Documentation
Integrations

AppSync Lambda logging

Created:
September 6, 2024
Updated:
September 6, 2024

AWS AppSync is a managed service provided by AWS that enables developers to build scalable and secure GraphQL APIs for web and mobile applications. It simplifies the process of creating and managing GraphQL APIs by handling the heavy lifting of infrastructure management, real-time data synchronization, and offline data access.

The FireTail AppSync Lambda integration receives Cloudwatch log events from AppSync APIs, and forwards request and response data to the FireTail platform.

Prerequisites

  1. Go Installation: Ensure you have Go installed. Follow the installation instructions.
  2. Serverless CLI: Install the Serverless Framework CLI. Refer to Serverless Framework Setup for instructions.

Configure AppSync

Before deploying the Firetail AppSync Lambda, make sure your AppSync app is configured to log to CloudWatch. For detailed instructions, refer to the AWS documentation.

To properly configure logging, follow these recommendations:

  • Enable Include verbose content.
  • Set the Field resolver log level to All

Note: Record the name of the CloudWatch log group associated with your AppSync app. This will be needed for the Firetail AppSync Lambda deployment. The log group name should follow the format /aws/appsync/apis/{graphql_api_id}.

Generate A Firetail API Token

To deploy the Firetail AppSync Lambda, you need an API token from the Firetail SaaS platform.

Create an API:

  • Create an API under the required application in the FireTail platform. Set the API Type to GraphQL.

View full instructions on creating an API

Generate an API Token:

  • In the Tokens tab of your API, click "Create Token".
  • Name the token and note the Token Secret for deployment.

View full instructions on creating an API token

Build The FireTail AppSync Lambda

The process of building the Firetail AppSync Lambda binary can be performed using the Makefile at the root of this repository, using the build target:


git clone git@github.com:FireTail-io/firetail-appsync-lambda.gitcd 
firetail-appsync-lambda

A more in-depth explanation of how to build the Firetail AppSync Lambda from source can be found in docs/build-from-src.md.

Deploy The FireTail AppSync Lambda With Serverless

A serverless.yml is provided in the root of this repository, which has two parameters:

  1. cloudwatch-log-group, the log group for an AppSync API in Cloudwatch (see Configuring AppSync).
  2. firetail-api-token, an API token from the Firetail SaaS (see Generating a Firetail API Token).

Given these two values, the Lambda can be deployed by running the following serverless command from the root of the repository:


sls deploy --param="cloudwatch-log-group=YOUR_CLOUDWATCH_LOG_GROUP" 
--param="firetail-api-token=YOUR_FIRETAIL_API_TOKEN"

This serverless command may require additional flags depending upon the use case, for example to specify the region in which the Lambda should be deployed. See sls deploy --help for a list of available flags.

Getting Started
Organizations
Dashboard
APIs
Applications
Integrations
Actions
Specifications
Posture Management
Alerting
Code Libraries
Reporting
Python Documentation
FAQs
Related Docs
Discover APIs in a GitLab repository
View doc
AWS WAFv2 IP Set
View doc
Set up a Splunk integration
View doc
Set up a Microsoft Teams integration
View doc
Recently Updated
Glossary
View doc
Dashboard overview
View doc
API Risk Dashboard
View doc
API Risk Scoring
View doc
Set up AWS API Gateway Logging with AWS Lambda
View doc