# appsync-authorization-check
<a name="appsync-authorization-check"></a>

Checks if an AWS AppSync API is using allowed authorization mechanisms. The rule is NON\$1COMPLIANT if an unapproved authorization mechanism is being used. 



**Identifier:** APPSYNC\$1AUTHORIZATION\$1CHECK

**Resource Types:** AWS::AppSync::GraphQLApi

**Trigger type:** Configuration changes

**AWS Region:** All supported AWS regions except Asia Pacific (New Zealand), Asia Pacific (Thailand), Asia Pacific (Malaysia), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Mexico (Central), Israel (Tel Aviv), Asia Pacific (Taipei), Canada West (Calgary) Region

**Parameters:**

AllowedAuthorizationTypesType: CSV  
Comma-separated list of allowed AWS AppSync authorization mechanisms. Allowed values are: 'API\$1KEY', 'AWS\$1LAMBDA', 'AWS\$1IAM', 'OPENID\$1CONNECT', 'AMAZON\$1COGNITO\$1USER\$1POOLS'.

## AWS CloudFormation template
<a name="w2aac20c16c17b7d187c19"></a>

To create AWS Config managed rules with AWS CloudFormation templates, see [Creating AWS Config Managed Rules With AWS CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).