Serverless-graphql and Cognito identity

Serverless Framework
1

Using serverless to target a REST API with AWS Gateway and AWS Lambda, I have access to a representation of the API caller’s Cognito identity using event.requestContext.identity, which for example may look something like “us-east-1:7826598f-32e8-4576-a652-8e7d4b07ffd4”.

Using serverless with serverless-graphql to target a GraphQL API with AWS AppSync, I have access to a representation of the API caller’s Cognito identity using $context.identity within a resolver mapping template, which may look something the object show below.

Having tables already keyed using the identity from the REST API, I was hoping to see the same info in the GraphQL solution. I don’t.

Does anyone know of any way to gain access the same Cognito identity string from event.requestContext.identity using serverless-graphql?

$context.identity produces:
{
sub: ‘733y87eh-543c-4db3-90d3-345af7g3b1w8’,
issuer: ‘https://cognito-idp.us-east-1.amazonaws.com/us-east-1_HSyg7Hj2o’,
username: ‘email@gmail.com’,
claims: {
sub: ‘733y87eh-543c-4db3-90d3-345af7g3b1w8’,
aud: ‘k2e45ef5km4se16j7gj5i4jvu9’,
email_verified: true,
event_id: ‘f9293923-4518-11e8-a71f-a15cf0c3b0db’,
token_use: ‘id’,
auth_time: 1524283419,
iss: ‘https://cognito-idp.us-east-1.amazonaws.com/us-east-1_HSyg7Hj2o’,
‘cognito:username’: ‘email@gmail.com’,
exp: 1524287019,
iat: 1524283419,
email: ‘email@gmail.com’,
},
sourceIp: [‘99.224.132.168’],
defaultAuthStrategy: ‘ALLOW’,
groups: null,
};

2

So to kind of answer my own question, I now understand that my serverless-graphql uses AWS Cognito Pools for authentication and produces the Cognito Pool identity object in which the sub field is the id, while the serverless configuration uses AWS IAM for authentication which produces a cognitoIdentityId string as the id WHICH DOES NOT MATCH the Cognito id.

Looks like Amazon did not foresee switching from IAM to Cognito Pools concurrently with existing data tables having utilized the IAM id. So I think that’s that.

I see serverless-graphql presently supports api-key and Cognito Pools for AppSync. Does it support IAM?