In an earlier post, I described how to have a separate Amplify environment for each developer in the team who are using separate AWS accounts.
Now, what if there are multiple developers in the team that use different AWS accounts, but we don’t want to use multiple Amplify environments but want the ability that each Amplify environment can be used by every developer in their own AWS accounts?
Another scenario is that the team would like to have the stack for the production environment in the same git repo, but don’t want to share the details of the production roles in the git repo such as the AuthRole, UnauthRole etc.
This post is going to describe using the same AWS Amplify environment(s) for multiple developers with different AWS accounts that don’t have access to each others’ accounts.
FIrst time setup
This post assumes that you have the following setup already:
- Amplify CLI installed.
- An AWS Profile with permissions to deploy to your AWS account
we are going to setup the Amplify app for the first time. So got to the root of your project and follow the usual commands provided below and choose options in the interactive prompts:
Add a service, here we I will use
amplify add auth
Push your changes to your AWS account:
Choose to create a new environment and name it something. Also make sure you have an AWS profile present which has the required permissions to perform Amplify operation in your AWS account.
This is going to create and publish a new Amplify app for you. We added the authentication service that will create respective Cognito resources.
Amplify folder is going to be created in the root of the project.
Adding files to .gitignore
Next we need to add some Amplify configuration files to .gitignore so they are not included in the repository. The reason for this is that some of these files contain AWS account specific information which prohibits us to push changes made by one AWS account to another AWS account. Then, there are files that are just some local files that are created automatically for a user when they follow Amplify commands.
So, as your .gitignore already has an
#Amplify section already present, update this section to look like the following:
#amplify amplify/\#current-cloud-backend amplify/mock-data amplify/.config/local-aws-info.json amplify/backend/amplify-meta.json amplify/team-provider-info.json build/ dist/ node_modules/ aws-exports.js aws-exports.ts awsconfiguration.json amplifyconfiguration.json amplify-gradle-config.json amplifyxc.config
First commit your
.gitignore before any other so that it can take effect in your repo:
git add .gitignore && git commit -m "Additions to gitignore"
Next, add the remaining Amplify files to the repo:
git add --all git commit "Amplify configuration" git push origin master
setup for second developer’s accounts
Now that the initial setup for Amplify is complete, other developers can pull these changes pull these changes to their git repo:
git pull origin master
Changes to the Amplify configuration
Now open the file
amplify/backend/auth/yourAmplifyProjectName/parameters.json and find the following section in code:
This is the domain name that will be generated for Cognito. This domain name needs to be universally unique and as the original developer who created this Amplify configuration is already using this domain name, you need to update this value to a random, long unique string, otherwise the Amplify deployment will fail. So let’s say you replace this value like the following:
This is the only change that is required to make the configuration work.
Enter the following Amplify commands:
amplify init ? Do you want to use an existing environment? Yes ? Enter a name for the environment prod ? Do you want to use an AWS profile? Yes ? Please choose the profile you want to use YourProfileName
Notice that we are going to use the same environment prod here. The developer needs to choose an AWS profile on their machine which has permissions necessary for deploying Amplify.
And that is it. All the resources that the first developer had deployed to their account are now also available to the second developer’s account as well. This setup can then be established by as many members of the team and they can push to the same git branch while working independently in their own AWS accounts.
Now as an added benefit, the details for the production environment such as authorisation roles etc present in
amplify/team-provider-info.json are not added to the git repository as the file is being git ignored.
This post described how we can use the same Amplify environment between multiple developers who have AWS accounts that are totally separate from each other and that to accomplish this, we only need to add some Amplify configuration files to .gitignore and just provide a unique Domain Name for Cognito in the
amplify/backend/auth/yourAmplifyProjectName/parameters.json file and the team is all set to use the same info from the code repo and deploy in their own AWS accounts.
Also, this technique provides a way to not share any sensitive AWS Amplify information for an environment in the git repository but still works with multiple AWS accounts.