource: {
+                'Fn::Join': [
+                  '',
+                  [
+                    {
+                      'Fn::GetAtt': [
+                        'modelIntrospectionSchemaBucketF566B665',
+                        'Arn',
+                      ],
+                    },
+                    '/modelIntrospectionSchema.json',
+                  ],
+                ],
+              },
+            },
           ],
         },
         Roles: [

@@ -18,6 +18,7 @@ import {
   TranslationBehavior,
 } from '@aws-amplify/data-construct';
 import { GraphqlOutput } from '@aws-amplify/backend-output-schemas';
+import { generateModelsSync } from '@aws-amplify/graphql-generator';
 import * as path from 'path';
 import { AmplifyDataError, DataProps } from './types.js';
 import {
@@ -47,6 +48,10 @@ import {
   FunctionSchemaAccess,
   JsResolver,
 } from '@aws-amplify/data-schema-types';
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+import { BucketDeployment, Source } from 'aws-cdk-lib/aws-s3-deployment';
+
+const modelIntrospectionSchemaKey = 'modelIntrospectionSchema.json';
 
 /**
  * Singleton factory for AmplifyGraphqlApi constructs that can be used in Amplify project files.
@@ -233,14 +238,21 @@ class DataGenerator implements ConstructContainerEntryGenerator {
       ...schemasLambdaFunctions,
     });
     let amplifyApi = undefined;
+    let modelIntrospectionSchema: string | undefined = undefined;
 
     const isSandboxDeployment =
       scope.node.tryGetContext(CDKContextKey.DEPLOYMENT_TYPE) === 'sandbox';
 
     try {
+      const combinedSchema = combineCDKSchemas(amplifyGraphqlDefinitions);
+      modelIntrospectionSchema = generateModelsSync({
+        schema: combinedSchema.schema,
+        target: 'introspection',
+      })['model-introspection.json'];
+
       amplifyApi = new AmplifyData(scope, this.name, {
         apiName: this.name,
-        definition: combineCDKSchemas(amplifyGraphqlDefinitions),
+        definition: combinedSchema,
         authorizationModes,
         outputStorageStrategy: this.outputStorageStrategy,
         functionNameMap,
@@ -265,6 +277,20 @@ class DataGenerator implements ConstructContainerEntryGenerator {
       );
     }
 
+    const modelIntrospectionSchemaBucket = new Bucket(
+      scope,
+      'modelIntrospectionSchemaBucket',
+      { enforceSSL: true }
+    );
+    new BucketDeployment(scope, 'modelIntrospectionSchemaBucketDeployment', {
+      // See https://github.com/aws-amplify/amplify-category-api/pull/1939
+      memoryLimit: 1536,
+      destinationBucket: modelIntrospectionSchemaBucket,
+      sources: [
+        Source.data(modelIntrospectionSchemaKey, modelIntrospectionSchema),
+      ],
+    });
+
     Tags.of(amplifyApi).add(TagName.FRIENDLY_NAME, this.name);
 
     /**;
@@ -281,10 +307,15 @@ class DataGenerator implements ConstructContainerEntryGenerator {
       ssmEnvironmentEntriesGenerator.generateSsmEnvironmentEntries({
         [`${this.name}_GRAPHQL_ENDPOINT`]:
           amplifyApi.resources.cfnResources.cfnGraphqlApi.attrGraphQlUrl,
+        [`${this.name}_MODEL_INTROSPECTION_SCHEMA_BUCKET_NAME`]:
+          modelIntrospectionSchemaBucket.bucketName,
+        [`${this.name}_MODEL_INTROSPECTION_SCHEMA_KEY`]:
+          modelIntrospectionSchemaKey,
       });
 
     const policyGenerator = new AppSyncPolicyGenerator(
-      amplifyApi.resources.graphqlApi
+      amplifyApi.resources.graphqlApi,
+      `${modelIntrospectionSchemaBucket.bucketArn}/${modelIntrospectionSchemaKey}`
     );
 
     schemasFunctionSchemaAccess.forEach((accessDefinition) => {

@@ -10,8 +10,23 @@ import { ConstructFactory } from '@aws-amplify/plugin-types';
 import { FunctionResources } from '@aws-amplify/plugin-types';
 import { ResourceAccessAcceptorFactory } from '@aws-amplify/plugin-types';
 import { ResourceProvider } from '@aws-amplify/plugin-types';
+import { S3Client } from '@aws-sdk/client-s3';
 import { StackProvider } from '@aws-amplify/plugin-types';
 
+declare namespace __export__runtime {
+    export {
+        getAmplifyDataClientConfig,
+        DataClientConfig,
+        DataClientEnv,
+        DataClientError,
+        DataClientReturn,
+        InvalidConfig,
+        LibraryOptions,
+        ResourceConfig
+    }
+}
+export { __export__runtime }
+
 // @public (undocumented)
 export type AddEnvironmentFactory = {
     addEnvironment: (key: string, value: string | BackendSecret) => void;
@@ -20,6 +35,32 @@ export type AddEnvironmentFactory = {
 // @public (undocumented)
 export type CronSchedule = `${string} ${string} ${string} ${string} ${string}` | `${string} ${string} ${string} ${string} ${string} ${string}`;
 
