hands-on lab

Securing an AWS AppSync API With Amazon Cognito

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


AWS AppSync authorization is a crucial configuration as it defines which users or identities are allowed to access an API. An AppSync API can define access controls for the queries, mutations, subscriptions, and fields defined in the schema. AppSync supports several identity providers to suit different use cases, and even allows fine-grained access control at the resolver level.

In this lab, you will learn the five supported authorization types, and perform the configurations necessary to associate an AppSync API with an Amazon Cognito User Pool. You will also provide an additional layer of data protection by applying fine-grained access controls on API resolvers.

Learning objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Provide authorized access to an AWS AppSync API using an Amazon Cognito User Pool
  • Apply fine-grained access control to AWS AppSync resolvers

Intended audiences

  • Candidates for the AWS Certified Developer - Associate Certification
  • Cloud Architects
  • Software Engineers
  • Serverless Developers


Familiarity with the following will be beneficial but is not required:

  • AWS AppSync
  • GraphQL
  • AWS DynamoDB

The following content can be used to fulfill the prerequisite:


July 7th, 2023 - Resolved intermittent deployment issue

Environment before

Environment after

About the author

Jun Fritz, opens in a new tab
Cloud Labs Developer
Learning paths

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics

Lab steps

Logging In to the Amazon Web Services Console
Selecting an AppSync API authentication method
Authorizing AppSync API access using Amazon Cognito
Applying fine-grained access control in AWS AppSync