Is this feature request related to a new or existing Amplify category?
No response
Is this related to another service?
No response
Describe the feature you'd like to request
In Gen1, customers can override the built-in auth resources by running amplify override auth. This creates an overrides.ts file where customers can override resource properties using the CDK. For example
import { AmplifyProjectInfo, AmplifyAuthCognitoStackTemplate } from '@aws-amplify/cli-extensibility-helper';
export function override(resources: AmplifyAuthCognitoStackTemplate, amplifyProjectInfo: AmplifyProjectInfo) {
resources.userPool!.deletionProtection = 'ACTIVE';
}Our code-generation should take this override.ts file into account and produce the equivalent Gen2 code.
Describe the solution you'd like
Ideally, we would transform the override.ts to look like this:
export function override(backend: Backend<any>, amplifyProjectInfo: { envName: string, projectName: string }) {
(backend.auth.resources.userPool.node.defaultChild as CfnUserPool).deletionProtection = 'ACTIVE';
}And then invoke this function from backend.ts:
import { override as overrideAuth } from './auth/override.ts`
const branchName = process.env.AWS_BRANCH ?? 'sandbox';
const backend = defineBackend({
...,
auth,
});
overrideAuth(backend, { envName: branchName, projectName: '<hard-code-project-name>' });Describe alternatives you've considered
None
Additional context
|
export type AmplifyAuthCognitoStackTemplate = { |
|
customMessageConfirmationBucket?: s3.CfnBucket; |
|
snsRole?: iam.CfnRole; |
|
userPool?: cognito.CfnUserPool; |
|
userPoolClientWeb?: cognito.CfnUserPoolClient; |
|
userPoolClient?: cognito.CfnUserPoolClient; |
|
identityPool?: cognito.CfnIdentityPool; |
|
identityPoolRoleMap?: cognito.CfnIdentityPoolRoleAttachment; |
|
lambdaConfigPermissions?: Record<string, lambda.CfnPermission>; |
|
lambdaTriggerPermissions?: Record<string, iam.CfnPolicy>; |
|
// custom resources userPoolClient |
|
userPoolClientLambda?: lambda.CfnFunction; |
|
userPoolClientRole?: iam.CfnRole; |
|
userPoolClientLambdaPolicy?: iam.CfnPolicy; |
|
userPoolClientLogPolicy?: iam.CfnPolicy; |
|
userPoolClientInputs?: cdk.CustomResource; |
|
// custom resources HostedUI |
|
hostedUICustomResource?: lambda.CfnFunction; |
|
hostedUICustomResourcePolicy?: iam.CfnPolicy; |
|
hostedUICustomResourceLogPolicy?: iam.CfnPolicy; |
|
hostedUICustomResourceInputs?: cdk.CustomResource; |
|
// custom resource HostedUI Provider |
|
hostedUIProvidersCustomResource?: lambda.CfnFunction; |
|
hostedUIProvidersCustomResourcePolicy?: iam.CfnPolicy; |
|
hostedUIProvidersCustomResourceLogPolicy?: iam.CfnPolicy; |
|
hostedUIProvidersCustomResourceInputs?: cdk.CustomResource; |
|
// custom resource OAUTH Provider |
|
oAuthCustomResource?: lambda.CfnFunction; |
|
oAuthCustomResourcePolicy?: iam.CfnPolicy; |
|
oAuthCustomResourceLogPolicy?: iam.CfnPolicy; |
|
oAuthCustomResourceInputs?: cdk.CustomResource; |
|
// custom resource MFA |
|
mfaLambda?: lambda.CfnFunction; |
|
mfaLogPolicy?: iam.CfnPolicy; |
|
mfaLambdaPolicy?: iam.CfnPolicy; |
|
mfaLambdaInputs?: cdk.CustomResource; |
|
mfaLambdaRole?: iam.CfnRole; |
|
|
|
// custom resource identity pool - OPenId Lambda Role |
|
openIdLambda?: lambda.CfnFunction; |
|
openIdLogPolicy?: iam.CfnPolicy; |
|
openIdLambdaIAMPolicy?: iam.CfnPolicy; |
|
openIdLambdaInputs?: cdk.CustomResource; |
|
openIdLambdaRole?: iam.CfnRole; |
|
} & AmplifyCDKL1; |
|
export type AmplifyUserPoolGroupStackTemplate = { |
|
userPoolGroup?: Record<string, cognito.CfnUserPoolGroup>; |
|
userPoolGroupRole?: Record<string, iam.CfnRole>; |
|
roleMapCustomResource?: cdk.CustomResource; |
|
lambdaExecutionRole?: iam.CfnRole; |
|
roleMapLambdaFunction?: lambda.CfnFunction; |
|
} & AmplifyCDKL1; |
Each one of them would likely require its own special transformation.
Is this something that you'd be interested in working on?
Would this feature include a breaking change?
Is this feature request related to a new or existing Amplify category?
No response
Is this related to another service?
No response
Describe the feature you'd like to request
In Gen1, customers can override the built-in auth resources by running
amplify override auth. This creates anoverrides.tsfile where customers can override resource properties using the CDK. For exampleOur code-generation should take this
override.tsfile into account and produce the equivalent Gen2 code.Describe the solution you'd like
Ideally, we would transform the
override.tsto look like this:And then invoke this function from
backend.ts:Describe alternatives you've considered
None
Additional context
amplify-cli/packages/amplify-cli-extensibility-helper/src/types/auth/types.ts
Lines 21 to 65 in 664dabc
amplify-cli/packages/amplify-cli-extensibility-helper/src/types/auth/types.ts
Lines 70 to 76 in 664dabc
Each one of them would likely require its own special transformation.
Is this something that you'd be interested in working on?
Would this feature include a breaking change?