AWS Service Orchestration with GraphQL and Hasura Cloud

  • AWS RDS for Database
  • AWS Cognito for Authentication
  • AWS Lambda for Events and Custom Business Logic

Create a Hasura Cloud Project

Create AWS RDS PostgreSQL

  • Login to the AWS Console.
  • Create a new database with AWS RDS and select PostgreSQL. You can skip this step if you already have an existing database.
  • Allow public access and assign a VPC security group. This ensures that the database can be accessed from the outside world.
  • Configure Hasura Cloud IP in inbound rules. You can fetch the IP details from the project settings of Hasura Cloud dashboard. This is important because, the inbound rule will allow the Hasura Cloud instance to communicate with AWS RDS instance. Of course, if you end up adding the IP as 0.0.0.0/0 the database instance can be accessed by everyone on the internet.
  • The Database URL format postgresql://<user-name>:<password>@<public-ip>:<postgres-port>/<db> can be constructed so that it can be used to connect in the next step. The user name and db will most likely be default values of postgres and the port would be 5432. Primarily the password and the host IP value is the one that gets changed on the AWS dashboard.

Setting up Amazon Cognito

Add Custom JWT Claims for Hasura

  • Navigate to AWS Lambda
  • Create a new function.
  • Copy the following handler code to generate custom claims
exports.handler = (event, context, callback) => { event.response = { "claimsOverrideDetails": { "claimsToAddOrOverride": { "https://hasura.io/jwt/claims": JSON.stringify({ "x-hasura-user-id": event.request.userAttributes.sub, "x-hasura-default-role": "user", // do some custom logic to decide allowed roles "x-hasura-allowed-roles": ["user"], }) } } } callback(null, event) }
  • In Cognito, under Triggers, configure Pre Token Generation handler and select the lamdba function we just created above. This will ensure that the lambda function is triggerred everytime a token generation workflow is happening in the background.
  • Head to App Client Settings and click on Launch Hosted UI. Signup with a user and copy the id_token portion. Note that you will be redirected to the callback URL, likely the localhost URL that was configured earlier and hence you might get an error. But you can ignore the UI and focus on the URL parameters to extract just the id_token value.
  • Test the JWT in the debugger of jwt.io. Paste the id_token here to inspect the payload and verify the signature.

Configure Hasura Cloud ENV

{ "type":"RS256", "jwk_url": "https://cognito-idp.<aws-region>.amazonaws.com/<user-pool-id>/.well-known/jwks.json", "claims_format": "stringified_json" }

Create permissions for the role user

Set up Lambda for Hasura Events

  • Create a simple function on Lambda.
  • Add a route on API Gateway to expose the function outside.
  • Add the endpoint to Hasura events to test an Event Trigger on a database table.

--

--

--

⚡️ Instant realtime GraphQL APIs! Connect Hasura to your database & data sources (GraphQL, REST & 3rd party API) and get a unified data access layer instantly.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hasura

Hasura

⚡️ Instant realtime GraphQL APIs! Connect Hasura to your database & data sources (GraphQL, REST & 3rd party API) and get a unified data access layer instantly.

More from Medium

Serverless Architecture

AWS AppSync: Rate and Max Depth Limiting 🔏

Introducing Serverless Cloud

Getting the most of Microservices design with AWS lambda infrastructure.