chore(appsync): improve error message for missing iam authorization mode (#33501)

garysassano · web-flow · commit 63ec7f9dd29c · 2025-02-22T02:15:38.000Z
### Issue # (if applicable) Closes #33465 ### Reason for this change The error message when using grant methods like `grantPublish()` and `grantSubscribe()` on an Event API without IAM authorization mode needs improvement. Currently, users get a confusing error without clear guidance on how to fix it. The error should clearly explain: 1. Why the operation failed (you tried to use a grant method on an Event API with missing IAM authorization mode) 2. How to fix it (add IAM authorization mode to the auth providers list) ### Description of changes Rephrased the error message. ### Describe any new or updated permissions being added ### Description of how you validated changes ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/aws-appsync/lib/eventapi.ts b/packages/aws-cdk-lib/aws-appsync/lib/eventapi.ts
@@ -211,7 +211,9 @@ export abstract class EventApiBase extends ApiBase implements IEventApi {
    */
   public grant(grantee: IGrantable, resources: AppSyncEventResource, ...actions: string[]): Grant {
     if (!this.authProviderTypes.includes(AppSyncAuthorizationType.IAM)) {
-      throw new ValidationError('IAM Authorization mode is not configured on this API.', this);
+      throw new ValidationError('Cannot use grant method because IAM Authorization mode is missing in the auth providers on this API.',
+        this,
+      );
     }
     return Grant.addToPrincipal({
       grantee,
diff --git a/packages/aws-cdk-lib/aws-appsync/test/appsync-eventapi.test.ts b/packages/aws-cdk-lib/aws-appsync/test/appsync-eventapi.test.ts
@@ -361,7 +361,7 @@ describe('Event API security grant tests', () => {
     const api = new appsync.EventApi(stack, 'api', { apiName: 'api' });
 
     // THEN
-    expect(() => api.grantConnect(func)).toThrow('IAM Authorization mode is not configured on this API.');
+    expect(() => api.grantConnect(func)).toThrow('Cannot use grant method because IAM Authorization mode is missing in the auth providers on this API.');
   });
 
   test('Appsync Event API - grant publish for all channel namespaces within an API', () => {
