AWS AppSync now supports cross account sharing of GraphQL APIs

Posted on: Nov 22, 2024

AWS AppSync is a fully managed API management service that connects applications to events, data, and AI models. AppSync now supports sharing GraphQL APIs across AWS accounts using AWS Resource Access Manager (RAM). This new feature allows customers to securely share their AppSync GraphQL APIs configured with IAM authorization, including private APIs, with other AWS accounts within their organization or with third parties.

Before today, customers had to set up additional networking infrastructure to share their private GraphQL APIs between their organization accounts. With this enhancement, customers can now centralize their GraphQL API management in a dedicated account and share access to these APIs with other accounts. For example, a central API team can create and manage private GraphQL APIs, then share them with different application or networking teams in different accounts. This approach simplifies API governance, improves security, and enables more flexible and scalable architectures for multi-account environments. Customers can optionally enable CloudTrail to capture API activities related to AWS AppSync GraphQL APIs as events for additional security and visibility.

This feature is now available in all AWS Regions where AWS AppSync is available.

To get started, refer to the AWS AppSync GraphQL documentation, and visit the AWS RAM console to start sharing your APIs. For more information about sharing resources with AWS RAM, see the AWS RAM User Guide.