From d0b1b80661909637827b4408f45c23ddaae917f0 Mon Sep 17 00:00:00 2001
From: kakakakakku <y.yoshida22@gmail.com>
Date: Fri, 17 Oct 2025 19:07:43 +0900
Subject: [PATCH 1/4] appsync-notify-subscribers-of-database-updates: Update
 runtime to nodejs22.x

---
 .../3-lambda/template.yml                                     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/appsync-notify-subscribers-of-database-updates/3-lambda/template.yml b/appsync-notify-subscribers-of-database-updates/3-lambda/template.yml
index 1a396b832..97fd9be3c 100644
--- a/appsync-notify-subscribers-of-database-updates/3-lambda/template.yml
+++ b/appsync-notify-subscribers-of-database-updates/3-lambda/template.yml
@@ -5,7 +5,7 @@ Description: Notify subscribers of database updates
 Globals:
   Function:
     CodeUri: src/
-    Runtime: nodejs20.x
+    Runtime: nodejs22.x
     Timeout: 10
     MemorySize: 128
     Layers:
@@ -39,7 +39,7 @@ Resources:
       # delete old version of layer
       RetentionPolicy: Delete
     Metadata:
-      BuildMethod: nodejs16.x
+      BuildMethod: nodejs22.x
 
   AppSyncLambdaUseIAM:
     Type: 'AWS::Serverless::Function'

From 6944c9dbec82d8707899e9a9605f289fa4e0ce3c Mon Sep 17 00:00:00 2001
From: kakakakakku <y.yoshida22@gmail.com>
Date: Fri, 17 Oct 2025 19:41:37 +0900
Subject: [PATCH 2/4] appsync-notify-subscribers-of-database-updates: Update
 SDK to v3 for nodejs22.x runtime

---
 .../externalDepsLayer/nodejs/package.json     |  8 ++-
 .../3-lambda/src/lambdaUsesIAM.js             | 68 ++++++++++++-------
 2 files changed, 47 insertions(+), 29 deletions(-)

diff --git a/appsync-notify-subscribers-of-database-updates/3-lambda/externalDepsLayer/nodejs/package.json b/appsync-notify-subscribers-of-database-updates/3-lambda/externalDepsLayer/nodejs/package.json
index 994f959aa..6dd041d07 100644
--- a/appsync-notify-subscribers-of-database-updates/3-lambda/externalDepsLayer/nodejs/package.json
+++ b/appsync-notify-subscribers-of-database-updates/3-lambda/externalDepsLayer/nodejs/package.json
@@ -9,10 +9,12 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "aws-appsync": "^4.1.10",
+    "@aws-sdk/signature-v4": "^3.0.0",
+    "@smithy/protocol-http": "^4.0.0",
+    "@aws-sdk/credential-provider-node": "^3.0.0",
+    "@aws-crypto/sha256-js": "^5.0.0",
     "axios": "^1.8.2",
     "graphql": "^16.10.0",
-    "graphql-tag": "^2.12.6",
-    "isomorphic-fetch": "^3.0.0"
+    "graphql-tag": "^2.12.6"
   }
 }
diff --git a/appsync-notify-subscribers-of-database-updates/3-lambda/src/lambdaUsesIAM.js b/appsync-notify-subscribers-of-database-updates/3-lambda/src/lambdaUsesIAM.js
index 8f4626324..5c41a48bd 100644
--- a/appsync-notify-subscribers-of-database-updates/3-lambda/src/lambdaUsesIAM.js
+++ b/appsync-notify-subscribers-of-database-updates/3-lambda/src/lambdaUsesIAM.js
@@ -1,21 +1,10 @@
-require('isomorphic-fetch');
-const AUTH_TYPE = require('aws-appsync').AUTH_TYPE;
-const AWSAppSyncClient = require('aws-appsync').default;
+const { SignatureV4 } = require('@aws-sdk/signature-v4');
+const { HttpRequest } = require('@smithy/protocol-http');
+const { defaultProvider } = require('@aws-sdk/credential-provider-node');
+const { Sha256 } = require('@aws-crypto/sha256-js');
 const gql = require('graphql-tag');
-
-const config = {
-    url: process.env.APPSYNC_ENDPOINT,
-    region: process.env.AWS_REGION,
-    auth: {
-        type: AUTH_TYPE.AWS_IAM,
-        credentials: {
-            accessKeyId: process.env.AWS_ACCESS_KEY_ID,
-            secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
-            sessionToken: process.env.AWS_SESSION_TOKEN
-        },
-    },
-    disableOffline: true
-};
+const graphql = require('graphql');
+const { print } = graphql;
 
 const createTodo = gql`
     mutation MyMutation(
@@ -38,21 +27,48 @@ const createTodo = gql`
     }
 `;
 
