Table: aws_appsync_graphql_api - Query AWS AppSync GraphQL APIs using SQL
AWS AppSync is a fully managed service provided by Amazon Web Services (AWS) that simplifies the development of scalable and secure GraphQL APIs. GraphQL is a query language for APIs that allows clients to request only the data they need, making it more efficient and flexible compared to traditional REST APIs.
Table Usage Guide
The aws_appsync_graphql_api
table in Steampipe provides you with information about GraphQL API within AWS Athena. This table allows you, as a data analyst or developer, to GraphQL API specific details, including authentication type, owner of the API, and log configuration details of the API.
Examples
List all merged APIs
A merged GraphQL API typically refers to a GraphQL API that aggregates or combines data from multiple sources into a single, unified GraphQL schema. This approach is often used to create a single, cohesive interface for clients, even when the underlying data comes from different services, databases, or microservices.
select name, api_id, arn, api_type, authentication_type, owner, owner_contactfrom aws_appsync_graphql_apiwhere api_type = 'MERGED';
select name, api_id, arn, api_type, authentication_type, owner, owner_contactfrom aws_appsync_graphql_apiwhere api_type = 'MERGED';
List public APIs of the current account
A public AppSync GraphQL API is accessible over the internet, and clients outside of your AWS account can make requests to it. Public APIs are typically configured with an authentication mechanism to control and secure access. Common authentication methods include API keys and OpenID Connect (OIDC) integration with an identity provider.
select name, api_id, api_type, visibilityfrom aws_appsync_graphql_apiwhere visibility = 'GLOBAL' and owner = account_id;
select name, api_id, api_type, visibilityfrom aws_appsync_graphql_apiwhere visibility = 'GLOBAL' and owner = account_id;
Get the log configuration details of APIs
Discover the queries that have the longest execution times to identify potential areas for performance optimization and enhance the efficiency of your AWS Athena operations.
select name, api_id, owner, log_config ->> 'CloudWatchLogsRoleArn' as cloud_watch_logs_role_arn, log_config ->> 'FieldLogLevel' as field_log_level, log_config ->> 'ExcludeVerboseContent' as exclude_verbose_contentfrom aws_appsync_graphql_api;
select name, api_id, owner, json_extract(log_config, '$.CloudWatchLogsRoleArn') as cloud_watch_logs_role_arn, json_extract(log_config, '$.FieldLogLevel') as field_log_level, json_extract(log_config, '$.ExcludeVerboseContent') as exclude_verbose_contentfrom aws_appsync_graphql_api;
Schema for aws_appsync_graphql_api
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
additional_authentication_providers | jsonb | A list of additional authentication providers for the GraphqlApi API. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
api_id | text | = | The API ID. |
api_type | text | = | The value that indicates whether the GraphQL API is a standard API ( GRAPHQL ) or merged API ( MERGED ). |
arn | text | The Amazon Resource Name (ARN) of AppSync GraphQL API. | |
authentication_type | text | The authentication type. | |
dns | jsonb | The DNS records for the API. | |
enhanced_metrics_config | jsonb | The enhancedMetricsConfig object. | |
introspection_config | jsonb | Sets the value of the GraphQL API to enable ( ENABLED ) or disable ( DISABLED ) introspection. If no value is provided, the introspection configuration will be set to ENABLED by default. | |
lambda_authorizer_config | jsonb | Configuration for Lambda function authorization. | |
log_config | jsonb | The Amazon CloudWatch Logs configuration. | |
merged_api_execution_role_arn | text | The Identity and Access Management service role ARN for a merged API. | |
name | text | The API name. | |
open_id_connect_config | jsonb | The OpenID Connect configuration. | |
owner | text | The account owner of the GraphQL API. | |
owner_contact | text | The owner contact information for an API resource. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
query_depth_limit | bigint | The maximum depth a query can have in a single request. | |
region | text | The AWS Region in which the resource is located. | |
resolver_count_limit | bigint | The maximum number of resolvers that can be invoked in a single request. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
tags | jsonb | A map of tags for the resource. | |
title | text | Title of the resource. | |
uris | jsonb | The URIs. | |
user_pool_config | jsonb | The Amazon Cognito user pool configuration. | |
visibility | text | Sets the value of the GraphQL API to public ( GLOBAL ) or private ( PRIVATE ). | |
waf_web_acl_arn | text | The ARN of the WAF access control list (ACL) associated with this GraphqlApi, if one exists. | |
xray_enabled | boolean | A flag indicating whether to use X-Ray tracing for this GraphqlApi. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_appsync_graphql_api