我的服务需要用户组来授权访问数据.
AppSync文档中的组授权示例基于用户池声明.我正在使用IAM身份验证,因此$ context.identity不包含声明或任何类似信息.
例如,请参阅以下网址中的 "用例:组可以创建新记录"主题:https: //docs.aws.amazon.com/appsync/latest/devguide/security-authorization-use-cases.html
#set($expression = "")
#set($expressionValues = {})
#foreach($group in $context.identity.claims.get("cognito:groups"))
#set( $expression = "${expression} contains(groupsCanAccess, :var$foreach.count )" )
#set( $val = {})
#set( $test = $val.put("S", $group))
#set( $values = $expressionValues.put(":var$foreach.count", $val))
#if ( $foreach.hasNext )
#set( $expression = "${expression} OR" )
#end
#end
{
"version" : "2017-02-28",
"operation" : "PutItem",
"key" : {
## If your table's hash key is not named 'id', update it here. **
"id" : { "S" …