amazon-web-services - AWS Amplify API - Prevent public read access for field

问题描述

Problem

I created a GraphQL API with AWS Amplify that has both Cognito User Pools and IAM authentication. I want unauthenticated users to read a majority of the fields on the book model (e.g. title, description, etc.) but I want some fields to be limited to authenticated users (e.g. chapters).

However, since the providers are different (Cognito vs. IAM) the unauthenticated users are able to read every field regardless of group field level auth rules.

Question

How can I prevent public read access for certain fields while allowing it for other fields?

Schema

type Book
  @model
  @searchable
  @auth(
    rules: [
      {allow: public, provider: iam, operations: [read]},
      {allow: groups, groups: ["Customer"], operations: [read]},
      {allow: groups, groups: ["Admin"], operations: [create, read, update, delete]}
    ]
  )
{
  id: ID!
  title: String!
  description: String!
  chapters: [Chapter!]
    @auth(rules: [
      {allow: groups, groups: ["Customer"], operations: [read]},
      {allow: groups, groups: ["Admin"], operations: [create, read, update, delete]}
    ])
}

标签： amazon-web-servicesamazon-cognitoamazon-iamaws-amplifyaws-appsync