Calling AppSync GraphQL from Lambda

Michael WittigUpdated 23 Aug 2019

AWS AppSync provides an easy way to run a GraphQL API that triggers AWS Lambda functions and other AWS services. If you start with AppSync, you likely have existing systems running next to it. Sooner or later, you want to call the GraphQL API from your Lambda function (Node.js). For example, to trigger an AppSync subscription from another system.

Calling AppSync GraphQL from Lambda

To do so, you need:

  1. A GraphQL client library
  2. Authentication
  3. Send your GraphQL request to the AppSync endpoint

Let’s walk through the steps.

Installing the library dependencies

The easiest way to talk to an AppSync GraphQL API is by using the aws-appsync package which wraps the apollo GraphQL client package. The libraries assume that they run in a browser environment where the Fetch API is available. The package cross-fetch provides a polyfill to bring The Fetch API to Node.js environments as well. The package graphql-tag is used to parse a GraphQL query.

npm i aws-appsync@1.8.1
npm i cross-fetch@3.0.4
npm i graphql-tag@2.10.1

Creating a client with authentication

AppSync supports multiple authentication types. If your API uses AWS_IAM, you are all fine. If not:

Andreas and Michael Wittig

Please support our work!

We have published 328 articles, 41 podcast episodes, and 15 videos. It's all free and means a lot of work in our spare time.

Thanks to Alan Leech, Alex DeBrie, e9e4e5f0faef, Goran Opacic, jhoadley, Shawn Tolidano, Thorsten Hoeger, Todd Valentine, Vince Fulco, and all anonymous supporters for your help! We also want to thank all supporters who purchased a cloudonaut t-shirt. It gives us great pleasure to send our t-shirts all over the world.

With your help, we can continue to produce independent & high-quality content focused on AWS. Please support us!

Support us
  1. In your AppSync Api Settings, go to Additional auth providers and add AWS_IAM
  2. Add the schema directive @aws_iam to the mutation like this
type Mutation {
# used internally to trigger the subscription
test(value: String!): String

In your JavaScript code, create a client object:

const appsync = require('aws-appsync');
const gql = require('graphql-tag');

const graphqlClient = new appsync.AWSAppSyncClient({
region: process.env.AWS_REGION,
auth: {
type: 'AWS_IAM',
credentials: {
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
sessionToken: process.env.AWS_SESSION_TOKEN
disableOffline: true

Now, you are ready to send your GraphQL request to the AppSync endpoint

Sending your GraphQL request to the AppSync endpoint

Finally, you create your GraphQL query and send it to the endpoint.

const mutation = gql`mutation Test($value: String!) {
test(value: $value)
await graphqlClient.mutate({
variables: {
value: 'test'

Keep in mind that your Lambda function needs the following permission to invoke the AppSync API endpoint (replace REGION with the region identifier and AWS_ACCOUNT_ID with the AWS account id):

"Effect": "Allow",
"Action": "appsync:GraphQL",
"Resource": "arn:aws:appsync:REGION:ACCOUNT_ID:apis/API_ID/types/Mutation/fields/test"


Invoking a AppSync GraphQL API endpoint from Lambda requires a few tricks. A typical use case for calling an AppSync API from a Lambda function is to trigger a subscription from an external system.

Michael Wittig

Michael Wittig

I launched in 2015 with my brother Andreas. Since then, we have published hundreds of articles, podcast episodes, and videos. It’s all free and means a lot of work in our spare time. We enjoy sharing our AWS knowledge with you.
Have you learned something new by reading, listening, or watching our content? If so, we kindly ask you to support us in producing high-quality & independent AWS content. We look forward to sharing our AWS knowledge with you.

Support us

Feedback? Questions? You can reach me via Email, Twitter, or LinkedIn.