Calling AppSync GraphQL from Lambda

Michael Wittig – 26 Jul 2019 (updated 23 Aug 2019)

AWS AppSync provides an easy way to run a GraphQL API that triggers AWS Lambda functions and other AWS services. If you start with AppSync, you likely have existing systems running next to it. Sooner or later, you want to call the GraphQL API from your Lambda function (Node.js). For example, to trigger an AppSync subscription from another system.

Calling AppSync GraphQL from Lambda

To do so, you need:

  1. A GraphQL client library
  2. Authentication
  3. Send your GraphQL request to the AppSync endpoint

Let’s walk through the steps.

Installing the library dependencies

The easiest way to talk to an AppSync GraphQL API is by using the aws-appsync package which wraps the apollo GraphQL client package. The libraries assume that they run in a browser environment where the Fetch API is available. The package cross-fetch provides a polyfill to bring The Fetch API to Node.js environments as well. The package graphql-tag is used to parse a GraphQL query.

npm i aws-appsync@1.8.1
npm i cross-fetch@3.0.4
npm i graphql-tag@2.10.1

Creating a client with authentication

AppSync supports multiple authentication types. If your API uses AWS_IAM, you are all fine. If not:

Andreas and Michael Wittig

Hej, Andreas & Michael here!

We launched the cloudonaut blog in 2015. Since then, we have published 325 articles: small tips and tricks, best practices, and service reviews. We enjoy writing about all things AWS a lot.

Do you like our blog posts and podcast episodes? Have you learned something new? Consider supporting us create in-depth and independent AWS content. Please help us with a monthly or one-time payment through GitHub Sponsors.

Start supporting us today!
  1. In your AppSync Api Settings, go to Additional auth providers and add AWS_IAM
  2. Add the schema directive @aws_iam to the mutation like this
type Mutation {
# used internally to trigger the subscription
test(value: String!): String

In your JavaScript code, create a client object:

const appsync = require('aws-appsync');
const gql = require('graphql-tag');

const graphqlClient = new appsync.AWSAppSyncClient({
region: process.env.AWS_REGION,
auth: {
type: 'AWS_IAM',
credentials: {
accessKeyId: process.env.AWS_ACCESS_KEY_ID,
secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
sessionToken: process.env.AWS_SESSION_TOKEN
disableOffline: true

Now, you are ready to send your GraphQL request to the AppSync endpoint

Sending your GraphQL request to the AppSync endpoint

Finally, you create your GraphQL query and send it to the endpoint.

const mutation = gql`mutation Test($value: String!) {
test(value: $value)
await graphqlClient.mutate({
variables: {
value: 'test'

Keep in mind that your Lambda function needs the following permission to invoke the AppSync API endpoint (replace REGION with the region identifier and AWS_ACCOUNT_ID with the AWS account id):

"Effect": "Allow",
"Action": "appsync:GraphQL",
"Resource": "arn:aws:appsync:REGION:ACCOUNT_ID:apis/API_ID/types/Mutation/fields/test"


Invoking a AppSync GraphQL API endpoint from Lambda requires a few tricks. A typical use case for calling an AppSync API from a Lambda function is to trigger a subscription from an external system.

Michael Wittig

Michael Wittig

I'm an independent consultant, technical writer, and programming founder. All these activities have to do with AWS. I'm writing this blog and all other projects together with my brother Andreas.

In 2009, we joined the same company as software developers. Three years later, we were looking for a way to deploy our software—an online banking platform—in an agile way. We got excited about the possibilities in the cloud and the DevOps movement. It’s no wonder we ended up migrating the whole infrastructure of Tullius Walden Bank to AWS. This was a first in the finance industry, at least in Germany! Since 2015, we have accelerated the cloud journeys of startups, mid-sized companies, and enterprises. We have penned books like Amazon Web Services in Action and Rapid Docker on AWS, we regularly update our blog, and we are contributing to the Open Source community. Besides running a 2-headed consultancy, we are entrepreneurs building Software-as-a-Service products.

We are available for projects.

Feedback? Questions? Drop me a line: Email, Twitter, LinkedIn.

Briefcase icon
Hire me