Removing auth from single Amplify environment - amazon-web-services

I am trying to remove auth from a single Amplify environment (production) using this command: amplify remove auth but would it be instead deleting all the user pools, thus affecting other environments?

Related

AWS Amplify fails to create models in the cloud after adding Analytics

Currently my amplify project has the API, Authentication, File Storage and Functions categories. Everything works perfectly fine until I add Analytics!
I am having the following error when I add analytics to my amplify project in react native and try to push GraphQL changes by performing amplify push:
Failed to create models in the cloud: Modelgen job creation failed
Everything is actually on the same AWS-Region, which is us-east-1.
Many suggests on the web that it's an issue that comes from the credentials that I am using, I verified numerous times and it is not, my amplify credentials and config file are perfectly matching AWS credentials. My aws_access_key_id, aws_secret_access_key and region from the credentials and config file are aligned with amplify user.
I also verified my user IAM permissions, and it has the following one :
AdministratorAccess
AdministratorAccess-Amplify
AmazonMobileAnalyticsFullAccess
When I revert my changes, by removing Analytics from my project using amplify remove analytics I am not having that error anymore when I push GraphQL changes.
Anyone has an idea what could be causing this error?

How to migrate AWS Amplify project to another AWS account?

I have a React application with AWS Amplify as its backend. I'm using AppSync API and DynamoDB database to save data. AppSync API is the only category that I provisoned in my project.
Category
Resource name
Operation
Provider plugin
Api
testAPI
No Change
awscloudformation
I need to clone this same AWS Amplify backend to another AWS account easily.
Yes, I could create another Amplify project and provision resources one by one. But is there any other easy method to move this Amplify backend to another AWS account?
I found a solution through this (https://github.com/aws-amplify/amplify-cli/issues/3350) Github issue thread. But I'm not 100% sure whether this is the recommend method to migrate Amplify resources.
These are the steps that I followed.
First, I pushed the project into a GitHub repo. This will push only the relevant files inside the amplify directory. (Amplify automatically populates .gitignore when we initialize our backend using amplify init).
Clone this repo to a new directory.
Next, I removed the amplify/team-provider-info.json file.
Run amplify init and you can choose your new AWS profile or you can enter secretAccessKeyId and accessKeyId for the new AWS account. (Refer this guide to create and save an IAM user with AWS Amplify access)
This will create backend resources locally. Now to push those resources, you can execute amplify push.
If you want to export the Amplify backend using a CDK pipeline, you can refer to this guide: https://aws.amazon.com/blogs/mobile/export-amplify-backends-to-cdk-and-use-with-existing-deployment-pipelines/

Does amplify remove auth affect all environments?

I want to remove auth from only 1 single Amplify environment (production) using amplify remove auth.
Does this command affect all environments?
Would it delete every user pool?
amplify remove auth will delete the authentication service locally from the currently checked out environment.
To find out your current environment, run amplify status. If this is the wrong environment, run amplify env list and then amplify env checkout ENV_NAME to switch to the right one.
Running amplify remove auth will then not touch any other auth related stacks (e.g. user pools etc.) for any other environments. It will only impact the current env.
Subsequently, run amplify push to update your cloud configuration once happy.

Authentication to GCP in terraform

We need to create gcp resources with terraform, but we are stuck at the terraform init stage while terraform tries to authenticate to gcp. We have already configured our backend and obtained our service account key but minifying (removing the extra lines in credential json file) the credential json and exporting to GOOGLE_CREDENTIALS, doesn't work. How are you setting this value?
If you are in a local and controlled environment you can use GOOGLE_APPLICATION_CREDENTIALS and set it with the path to the JSON key file. But as discussed key files are bad practices security wise. An alternative is to authenticate using gcloud auth application-default login and you dont have to deal with key files.
Another alternative is to use Google Cloud Shell which is already setup with the credentials of the authorised user opening the session.
Finally for automated pipeline you can use Google Cloud Build where processes will be run using the authentication and the authorisation of the service account used by Cloud Build

Restrict developers to pull production environment of AWS Amplify

We are creating the backend of our mobile/web app in Amplify and we have two environments there
1- Amplify Prod
2- Amplify Dev
Currently all of our developers who have access to amplify can pull both dev and prod environment in their local systems by running the amplify pull command. What we are trying to figure out is that is there any way we can restrict them to pull the prod environment? Like when they try to pull the prod environment they need to provide a password for successful pull or just totally restrict them to pull the prod? TIA