-const client = new AWSAppSyncClient(config);
+const signer = new SignatureV4({
+    credentials: defaultProvider(),
+    region: process.env.AWS_REGION,
+    service: 'appsync',
+    sha256: Sha256
+});
 
 exports.handler = async function (event) {
     console.log("event ", event);
 
     try {
-        const result = await client.mutate({
-            mutation: createTodo,
-            variables: {
-                orderId: "123",
-                prevStatus: "PENDING",
-                status: "IN_PROGRESS",
-                updatedAt: "2021-10-07T20:38:18.683Z"
-            }
+        const url = new URL(process.env.APPSYNC_ENDPOINT);
+        const query = print(createTodo);
+        const variables = {
+            orderId: "123",
+            prevStatus: "PENDING",
+            status: "IN_PROGRESS",
+            updatedAt: "2021-10-07T20:38:18.683Z"
+        };
+
+        const requestBody = JSON.stringify({ query, variables });
+
+        const request = new HttpRequest({
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                host: url.host
+            },
+            hostname: url.hostname,
+            path: url.pathname,
+            body: requestBody
         });
+
+        const signedRequest = await signer.sign(request);
+
+        const response = await fetch(process.env.APPSYNC_ENDPOINT, {
+            method: signedRequest.method,
+            headers: signedRequest.headers,
+            body: requestBody
+        });
+
+        const result = await response.json();
         console.log("result ", result);
     } catch (error) {
         console.log("error ", error);

From 501c256eb3b841c6962e2fe172462d945354bea1 Mon Sep 17 00:00:00 2001
From: kakakakakku <y.yoshida22@gmail.com>
Date: Fri, 17 Oct 2025 19:48:49 +0900
Subject: [PATCH 3/4] appsync-notify-subscribers-of-database-updates: Update
 default callback URL

---
 .../1-http/template.yaml                                        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/appsync-notify-subscribers-of-database-updates/1-http/template.yaml b/appsync-notify-subscribers-of-database-updates/1-http/template.yaml
index 257b4382d..15cd83dc7 100644
--- a/appsync-notify-subscribers-of-database-updates/1-http/template.yaml
+++ b/appsync-notify-subscribers-of-database-updates/1-http/template.yaml
@@ -17,7 +17,7 @@ Parameters:
   Client:
     Description: Client website for authentication redirects and cors (must start with https://)
     Type: String
-    Default: https://myapp.com
+    Default: https://aws.amazon.com
 
 Resources:
   # Creates a nested stack with the required Cognito requirements

From 5262557c89d4d01031c933ebcc3148a3dc026f6c Mon Sep 17 00:00:00 2001
From: kakakakakku <y.yoshida22@gmail.com>
Date: Fri, 17 Oct 2025 20:52:48 +0900
Subject: [PATCH 4/4] appsync-notify-subscribers-of-database-updates: Update
 README

---
 appsync-notify-subscribers-of-database-updates/README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/appsync-notify-subscribers-of-database-updates/README.md b/appsync-notify-subscribers-of-database-updates/README.md
index 060bf12f1..d8f83e65d 100644
--- a/appsync-notify-subscribers-of-database-updates/README.md
+++ b/appsync-notify-subscribers-of-database-updates/README.md
@@ -74,6 +74,15 @@ Important: this application uses various AWS services and there are costs associ
     ```
     sam deploy -g --capabilities CAPABILITY_IAM
     ```
+13. During the prompts:
+    * Enter a stack name
+    * Select the desired AWS Region
+    * Enter a GraphQLApiEndpoint
+    * Enter an AppSyncApiKey
+    * Enter a GraphQLApiId
+    * Enter an OrdersEventBusName
+    * Enter an OrdersEventBusArn
+    * Allow SAM to create roles with the required permissions.
 
 ## Testing Part 1 - notify via HTTP Request