AWS AppSync added support for Lambda authorizers on 30th July 2021 and it made it much easier to implement group-based authorization with 3rd party identity services.

Group-based auth with AppSync and Cognito

I previously wrote about how you can secure multi-tenant applications with AppSync and Cognito. …

AWS Step Functions is a powerful orchestration service that lets you model even the most complex business workflows. It packs a great visualization tool (which you can also use to design your workflows visually now!) and can integrate with many AWS services directly, including Lambda, DynamoDB, and API Gateway.


With API Gateway and Lambda, you can handle client errors gracefully by returning a 4xx response.

module.exports.handler = async (event) => {
// run validation logic
return {
statusCode: 400

This way, we can communicate clearly to the client that there’s a problem with its request. It also…

It’s been two years since I last wrote about Lambda layer and when you should use it. Most of the problem I discussed in that original post still stands:

  • It makes it harder to test your functions locally. …

An interesting question came up in a conversation today:

“How should I manage the Route53 DNS records in a multi-account environment?”

Suppose you have configured an AWS Organization with different accounts for dev, staging and production environments. …

In the last post I discussed my preferred approach for modelling multi-tenant applications with AppSync and Cognito. This approach supports the common requirements in these applications, where there are a number of distinct roles within each tenant.

This approach (and others like it) works great when the tenants are isolated…

Thank you to Josh for asking this question on the AppSync Masterclass forum. His original question goes like this:

Let’s say I want to add a one-to-many relationship from Profile to a new property called “Tag” (a complex object with “name” and “color” properties) so a user can define their…

One of the most common questions I get is “How do I build a multi-tenant application with AppSync and Cognito?”.

If you google this topic on the internet you will no doubt come across many different opinions. …

In light of recent news of Okta’s pending acquisition of Auth0 there’s been renewed discussion about where Amazon Cognito fits into the picture. It’s a question my clients often ask me, so here are my two cents.

The case for Cognito

Integration with other AWS services

Cognito’s tight integration with other AWS services such as API Gateway, AppSync and…

When you start a new Vue.js project that needs to interface with APIs running in AWS, there’s a good chance you will have these lines of code:

import Amplify from 'aws-amplify'Amplify.configure({
Auth: {
region: 'us-east-1',
userPoolId: 'xxx',
userPoolWebClientId: 'xxx',
mandatorySignIn: true

These few lines of code let…

Yan Cui

AWS Serverless Hero. Independent Consultant Author of Speaker. Trainer. Blogger.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store