# appsync-authorization-check
<a name="appsync-authorization-check"></a>

Checks if an Amazon AppSync API is using allowed authorization mechanisms. The rule is NON\$1COMPLIANT if an unapproved authorization mechanism is being used. 



**Identifier:** APPSYNC\$1AUTHORIZATION\$1CHECK

**Resource Types:** AWS::AppSync::GraphQLApi

**Trigger type:** Configuration changes

**Amazon Web Services Region:** All supported Amazon regions except Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Malaysia), Asia Pacific (Melbourne), Amazon GovCloud (US-East), Amazon GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary) Region

**Parameters:**

AllowedAuthorizationTypesType: CSV  
Comma-separated list of allowed Amazon AppSync authorization mechanisms. Allowed values are: 'API\$1KEY', 'Amazon\$1LAMBDA', 'Amazon\$1IAM', 'OPENID\$1CONNECT', 'AMAZON\$1COGNITO\$1USER\$1POOLS'.

## Amazon CloudFormation template
<a name="w2aac20c16c17b7d187c19"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).