AWS AppSync
A fully managed service for building and operating GraphQL APIs, enabling unified queries across multiple data sources such as DynamoDB and Lambda
Overview
AWS AppSync is a fully managed service that provides GraphQL APIs. From the frontend, you can access multiple data sources (DynamoDB, Aurora, OpenSearch, Lambda, HTTP endpoints) through a single endpoint, retrieving only the data you need in a single request. It features real-time data synchronization (WebSocket-based subscriptions), offline data sync, and built-in caching, making it ideal for building mobile apps and real-time dashboards. Flexible authentication and authorization via Cognito, IAM, API keys, and Lambda authorizers are available out of the box.
Resolver and Data Source Design
At the core of AppSync are resolvers, which connect GraphQL fields to data sources. VTL (Velocity Template Language) resolvers use request/response mapping templates and are suited for simple operations like direct DynamoDB access. JavaScript resolvers, introduced in 2023, run on the APPSYNC_JS runtime and allow more intuitive logic compared to VTL. Pipeline resolvers call multiple data sources sequentially, enabling multi-step processing such as authorization check, data retrieval, and transformation within a single GraphQL field. In practice, JavaScript resolvers are recommended as the default, delegating to Lambda data sources only when complex business logic is required. AppSync charges $4.00 per million query/mutation operations and $0.08 per million minutes of real-time connections on a pay-as-you-go basis, making cost predictable for most workloads.
Subscriptions and Offline Sync
AppSync's real-time subscription feature uses WebSocket connections to push data changes to all connected clients instantly. A typical pattern uses subscriptions in chat apps and collaboration tools to broadcast mutations as they happen - when one client creates or updates a record, all subscribers receive the change within milliseconds. The Amplify client libraries handle WebSocket connection management, automatic reconnection, and subscription lifecycle out of the box. For mobile applications, AppSync provides built-in offline support through the Amplify DataStore, which maintains a local replica of data on the device and automatically synchronizes changes when connectivity is restored, using conflict detection and resolution strategies (auto-merge, optimistic concurrency, or custom Lambda resolvers) to handle concurrent edits. For a systematic study of GraphQL, books on GraphQL (Amazon) are a great resource. Unlike Azure API Management's GraphQL support, which lacks native subscription capability and requires a separate SignalR Service for real-time communication, AppSync provides WebSocket-based subscriptions as a first-class feature.
Authentication Models and Multi-Data-Source Integration
AppSync supports four authentication modes - API key, Cognito User Pools, IAM, and Lambda authorizers - and you can enable multiple modes simultaneously on a single API. This multi-auth capability lets you serve different client types from the same endpoint: Cognito for authenticated end users, IAM for backend services, and API keys for public read-only access. At the schema level, @auth directives control which authentication mode and user groups can access specific types and fields, enabling fine-grained authorization without custom resolver logic. For data source integration, AppSync can query DynamoDB, Aurora Serverless (via the Data API), OpenSearch, HTTP endpoints, and Lambda functions from a single GraphQL schema. Pipeline resolvers orchestrate calls across multiple data sources within a single field resolution - for example, checking permissions in DynamoDB, fetching data from Aurora, and enriching it with an external API call, all within one GraphQL query. One caveat is that AppSync resolvers have an execution time limit of 30 seconds, so heavy aggregation or batch operations should be delegated to a Lambda data source with an asynchronous response design.