Here is a 150 word summary of the blog post:
This article provides a complete example of an AWS architecture with Amazon Verified Permissions, Cognito, AppSync, DynamoDB, and CloudTrail to implement role-based access control for a GraphQL API. It utilizes the BatchIsAuthorized API to get authorization decisions for AppSync queries and mutations. A Lambda authorizer maps access tokens, groups, and actions to Verified Permissions for the authorization responses. The infrastructure is defined as code with Terraform. The AppSync API uses JavaScript resolvers to connect to a DynamoDB database. Test users are created in Cognito and assigned to User and Admin groups. Queries in the AppSync console demonstrate how the admin can access full hero profiles, while the user is blocked from restricted fields based on the Verified Permissions policies. The article provides a foundation to apply fine-grained access control in GraphQL APIs.