The post on https://read.acloud.guru/backend-graphql-how-to-trigger-an-aws-appsync-mutation-from-aws-lambda-eda13ebc96c3 describes a nice way to call AppSync mutations using a simple HTTP requests from a Lambda assuming that IAM authentication is being used on AppSync, but I would like to be able to do this with AMAZON_COGNITO_USER_POOLS.
The way it is done there is by signing the request using IAM credentials. As far as I could determine, when AMAZON_COGNITO_USER_POOLS is used, the requests are not signed but come with a JWT token but I am struggling to find details on how this works. AWS.CognitoIdentityServiceProvider provides adminInitiateAuth as an easy way to get User Pool tokens inside a Lambda but I have no idea how to use these tokens to authenticate HTTP requests for AppSync. Can I just put them in a specific header or is the process more complicated?
You will have to pass it to the authorization header.