flutter dart appsync AWS_IAM access

app.dart

    var credentials = await _identityRepository.credentials;
    var graphqlEndpoint = "https://xxxxxxxxxxxxxxxxxxxxxxxxxx.appsync-api.us-east-1.amazonaws.com";
    var graphqlQuery = """
      query listPets {
        listPets {
          id
          price
          type
        }
      }
    """;

    var graphqlApi = GraphQLApi(graphqlEndpoint, 'us-east-1');
    var response = await graphqlApi.post(credentials, graphqlQuery);

graphql_api.dart

import 'package:flutter_aws_app/authentication/authentication.dart';
import 'package:flutter_aws_app/packages/sig_v4.dart';
import 'package:http/http.dart' as http;

class GraphQLApi {
  final String endpoint;
  final String region;

  GraphQLApi(this.endpoint, this.region);

  Future<dynamic> post(
      AuthenticationCredentials credentials, String query) async {
    final awsSigV4Client = new AwsSigV4Client(
      credentials.accessKeyId,
      credentials.secretKey,
      endpoint,
      serviceName: 'appsync',
      sessionToken: credentials.sessionToken,
      region: region,
    );

    final signedRequest = new SigV4Request(awsSigV4Client,
        method: 'POST',
        path: '/graphql',
        headers: new Map<String, String>.from(
            {'Content-Type': 'application/graphql; charset=utf-8'}),
        body: new Map<String, dynamic>.from(
            {'operationName': 'listPets', 'query': query}));

    http.Response response;
    try {
      response = await http.post(signedRequest.url,
          headers: signedRequest.headers, body: signedRequest.body);
    } catch (e) {
      print(e);
    }
    print(response.body);
    return response.body;
  }
}

index.js

const graphQLApiCloudWatchLogsRole = new aws.iam.Role("graphQLApiCloudWatchLogsRole", {
    assumeRolePolicy: JSON.stringify({
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "Service": "appsync.amazonaws.com"
                },
                "Action": "sts:AssumeRole"
            }
        ]
    }),
});

const graphQLApiCloudWatchLogsRolePolicyAttachment = new aws.iam.RolePolicyAttachment("graphQLApiCloudWatchLogsRolePolicyAttachment", {
    policyArn: "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
    role: graphQLApiCloudWatchLogsRole.name,
});

const graphQLApi = new aws.appsync.GraphQLApi("graphQLApi", {
    authenticationType: "AWS_IAM",
    logConfig: {
        cloudwatchLogsRoleArn: graphQLApiCloudWatchLogsRole.arn,
        fieldLogLevel: "ERROR",
    },
    schema: graphQLSchema,
});

const identityPoolAuthenticatedGraphQLAccessRolePolicyValue = pulumi.all([
    graphQLApi.arn])
    .apply(([
                graphQLApiArn,
            ]) => JSON.stringify({
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "appsync:GraphQL"
                ],
                "Resource": [
                    `${graphQLApiArn}/*`
                ]
            }
        ]
    }));

const identityPoolAuthenticatedGraphQLAccessRolePolicy = new aws.iam.RolePolicy("identityPoolAuthenticatedGraphQLAccessRolePolicy", {
    policy: identityPoolAuthenticatedGraphQLAccessRolePolicyValue,
    role: identityPoolAuthenticatedRole.id,
});