Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Easy Serverless GraphQL APIs with Serverless Framework AppSync (github.com/serverless-components)
90 points by ac360 on Oct 5, 2019 | hide | past | favorite | 11 comments



What are the advantages of this vs something like firestore?

https://firebase.google.com/docs/firestore/query-data/listen


With DynamoDB you can batch process table updates and selectively send WebSocket updates through API Gateway, vs Firestore which sends everything and can only process records individually in order. Firestore pricing is cheaper (18 cents per GB vs 25 cents for DDB) but the bandwidth/retrieval costs are higher.

I used firestore in production and it scaled beautifully to 10k concurrent users (many physical classrooms with all students connected, mainly during US school hours). My main issues were storage/bandwidth costs which were substantial for a relatively high traffic application using Firepad (https://firepad.io/), and the cold starts/monitoring for Firebase functions. The trade-off for our small startup was clearly time - with Firebase we could turn a hackathon's worth of time into a fully-managed service that required virtually zero maintenance, and customize it to our specific problem quite easily (albeit exposing much of our application logic as client JS), while handling a handful of backend processes like payment processing with Firebase functions.

Nowadays you can build the same fully-managed no-maintenance service on AWS and get access to a far greater range of services and data centers. However they have by no means tackled the web console user experience like Firebase consistently has.


I would like to point out that Firepad uses the Firebase Realtime Database, not Firestore.

See here for the differences between the two databases: https://firebase.google.com/docs/firestore/rtdb-vs-firestore


Is data validation and permissions/authorization easy to do client-side?

That was my main concern when I was looking into firebase a while back. Just wondering if the situation has improved.


You REALLY want to do data validation and permissions/authorization server side. Never trust the client! It's fine also to do client-side checking, but you must do server-side.

It's moderately easy with Firebase (haven't used Firestore).

I'm definitely interested to see if there's anything for AppSync beyond the checking that the GraphQL schema does (NOTE: I am not an expert in GraphQL schema, it may be a lot more powerful than I know), or if you have to write your own Lambda at that point. Does look like that's easy, though!

I've been using the serverless.com tools for quite a while now, and they're fantastic. Really glad to have this!


You can use a combination of multiple auth schemes for coarse grained authorization. But, you can also implement your own fine-grained checks at the resolver level. See the AppSync Security documentation at https://docs.aws.amazon.com/appsync/latest/devguide/security...

(I led the team that built AWS AppSync).


Interesting, thanks!


Pretty sure it doesn't stack up to Amplify + AppSync: https://aws-amplify.github.io/docs/cli-toolchain/graphql#aut...


Whereas Firestore is a NoSQL dB with awesome triggers and subscriptions, AppSync is a hosted GraphQL endpoint for many data stores. You can query one endpoint to get data from DynamoDB, RDS, an HTTP server and more sources.


AppSync is a pretty fantastic product. I've been itching for an excuse to use it!


How's it compare against Hasura?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: