steampipe plugin install awssteampipe plugin install aws

Table: aws_appsync_graphql_api - Query AWS AppSync GraphQL APIs using SQL

AWS AppSync is a fully managed service provided by Amazon Web Services (AWS) that simplifies the development of scalable and secure GraphQL APIs. GraphQL is a query language for APIs that allows clients to request only the data they need, making it more efficient and flexible compared to traditional REST APIs.

Table Usage Guide

The aws_appsync_graphql_api table in Steampipe provides you with information about GraphQL API within AWS Athena. This table allows you, as a data analyst or developer, to GraphQL API specific details, including authentication type, owner of the API, and log configuration details of the API.

Examples

List all merged APIs

A merged GraphQL API typically refers to a GraphQL API that aggregates or combines data from multiple sources into a single, unified GraphQL schema. This approach is often used to create a single, cohesive interface for clients, even when the underlying data comes from different services, databases, or microservices.

select
  name,
  api_id,
  arn,
  api_type,
  authentication_type,
  owner,
  owner_contact
from
  aws_appsync_graphql_api
where
  api_type = 'MERGED';

select
  name,
  api_id,
  arn,
  api_type,
  authentication_type,
  owner,
  owner_contact
from
  aws_appsync_graphql_api
where
  api_type = 'MERGED';

List public APIs of the current account

A public AppSync GraphQL API is accessible over the internet, and clients outside of your AWS account can make requests to it. Public APIs are typically configured with an authentication mechanism to control and secure access. Common authentication methods include API keys and OpenID Connect (OIDC) integration with an identity provider.

select
  name,
  api_id,
  api_type,
  visibility
from
  aws_appsync_graphql_api
where
  visibility = 'GLOBAL'
  and owner = account_id;

select
  name,
  api_id,
  api_type,
  visibility
from
  aws_appsync_graphql_api
where
  visibility = 'GLOBAL'
  and owner = account_id;

Get the log configuration details of APIs

Discover the queries that have the longest execution times to identify potential areas for performance optimization and enhance the efficiency of your AWS Athena operations.

select
  name,
  api_id,
  owner,
  log_config ->> 'CloudWatchLogsRoleArn' as cloud_watch_logs_role_arn,
  log_config ->> 'FieldLogLevel' as field_log_level,
  log_config ->> 'ExcludeVerboseContent' as exclude_verbose_content
from
  aws_appsync_graphql_api;

select
  name,
  api_id,
  owner,
  json_extract(log_config, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn,
  json_extract(log_config, '$.FieldLogLevel') as field_log_level,
  json_extract(log_config, '$.ExcludeVerboseContent') as exclude_verbose_content
from
  aws_appsync_graphql_api;

Control examples

Schema for aws_appsync_graphql_api

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
additional_authentication_providers	jsonb		A list of additional authentication providers for the GraphqlApi API.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
api_id	text	=	The API ID.
api_type	text	=	The value that indicates whether the GraphQL API is a standard API ( GRAPHQL ) or merged API ( MERGED ).
arn	text		The Amazon Resource Name (ARN) of AppSync GraphQL API.
authentication_type	text		The authentication type.
dns	jsonb		The DNS records for the API.
lambda_authorizer_config	jsonb		Configuration for Lambda function authorization.
log_config	jsonb		The Amazon CloudWatch Logs configuration.
merged_api_execution_role_arn	text		The Identity and Access Management service role ARN for a merged API.
name	text		The API name.
open_id_connect_config	jsonb		The OpenID Connect configuration.
owner	text		The account owner of the GraphQL API.
owner_contact	text		The owner contact information for an API resource.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text		The AWS Region in which the resource is located.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
tags	jsonb		A map of tags for the resource.
title	text		Title of the resource.
uris	jsonb		The URIs.
user_pool_config	jsonb		The Amazon Cognito user pool configuration.
visibility	text		Sets the value of the GraphQL API to public ( GLOBAL ) or private ( PRIVATE ).
waf_web_acl_arn	text		The ARN of the WAF access control list (ACL) associated with this GraphqlApi, if one exists.
xray_enabled	boolean		A flag indicating whether to use X-Ray tracing for this GraphqlApi.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_appsync_graphql_api