
Show HN: Easy Serverless GraphQL APIs with Serverless Framework AppSync - ac360
https://github.com/serverless-components/aws-app-sync
======
si1entstill
What are the advantages of this vs something like firestore?

[https://firebase.google.com/docs/firestore/query-
data/listen](https://firebase.google.com/docs/firestore/query-data/listen)

~~~
primitivesuave
With DynamoDB you can batch process table updates and selectively send
WebSocket updates through API Gateway, vs Firestore which sends everything and
can only process records individually in order. Firestore pricing is cheaper
(18 cents per GB vs 25 cents for DDB) but the bandwidth/retrieval costs are
higher.

I used firestore in production and it scaled beautifully to 10k concurrent
users (many physical classrooms with all students connected, mainly during US
school hours). My main issues were storage/bandwidth costs which were
substantial for a relatively high traffic application using Firepad
([https://firepad.io/](https://firepad.io/)), and the cold starts/monitoring
for Firebase functions. The trade-off for our small startup was clearly time -
with Firebase we could turn a hackathon's worth of time into a fully-managed
service that required virtually zero maintenance, and customize it to our
specific problem quite easily (albeit exposing much of our application logic
as client JS), while handling a handful of backend processes like payment
processing with Firebase functions.

Nowadays you can build the same fully-managed no-maintenance service on AWS
and get access to a far greater range of services and data centers. However
they have by no means tackled the web console user experience like Firebase
consistently has.

~~~
throwaway_bad
Is data validation and permissions/authorization easy to do client-side?

That was my main concern when I was looking into firebase a while back. Just
wondering if the situation has improved.

~~~
chris_st
You REALLY want to do data validation and permissions/authorization server
side. Never trust the client! It's fine _also_ to do client-side checking, but
you must do server-side.

It's moderately easy with Firebase (haven't used Firestore).

I'm definitely interested to see if there's anything for AppSync beyond the
checking that the GraphQL schema does (NOTE: I am not an expert in GraphQL
schema, it may be a lot more powerful than I know), or if you have to write
your own Lambda at that point. Does look like that's easy, though!

I've been using the serverless.com tools for quite a while now, and they're
fantastic. Really glad to have this!

~~~
appwiz
You can use a combination of multiple auth schemes for coarse grained
authorization. But, you can also implement your own fine-grained checks at the
resolver level. See the AppSync Security documentation at
[https://docs.aws.amazon.com/appsync/latest/devguide/security...](https://docs.aws.amazon.com/appsync/latest/devguide/security.html)

(I led the team that built AWS AppSync).

~~~
chris_st
Interesting, thanks!

------
reilly3000
AppSync is a pretty fantastic product. I've been itching for an excuse to use
it!

------
oaththrowaway
How's it compare against Hasura?