+// @public (undocumented)
+type DataClientConfig = {
+    resourceConfig: ResourceConfig;
+    libraryOptions: LibraryOptions;
+};
+
+// @public (undocumented)
+type DataClientEnv = {
+    AMPLIFY_DATA_GRAPHQL_ENDPOINT: string;
+    AMPLIFY_DATA_MODEL_INTROSPECTION_SCHEMA_BUCKET_NAME: string;
+    AMPLIFY_DATA_MODEL_INTROSPECTION_SCHEMA_KEY: string;
+    AWS_ACCESS_KEY_ID: string;
+    AWS_SECRET_ACCESS_KEY: string;
+    AWS_SESSION_TOKEN: string;
+    AWS_REGION: string;
+};
+
+// @public (undocumented)
+type DataClientError = {
+    resourceConfig: InvalidConfig;
+    libraryOptions: InvalidConfig;
+};
+
+// @public (undocumented)
+type DataClientReturn<T> = T extends DataClientEnv ? DataClientConfig : DataClientError;
+
 // @public
 export const defineFunction: (props?: FunctionProps) => ConstructFactory<ResourceProvider<FunctionResources> & ResourceAccessAcceptorFactory & AddEnvironmentFactory & StackProvider>;
 
@@ -45,9 +86,45 @@ export type FunctionProps = {
 // @public (undocumented)
 export type FunctionSchedule = TimeInterval | CronSchedule;
 
+// @public
+const getAmplifyDataClientConfig: <T>(env: T, s3Client?: S3Client) => Promise<DataClientReturn<T>>;
+
+// @public (undocumented)
+type InvalidConfig = unknown & {
+    invalidType: 'This function needs to be granted `authorization((allow) => [allow.resource(fcn)])` on the data schema.';
+};
+
+// @public (undocumented)
+type LibraryOptions = {
+    Auth: {
+        credentialsProvider: {
+            getCredentialsAndIdentityId: () => Promise<{
+                credentials: {
+                    accessKeyId: string;
+                    secretAccessKey: string;
+                    sessionToken: string;
+                };
+            }>;
+            clearCredentialsAndIdentityId: () => void;
+        };
+    };
+};
+
 // @public (undocumented)
 export type NodeVersion = 16 | 18 | 20;
 
+// @public (undocumented)
+type ResourceConfig = {
+    API: {
+        GraphQL: {
+            endpoint: string;
+            region: string;
+            defaultAuthMode: 'iam';
+            modelIntrospection: any;
+        };
+    };
+};
+
 // @public (undocumented)
 export type TimeInterval = `every ${number}m` | `every ${number}h` | `every day` | `every week` | `every month` | `every year`;
 

@@ -1,3 +1,4 @@
 {
-  "extends": "../../api-extractor.base.json"
+  "extends": "../../api-extractor.base.json",
+  "mainEntryPointFilePath": "<projectFolder>/lib/index.internal.d.ts"
 }
@@ -10,6 +10,11 @@
       "types": "./lib/index.d.ts",
       "import": "./lib/index.js",
       "require": "./lib/index.js"
+    },
+    "./runtime": {
+      "types": "./lib/runtime/index.d.ts",
+      "import": "./lib/runtime/index.js",
+      "require": "./lib/runtime/index.js"
     }
   },
   "main": "lib/index.js",
@@ -22,11 +27,13 @@
     "@aws-amplify/backend-output-schemas": "^1.4.0",
     "@aws-amplify/backend-output-storage": "^1.1.3",
     "@aws-amplify/plugin-types": "^1.4.0",
+    "@aws-sdk/client-s3": "^3.624.0",
     "execa": "^8.0.1"
   },
   "devDependencies": {
     "@aws-amplify/backend-platform-test-stubs": "^0.3.6",
     "@aws-amplify/platform-core": "^1.1.0",
+    "@aws-sdk/client-s3": "^3.624.0",
     "@aws-sdk/client-ssm": "^3.624.0",
     "aws-sdk": "^2.1550.0",
     "uuid": "^9.0.1"

@@ -66,7 +66,6 @@ void describe('FunctionEnvironmentTypeGenerator', () => {
   });
 
   void it('generated type definition file has valid syntax', async () => {
-    const targetDirectory = await fsp.mkdtemp('func_env_type_gen_test');
     const functionEnvironmentTypeGenerator =
       new FunctionEnvironmentTypeGenerator('testFunction');
     const filePath = `${process.cwd()}/.amplify/generated/env/testFunction.ts`;
@@ -75,8 +74,6 @@ void describe('FunctionEnvironmentTypeGenerator', () => {
 
     // import to validate syntax of type definition file
     await import(pathToFileURL(filePath).toString());
-
-    await fsp.rm(targetDirectory, { recursive: true, force: true });
   });
 
   void it('does not generate duplicate environment variables', () => {