Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nikaera/serverless-amplify-auth

Update Policy for Amplify's Auth Role and Unauth Role in the Serverless Framework
https://github.com/nikaera/serverless-amplify-auth

amplify amplify-js aws iam serverless-framework serverless-plugin

Last synced: 14 days ago
JSON representation

Update Policy for Amplify's Auth Role and Unauth Role in the Serverless Framework

Host: GitHub
URL: https://github.com/nikaera/serverless-amplify-auth
Owner: nikaera
License: mit
Created: 2020-11-03T07:37:08.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2023-01-25T20:03:17.000Z (almost 2 years ago)
Last Synced: 2025-01-05T08:12:06.061Z (19 days ago)
Topics: amplify, amplify-js, aws, iam, serverless-framework, serverless-plugin
Language: TypeScript
Homepage: https://www.npmjs.com/package/serverless-amplify-auth
Size: 965 KB
Stars: 9
Watchers: 3
Forks: 0
Open Issues: 28
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# serverless-amplify-auth 🔑

Update Policy for Amplify's Auth Role and Unauth Role in the Serverless Framework.

## :hammer: Minimum requirements

- [Node.js v12.19.0 or higher](https://nodejs.org/en/)
- [Serverless Framework v2.3.0 or higher](https://www.serverless.com/)

## 💾 Installation

Install the plugin via Yarn (recommended)

```bash
yarn add --dev serverless-amplify-auth
```

or via NPM

```bash
npm i -D serverless-amplify-auth
```

You must also add the `amplify:GetBackendEnvironment` permission to the IAM Role.

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"amplify:GetBackendEnvironment"
],
"Resource": "*"
}
]
}
```

## 🛠️ Configuring the plugin

Add `serverless-amplify-auth` to the plugins section of `serverless.yml`

```yaml
plugins:
- serverless-amplify-auth
```

Add the following example config to the custom section of `serverless.yml`

```yaml
custom:
amplify-auth:
appId: XXXXXXXXXXXXX #
envName: ${opt:stage, self:provider.stage, 'dev'} #
# profile: default #
# isClearPolicy: false #
unauthRole: #
- PolicyName: "Unauth"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- appsync:GraphQL
Resource:
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Mutation/fields/createComment
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Query/fields/listComments
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Subscription/fields/onCreateComment
authRole: #
- PolicyName: "Auth"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- appsync:GraphQL
Resource:
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Mutation/*
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Query/*
- arn:aws:appsync:#{AWS::Region}:#{AWS::AccountId}:apis/XXXXXXXXXXXXXXX/types/Subscription/*
```

In the `custom.amplify-auth.authRole` and `custom.amplify-auth.unauthRole` fields, you can use `#{AWS::AccountId}` and `#{AWS::Region}`. The `#{AWS::AccountId}` and `#{AWS::Region}` can be used to set the value of the AWS Account ID and Region information set in the AWS Profile, which are necessary to build an ARN. 💪

## ▶️ Usage

### `serverless deploy`

Update the `authRole` and `unauthRole` policy of Amplify specified by `custom.amplify-auth.appId` at the same time of deploying of the functions.

### `serverless package`

Update the `authRole` and `unauthRole` policy of Amplify specified by `custom.amplify-auth.appId`.

## 🎁 Contributing

If you have any questions, please feel free to reach out to me directly on Twitter [nikaera](https://twitter.com/n1kaera), or feel free to create an Issue or PR for you.

## License

[MIT](https://github.com/nikaera/serverless-amplify-auth/blob/main/LICENSE)