[{"data":1,"prerenderedAt":73},["ShallowReactive",2],{"pattern-eventbridge-api-appsync-cdk":3},{"id":4,"title":5,"architectureURL":6,"cleanup":7,"contributors":11,"deploy":13,"description":16,"extension":17,"framework":18,"gitHub":19,"highlight":6,"introBox":28,"language":35,"level":36,"meta":37,"patternArch":38,"resources":57,"s3URL":6,"services":66,"stem":67,"testing":68,"videoId":27,"__hash__":72},"patterns\u002Fpatterns\u002Feventbridge-api-appsync-cdk.json","Amazon EventBridge to AWS AppSync with OAuth",null,{"headline":8,"text":9},"Cleanup",[10],"To delete the stack, run: \u003Ccode>cdk destroy\u003C\u002Fcode>.",[12],"content\u002Fcontributors\u002Fjosh-kahn.json",{"text":14},[15],"cdk deploy --parameters authDomainName=\u003Cyour_domain_name>","EventBridge API Destination to AWS AppSync GraphQL API with OAuth authorization.","json","AWS CDK",{"template":20,"payloads":25},{"projectFolder":21,"repoURL":22,"templateURL":23,"templateFile":24},"cdk-eventbridge-appsync-oauth","https:\u002F\u002Fgithub.com\u002Faws-samples\u002Fserverless-patterns\u002Ftree\u002Fmain\u002Fcdk-eventbridge-appsync-oauth","serverless-patterns\u002Fcdk-eventbridge-appsync-oauth","cdk\u002Flib\u002Fmain.ts",[26],{"headline":27,"payloadURL":27},"",{"headline":29,"text":30},"How it works",[31,32,33,34],"In this pattern, AWS AppSync is configured with a a schema to manage and read todos. The pattern uses an event bridge bus and an EventBridge API destination to trigger the AppSync GraphQL updateTodo mutation when an event that matches the defined rule is received. The AppSync Lambda Authorizer is used as the mode of authorization to verify the provided access token.","This pattern demonstrates configuring the EventBridge API Destination OAuth authorization type. Although this pattern uses Amazon Cognito as the OIDC provider, other providers can be used in a similar capacity. AWS AppSync also offers a built-in OIDC authorizer, this pattern uses the Lambda Authorizer to demonstrate added flexibility.","EventBridge API Destinations uses AWS Secrets Manager to manage client secrets. The cost of storing the secret is included in the pricing for API destinations.","EventBridge caches the JWT access token returned by the API Destination authorization endpoint. The authorization endpoint must return a 401 or 403 HTTP response for EventBridge to renew the access token. This can be seen in the Lambda Authorizer included in this pattern. Your authorization endpoint must return the proper unauthorized error code for the access token to be refreshed.","TypeScript","200",{},{"icon1":39,"icon2":44,"icon3":47,"line1":51,"line2":54},{"x":40,"y":41,"service":42,"label":43},20,50,"eventbridge","EventBridge",{"x":41,"y":41,"service":45,"label":46},"appsync","AWS AppSync",{"x":48,"y":41,"service":49,"label":50},80,"lambda","AWS Lambda",{"from":52,"to":53,"label":27},"icon1","icon2",{"from":53,"to":55,"label":56},"icon3","Authorizer",{"headline":58,"bullets":59},"Additional resources",[60,63],{"text":61,"link":62},"HTTP Resolvers","https:\u002F\u002Fdocs.aws.amazon.com\u002Fappsync\u002Flatest\u002Fdevguide\u002Ftutorial-http-resolvers.html",{"text":64,"link":65},"Integrating Amazon EventBridge into your serverless applications","https:\u002F\u002Faws.amazon.com\u002Fblogs\u002Fcompute\u002Fintegrating-amazon-eventbridge-into-your-serverless-applications\u002F",{"from":42,"to":45},"patterns\u002Feventbridge-api-appsync-cdk",{"headline":69,"text":70},"Testing",[71],"See the GitHub repo for detailed testing instructions.","F-m3JuF8VQjyjVaxARoRd0FfP7Pcgx4EYHQuaJ4DNAs",1779273334996]