serverless-amplify-auth v1.1.4
serverless-amplify-auth 🔑
Update Policy for Amplify's Auth Role and Unauth Role in the Serverless Framework.
:hammer: Minimum requirements
💾 Installation
Install the plugin via Yarn (recommended)
yarn add --dev serverless-amplify-author via NPM
npm i -D serverless-amplify-authYou must also add the amplify:GetBackendEnvironment permission to the IAM Role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"amplify:GetBackendEnvironment"
],
"Resource": "*"
}
]
}🛠️ Configuring the plugin
Add serverless-amplify-auth to the plugins section of serverless.yml
plugins:
- serverless-amplify-authAdd the following example config to the custom section of serverless.yml
custom:
amplify-auth:
appId: XXXXXXXXXXXXX # <string (required): Amplify's Application ID>
envName: ${opt:stage, self:provider.stage, 'dev'} # <string (required): Amplify's environment name>
# profile: default # <string (optional): Specify an AWS Profile that can handle Amplify and IAM>
# isClearPolicy: false # <boolean (optional): Delete all policies existing in the Role before updating the Policy>
unauthRole: # <Policy (optional): Write a policy for the unauthRole created by Amplify auth>
- PolicyName: "Unauth"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- appsync:GraphQL
Resource:
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Mutation/fields/createComment
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Query/fields/listComments
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Subscription/fields/onCreateComment
authRole: # <Policy (optional): Write a policy for the authRole created by Amplify auth>
- PolicyName: "Auth"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- appsync:GraphQL
Resource:
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Mutation/*
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Query/*
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Subscription/*In the custom.amplify-auth.authRole and custom.amplify-auth.unauthRole fields, you can use #{AWS::AccountId} and #{AWS::Region}. The #{AWS::AccountId} and #{AWS::Region} can be used to set the value of the AWS Account ID and Region information set in the AWS Profile, which are necessary to build an ARN. 💪
▶️ Usage
serverless deploy
Update the authRole and unauthRole policy of Amplify specified by custom.amplify-auth.appId at the same time of deploying of the functions.
serverless package
Update the authRole and unauthRole policy of Amplify specified by custom.amplify-auth.appId.
🎁 Contributing
If you have any questions, please feel free to reach out to me directly on Twitter nikaera, or feel free to create an Issue or PR for you.