< Back to the main page

August 20, 2023

Finally, AppSync added support to using the JavaScript runtime in unit resolvers so I could remove all the notes saying that it's not supported. I'm still undecided whether I should refactor the existing examples where a 1-step pipeline was needed because of lack of support for JavaScript. On one hand, a unit resolver is smaller: only a single resource, instead of 2. On the other hand, adding a pipeline does not make the code harder to read as the resolver function works like a unit resolver.

Moreover, I realized that the file handling example code did not deploy. I fixed the deployment, made some tweaks to it, and also fixed a client-side error.

July 27, 2023

The URL of the book changed to be on the www subdomain. This is to make the infrastructure a bit simpler, after spending countless hours fighting with various limitations on the domain apex. Currently, the domain is registered on Cloudflare but I wanted to move the authoritative name server to Route 53. Well, it turned out that it is not possible in the free tier, but there are no restrictions on subdomains. Browsers generally don't show the www part, so the perceived URL will be the same.

There is a page rule that automatically redirects to the new subdomain, and everything works as before. You'll need to enter your license key again (sorry about that!), but otherwise there are no changes in functionality.

Content-wise, there are some minor refactoring here and there, but nothing significant.

June 15, 2023

I recently witnessed a security incident where the Cognito JWT tokens appeared in the logs for a Lambda function. After some investigation, the root cause was uncovered: an AppSync API called the Lambda with the full resolver context and for debugging the function logged the event object.

This was surprising to me. With full resolver logging AppSync outputs the context but that does not contain any sensitive values. What happens is that from its own logs AppSync removes the HTTP request property but it is still available to the resolvers. As a result, anything that logs the full context object exposes the authorization header.

Read more in the Request property chapter.

May 30, 2023

I'm happy to announce that the book has now reached 1.0!

This means it is content complete and contains everything I wanted to include in it. It does not mean it can not be extended, but I don't plan to include any major topics that is not already included. It is more than 650 pages long (the PDF version) and includes 25 downloadable code repositories.

It was a long ride. The first commit dates back to Dec 1, 2021, which means I've been working on it on and off for 18 months. There were some major rewrites, the most notable when AppSync started supporting Javascript resolvers. That single feature warranted an almost complete rework of one third of the existing content.

In the end, I included more then I initially planned. I wanted to focus exclusively on the backend, i.e. how to write and deploy an AppSync API and keep the client-side out-of-scope. Then at some point I realized that there are unique challenges on the API consumer side that are important enough to include in the book.

And what about the future? I'll keep the contents up-to-date whenever something worthwile is coming, though I don't expect that AppSync gets big new features in the near future, more like small and niche updates.

A list of new and updated chapters from the changelog:

  • Example application chapter where we build a basic social network with real-time updates from the ground up
  • Motivation chapter that shows a few advantages of GraphQL and AppSync
  • The pipeline early return chapter now includes examples to return from the middle of the pipeline

April 28, 2023

The book is now updated with several new chapters, and you can access the content right now on the webpage and you can download the PDF and Epub versions from there as well.

There are a lot of new topics covered, even a few extra that I originally did not want to include but then realized they are too important to skip, such as the client-side chapters.

The current version covers all chapters I wanted to include in the book, the only missing thing is a bigger example application with a step-by-step walkthrough on how to write a realistic AppSync app from the ground up. When that's ready, I'll call the book content complete :)

A list of new and updated chapters from the changelog:

  • Batching calls to a Lambda data source chapter
  • Access control implementation chapter
  • Invalidating subscriptions chapter
  • Client-side usage chapters with pagination and different subscription examples
  • Downloads and uploads with signed URLs chapters
  • IaC chapters with Terraform and the CDK

February 22, 2023

I've just pushed the biggest update to date to the book, and you can access the content right now on the webpage and you can download the PDF and Epub versions from there as well.

AppSync added support to Javascript resolvers a few months ago and I realized it's a huge improvement on the best practices for AppSync development. Originally, only VTL was available and it was terrible. Most of the programming errors and complications were due to using a templating language to generate JSON.

Then Javascript became an option and I started thinking if it could replace VTL entirely. As it turns out, while they are not equivalent, the new runtime is sufficient to handle almost everything. As I believe anybody who is learning AppSync should concentrate only on the Javascript runtime, I removed VTL and rewrote all examples and instructions in JS. This affected around 1/3 of the book.

The new runtime is slowly getting features to bridge the gap between JS and VTL and I'm monitoring the tickets closely. I'll rewrite the workarounds presented in the book when they will no longer be necessary. But even in its current state using Javascript makes development much easier and familiar.

From the changelog:

  • Rewrote most chapters to teach the Javascript-based resolvers instead of the legacy VTL
  • Added more than 15 new deploy-to-try code repositories for various chapters

November 17, 2022

I've just pushed an update to the book with new chapters, and you can download the updated book right now.

This is one of the bigger updates with a ton of new content.

October 11, 2022

There are new chapters, and you can download the updated book right now.

What's changed?

And please let me know if you have any issues with accessing the website, the PDF, or the Epub. The whole system is still new and there might be rough edges.

September 16, 2022

I've just pushed the biggest update to the book :) There are some new chapters (see the end of this post) but most importantly this changes how you can access the book.

(1) Gumroad now generates a license key for you. Find it in the Library/Product's download page, on this link, or send me a mail and I'll help figuring it out.

(2) Then go here: https://www.graphql-on-aws-appsync-book.com/_members/ and enter the key. Congratulations, you now have full access to the web version and you can download the PDF and the Epub from there.

Why the change?

The book is now more than 250 pages long and I realized that a PDF or even an Epub is not the best format. I found myself using it as a reference in a browser tab more and more, and that is super convenient. So with this change I'm promoting the web version as a first-class format.

Of course, you can still download the PDF and the Epub from the website if you prefer those.

And what's new in the contents?

  • HTTP data source chapter on how to integrate AppSync with third-party and AWS services
  • A detailed discussion about using RDS as a database
  • The None data source and in which cases it's useful

I hope you find these changes useful, and please let me know if you have any problems accessing the contents! It's a big change under the hood, so there might be edge cases.

July 14, 2022

There are new chapters, and you can download the updated book right now.

What's changed?

  • A changelog chapter is now tracking changes to the book
  • Data sources chapter on how AppSync interfaces with the world
  • Lambda data source chapter with details how to use Lambda functions with AppSync
  • DynamoDB data source chapter with a lot of details on how to use DynamoDB with GraphQL
  • DynamoDB data modeling chapter that shows how to structure data for efficient queries

April 9, 2022

There are new chapters, and you can download the updated book right now.

What's changed?

  • Logging and monitoring chapter, where you'll learn all about what metrics AppSync publishes and what log levels are available
  • Custom domain chapter, that shows how to configure your own domain
  • WAF chapter with details how to add a firewall to AppSync and configure rate limiting and geo-, and IP-based filtering.

March 3, 2022

There are new chapters, and you can download the updated book right now.

What's changed?

  • There are example codes for the schema (Putting it together) and queries (Example) that shows some real-life use cases of the various parts of GraphQL.
  • There is a brand new chapter on GraphQL security under the "Access control" title. This is a deep dive on how to implement restrictions on any GraphQL API.
  • Starting with AppSync, the first chapter available is about the Authorization providers. You can learn how to integrate Cognito, OpenID connect, and IAM with AppSync, as well as how to configure a Lambda function to do the authorization.