Skip to content

Terraform AWS AppSync

GraphQL APIs with resolvers, data sources, API keys or IAM and Cognito authentication, logging, caching, custom domains, and fine grained access patterns.

4 controls enforced6 frameworks

Controls Enforced

The following compliance controls are enforced by this module at terraform plan time.

Quick Start

module "appsync" {
  source  = "acscessentialeight.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "acscism2023.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "awscontroltower.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "awsgenai.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "awswellarchitected.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "cccsmedium.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "cfrpart11.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "cis.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "cisv500.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "cisv600.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "cisv80ig1.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "cisacyberessentials.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "eugmpannex11.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "fedramplow.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "fedrampmoderate.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "ffiec.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "gdpr.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "hipaa.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "iso27001.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "nis2.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "nist800171.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "nist80053.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "nistcsf.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "nydfs23.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "pcidss.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "rbicybersecurity.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "rbiitfnbfc.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

module "appsync" {
  source  = "soc2.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "<version>"

  # ... your arguments here
}

See the Get Started guide to get started and read the Features section for more details on how to customize the module for your requirements.

Migration from Upstream

Already using terraform-aws-modules? Change only the source URL:

module "appsync" {
  source  = "terraform-aws-modules/appsync/aws"
  version = "1.0"
}

module "appsync" {
  source  = "soc2.compliance.tf/terraform-aws-modules/appsync/aws"
  version = "1.0"
}

Same arguments. Same outputs. Compliance controls are enforced automatically at terraform plan. If a required value is missing, you get a clear validation error telling you what to set.

See the Migration Guide for step-by-step instructions.

Reversibility

No lock-in. Switch back by reverting the source URL to the upstream path:

module "appsync" {
  source  = "terraform-aws-modules/appsync/aws"
}

Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.

Mapped compliance frameworks

ACSC-EE-ML2-7.7: Multi-factor authentication ML2

A.8.15 Logging

3 Incident handling

PR.PS-04

5.3.4: Anti-malware mechanisms and processes are active, maintained, and monitored.

10.2.1: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.1: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.2: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.3: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.4: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.5: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.6: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.1.7: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.2.2: Audit logs are implemented to support the detection of anomalies and suspicious activity, and the forensic analysis of events.

10.3.1: Audit logs are protected from destruction and unauthorized modifications.

10.6.3: Time-synchronization mechanisms support consistent time settings across all systems.

A1.2.1: Multi-tenant service providers facilitate logging and incident response for all customers.

A1.2.3: Processes or mechanisms are implemented for reporting and addressing suspected or confirmed security incidents and vulnerabilities

A1.2 The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives

Framework Coverage

Which controls from this module are active under each framework endpoint. ● enforced by default · ○ not activated by this endpoint

ControlACSC Essential EightISO/IEC 27001:2022NIS2 Directive (EU 2022/2555)NIST Cybersecurity Framework v2.0PCI DSS v4.0SOC 2
AWS AppSync GraphQL APIs should not be authenticated with API keys
AWS AppSync API caches should be encrypted at rest
AWS AppSync API caches should be encrypted in transit
AppSync graphql API logging should be enabled

Showing top 6 frameworks by coverage. All framework endpoints →