{"id":24108624,"url":"https://github.com/nikaera/serverless-amplify-auth","last_synced_at":"2025-05-12T20:13:09.121Z","repository":{"id":37074043,"uuid":"309608854","full_name":"nikaera/serverless-amplify-auth","owner":"nikaera","description":"Update Policy for Amplify's Auth Role and Unauth Role in the Serverless Framework","archived":false,"fork":false,"pushed_at":"2023-01-25T20:03:17.000Z","size":988,"stargazers_count":9,"open_issues_count":28,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-05T08:12:06.061Z","etag":null,"topics":["amplify","amplify-js","aws","iam","serverless-framework","serverless-plugin"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/serverless-amplify-auth","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nikaera.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-03T07:37:08.000Z","updated_at":"2023-08-30T11:34:39.000Z","dependencies_parsed_at":"2023-02-14T11:01:41.599Z","dependency_job_id":null,"html_url":"https://github.com/nikaera/serverless-amplify-auth","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikaera%2Fserverless-amplify-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikaera%2Fserverless-amplify-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikaera%2Fserverless-amplify-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nikaera%2Fserverless-amplify-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nikaera","download_url":"https://codeload.github.com/nikaera/serverless-amplify-auth/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233422972,"owners_count":18674089,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amplify","amplify-js","aws","iam","serverless-framework","serverless-plugin"],"created_at":"2025-01-10T23:39:11.054Z","updated_at":"2025-01-10T23:39:13.552Z","avatar_url":"https://github.com/nikaera.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# serverless-amplify-auth 🔑\n\nUpdate Policy for Amplify's Auth Role and Unauth Role in the Serverless Framework.\n\n## :hammer: Minimum requirements\n\n- [Node.js v12.19.0 or higher](https://nodejs.org/en/)\n- [Serverless Framework v2.3.0 or higher](https://www.serverless.com/)\n\n## 💾 Installation\n\nInstall the plugin via Yarn (recommended)\n\n```bash\nyarn add --dev serverless-amplify-auth\n```\n\nor via NPM\n\n```bash\nnpm i -D serverless-amplify-auth\n```\n\nYou must also add the `amplify:GetBackendEnvironment` permission to the IAM Role.\n\n```json\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"amplify:GetBackendEnvironment\"\n            ],\n            \"Resource\": \"*\"\n        }\n    ]\n}\n```\n\n## 🛠️ Configuring the plugin\n\nAdd `serverless-amplify-auth` to the plugins section of `serverless.yml`\n\n```yaml\nplugins:\n   - serverless-amplify-auth\n```\n\nAdd the following example config to the custom section of `serverless.yml`\n\n```yaml\ncustom:\n  amplify-auth:\n    appId: XXXXXXXXXXXXX # \u003cstring (required): Amplify's Application ID\u003e\n    envName: ${opt:stage, self:provider.stage, 'dev'} # \u003cstring (required): Amplify's environment name\u003e\n    # profile: default # \u003cstring (optional): Specify an AWS Profile that can handle Amplify and IAM\u003e\n    # isClearPolicy: false # \u003cboolean (optional): Delete all policies existing in the Role before updating the Policy\u003e\n    unauthRole: # \u003cPolicy (optional): Write a policy for the unauthRole created by Amplify auth\u003e\n      - PolicyName: \"Unauth\"\n        PolicyDocument:\n          Version: \"2012-10-17\"\n          Statement:\n            - Effect: Allow\n              Action:\n                - appsync:GraphQL\n              Resource:\n                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Mutation/fields/createComment\n                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Query/fields/listComments\n                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Subscription/fields/onCreateComment\n    authRole: # \u003cPolicy (optional): Write a policy for the authRole created by Amplify auth\u003e\n      - PolicyName: \"Auth\"\n        PolicyDocument:\n          Version: \"2012-10-17\"\n          Statement:\n            - Effect: Allow\n              Action:\n                - appsync:GraphQL\n              Resource:\n                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Mutation/*\n                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Query/*\n                - arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Subscription/*\n```\n\nIn the `custom.amplify-auth.authRole` and `custom.amplify-auth.unauthRole` fields, you can use `#{AWS::AccountId}` and `#{AWS::Region}`. The `#{AWS::AccountId}` and `#{AWS::Region}` can be used to set the value of the AWS Account ID and Region information set in the AWS Profile, which are necessary to build an ARN. 💪\n\n## ▶️ Usage\n\n### `serverless deploy`\n\nUpdate the `authRole` and `unauthRole` policy of Amplify specified by `custom.amplify-auth.appId` at the same time of deploying of the functions.\n\n### `serverless package`\n\nUpdate the `authRole` and `unauthRole` policy of Amplify specified by `custom.amplify-auth.appId`.\n\n## 🎁 Contributing\n\nIf you have any questions, please feel free to reach out to me directly on Twitter [nikaera](https://twitter.com/n1kaera), or feel free to create an Issue or PR for you.\n\n## License\n\n[MIT](https://github.com/nikaera/serverless-amplify-auth/blob/main/LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikaera%2Fserverless-amplify-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnikaera%2Fserverless-amplify-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnikaera%2Fserverless-amplify-auth/lists"}