Additionally, AppSync provides robust security features, including access controls, encryption, and auditing. This ensures that sensitive data is protected and that all changes to the codebase are tracked and monitored.
AppSync uses data sources. Storing database credentials in a unified repo is fine (encrypted), but the rotation logic should be a separate construct. The unified repo can contain the rotation Lambda code, but keep the rotation schedule outside the API stack to avoid unintentional resetting. appsync unified repo
| Problem | Fragmented Approach | Unified Repo Solution | | :--- | :--- | :--- | | | Stored manually in the AWS Console or separate S3 files. | Versioned alongside the schema. | | Schema Changes | Requires manual sync with frontend teams. | PR includes schema + resolver changes. | | Testing | "Deploy and pray." | Run integration tests locally against mocked AppSync. | | Rollbacks | Painful (schema vs. resolvers vs. Lambdas). | Atomic rollbacks (deploy previous commit). | Storing database credentials in a unified repo is