I want to create an AWS Amplify application using the following services:
amplify add auth: AWS Cognito
amplify add api: GraphQL (AWS AppSync)
But I don't want to use DynamoDB but Amazon Aurora.
How can I do that?
I don't want use REST API but GraphQL with AWS AppSync.
Why?
Answers: Because with Appsync I can use the Subscription and I would like to use Queries like that:
type Post #model #auth(rules: [{ allow: owner }]) {
id: ID!
title: String!
}
(It's very easy the manage the permission and allow request for logged user only).
Is it possible? If yes, how can I do that?
Best Regards
It's fully documented here:
https://docs.aws.amazon.com/appsync/latest/devguide/tutorial-rds-resolvers.html
You must ensure you enable the data API for your Aurora Serverless. Also be aware of the cost implications when moving from DynamoDB to Aurora.
Related
My understanding is that when creating objects annotated with #model in GraphQL API, DynamoDB table is created and configured automatically. How to access this table? I cannot see it in the DynamoDB console.
They should be there. Make sure you are in the same region as your Amplify application. So for example, if you provisioned your Amplify app in us-east-2, your DynamoDB tables will also be in us-east-2.
Scenario: I have a firestore document(document 1) in Database(DATABASE 1) that is publicly readable i.e I can make a REST GET call unauthenticated and get the data.
I have another firestore Database(DATABASE 2), in which i want to clone
data of document 1 and save it to DATABASE 2 document.
Question: How can i retrieve the DATABASE 1 document 1 data from DATABASE 2 Admin SDK ?
Motivation: REST response requires parsing, i am hoping to make Firebase lib SDK call that doesnt requires any parsing.
FEW NOTES:
I don't want to expose DATABASE 2 Service Account Creds to DATABASE 1 Admin.
Wondering if its possible to create secondary instance of firebase Admin using DATABASE 1 project-id and/or url without exposing and creds.
This is definitely possible, but you are going to need to expose credentials for a service account in the second project in order to use the admin sdk for that. If this is possible in your case, all you have to do is instantiate the project with a firebaseOptions referencing to a different project, as you can see in this documentation:
const secondaryServiceAccount = require('./path/to/serviceAccountKey.json');
const secondaryAppConfig = {
credential: admin.credential.cert(secondaryServiceAccount),
projectId: "YOUR_SECOND_PROJECT_ID"
};
const secondary = admin.initializeApp(secondaryAppConfig, 'secondary');
and access whatever services you need by using the secondary variable, eg. to access the second Firestore project use secondary.firestore().
As mentioned by Frank in the comments an alternative to this is to use the regular Firestore SDK, you can find more information in this documentation, the process is quite similar.
I need to create Firebase projects, get the Admin SDK private keys, and add resources programmatically.
I can create projects with CLI - firebase projects:create. But after that to use Admin SDK or REST API to add resources to the project, I need to get Admin SDK private key.
My plan is web scraping with direct HTTP requests. I know Fastlane use same logic to control Apple Developer Portal UI and fetch data from it programmatically.
First, I need to go: https://console.firebase.google.com/project/<project_id>/settings/serviceaccounts/adminsdk with required cookies, headers etc.
Then, I should mimic the Generate new Private Key button below and get the private key.
But I have never used this method, especially with a web page that contaions sessions, cookies etc. And, I want to build it as a microservice and deploy to a server. So, I believe 2FA might be a problem.
My questions:
Is there any more cost-effective way to get Admin SDK? Maybe, I am missing some feature in Firebase resources.
Can I mimic this button's behaviour without using any front-end scraping? Is there any precautions in Firebase servers to prevent this kind of solution.
If I do it in this way and deploy to a server, would 2FA be a problem? Can microservice work with 1-month valid sessions? Or, would it asks 2FA all the time that it works? (I have never used headless browsers etc. I just some basic web-scraping experience with Selenium.)
It looks like scraping is not necessary, gcloud CLI do the job. If you want to create Firebase projects and get service accounts programmatically do the steps below:
Create with firebase CLI: firebase projects:create --display-name "<project-name>" <project-id> (Or, probably you can create with gcloud CLI as well)
Change active project in gcloud CLI with gcloud config set project <project-id>
gcloud iam service-accounts list and store the EMAIL here. (There is just automatically created service account here, no private key created.)
Create and store the private key: gcloud iam service-accounts keys create key.json --iam-account= <EMAIL-you-stored>
During amplify init there is a question:
"Do you want to use AWS profile"
What is "AWS profile in this context"? When should i choose yes, and when no? What is the decision impact on the project?
After installation of AWS CLI, you can configure your CLI using aws configure command. You provide access key, secret access key and default region. Once you are done with this it creates a default profile for your CLI. All your aws commands use credentials from this default profile. Your amplify init command refers to this profile.
You can have multiple AWS profiles for your CLI to use.
Coming to your question.
1) If your aws default profile is configured for the same account where you want your amplify project to deploy you can say yes to that question.
2) If you are not sure what is there in your default profile you can opt for no and provide access key, secret key and other information by own.
Hope this will clear your doubt.
Is there any way to fetch Subscription Keys for Microsoft Cognitive Services APIs through API call/CURL/HTTP request? Currently I have to hard code the keys in my Application to use the services.
Yes, you can do this. See the List Keys API at https://learn.microsoft.com/en-us/rest/api/cognitiveservices/cognitiveservicesaccounts#CognitiveServicesAccounts_ListKeys.
POST
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.CognitiveServices/accounts/{accountName}/listKeys?api-version=2016-02-01-preview
Which returns JSON:
{ "key1": "xxxx", "key2": "xxxxx" }
You can also do this via Powershell using Get-AzureRmCognitiveServicesAccountKey
Both of these methods require you to authenticate with the Azure REST API which you can read more about at https://learn.microsoft.com/en-us/rest/api/.