JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 34
  • Score
    100M100P100Q66679F
  • License MIT

Configuring Policy for Amplify's Auth Role and Unauth Role in the Serverless Framework

Package Exports

  • serverless-amplify-auth

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (serverless-amplify-auth) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

serverless-amplify-auth 🔑

Update Policy for Amplify's Auth Role and Unauth Role in the Serverless Framework.

🔨 Minimum requirements

💾 Installation

Install the plugin via Yarn (recommended)

yarn add --dev serverless-amplify-auth

or via NPM

npm i -D serverless-amplify-auth

You must also add the amplify:GetBackendEnvironment permission to the IAM Role.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "amplify:GetBackendEnvironment"
            ],
            "Resource": "*"
        }
    ]
}

🛠️ Configuring the plugin

Add serverless-amplify-auth to the plugins section of serverless.yml

plugins:
   - serverless-amplify-auth

Add the following example config to the custom section of serverless.yml

custom:
  amplify-auth:
    appId: XXXXXXXXXXXXX # <string (required): Amplify's Application ID>
    envName: ${opt:stage, self:provider.stage, 'dev'} # <string (required): Amplify's environment name>
    # profile: default # <string (optional): Specify an AWS Profile that can handle Amplify and IAM>
    # isClearPolicy: false # <boolean (optional): Delete all policies existing in the Role before updating the Policy>
    unauthRole: # <Policy (optional): Write a policy for the unauthRole created by Amplify auth>
      - PolicyName: "Unauth"
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Action:
                - appsync:GraphQL
              Resource:
                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Mutation/fields/createComment
                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Query/fields/listComments
                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Subscription/fields/onCreateComment
    authRole: # <Policy (optional): Write a policy for the authRole created by Amplify auth>
      - PolicyName: "Auth"
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
            - Effect: Allow
              Action:
                - appsync:GraphQL
              Resource:
                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Mutation/*
                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Query/*
                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Subscription/*

In the custom.amplify-auth.authRole and custom.amplify-auth.unauthRole fields, you can use #{AWS::AccountId} and #{AWS::Region}. The #{AWS::AccountId} and #{AWS::Region} can be used to set the value of the AWS Account ID and Region information set in the AWS Profile, which are necessary to build an ARN. 💪

▶️ Usage

serverless deploy

Update the authRole and unauthRole policy of Amplify specified by custom.amplify-auth.appId at the same time of deploying of the functions.

serverless package

Update the authRole and unauthRole policy of Amplify specified by custom.amplify-auth.appId.

🎁 Contributing

If you have any questions, please feel free to reach out to me directly on Twitter nikaera, or feel free to create an Issue or PR for you.

License

MIT