Me and my partner are working on a web-project using AWS Amplify, where we have two different Amplify environments in which we are working. Is there a way for me to add the resources present in my partners environment to my environment? More specifically I would like to add/access the existing API gateway and Lambda functions my partner created in his environment to mine (have them show up as resources when using 'amplify status' in my environment). Is this possible?
This file aws-exports.js is the same meaning as .env
So everyone can have their own setting
Create a copy aws-exports.js and name it aws-exports.mysetting.js
When others run your project
cp aws-exports.mysetting.js aws-exports.js
Related
I have a React application with AWS Amplify as its backend. I'm using AppSync API and DynamoDB database to save data. AppSync API is the only category that I provisoned in my project.
Category
Resource name
Operation
Provider plugin
Api
testAPI
No Change
awscloudformation
I need to clone this same AWS Amplify backend to another AWS account easily.
Yes, I could create another Amplify project and provision resources one by one. But is there any other easy method to move this Amplify backend to another AWS account?
I found a solution through this (https://github.com/aws-amplify/amplify-cli/issues/3350) Github issue thread. But I'm not 100% sure whether this is the recommend method to migrate Amplify resources.
These are the steps that I followed.
First, I pushed the project into a GitHub repo. This will push only the relevant files inside the amplify directory. (Amplify automatically populates .gitignore when we initialize our backend using amplify init).
Clone this repo to a new directory.
Next, I removed the amplify/team-provider-info.json file.
Run amplify init and you can choose your new AWS profile or you can enter secretAccessKeyId and accessKeyId for the new AWS account. (Refer this guide to create and save an IAM user with AWS Amplify access)
This will create backend resources locally. Now to push those resources, you can execute amplify push.
If you want to export the Amplify backend using a CDK pipeline, you can refer to this guide: https://aws.amazon.com/blogs/mobile/export-amplify-backends-to-cdk-and-use-with-existing-deployment-pipelines/
I am setting up a amplify project for a certain project. In near future, I would want the project to be transferred to different AWS account but with exact configuration. What's the best way to achieve so? Is there any way I can create some sort of script that would set up same project in different AWS account?
I do something very similar leveraging AWS Organizations with multiple member accounts and AWS SSO. At a high level, here are some things you will want to think about...
You can find a high level architecture diagram about this here: https://aws.amazon.com/blogs/mobile/fintech-startup-creditgenie-ultimate-speed-from-mvp-to-growth/
I've been meaning to write a blog post about this, but at a high level...
Create an AWS organization from your root AWS account and setup AWS SSO.
Create multiple member AWS accounts within the organization. e.g., customer1, customer2, etc.
Create branches in your repository that match your account structure e.g., origin/customer1, origin/customer2.
From each member AWS account, create an Amplify app in the Amplify console with 1 environment that points to the correct branch, e.g, AWS account customer1 should have an Amplify App with 1 environment called customer1 that points to the branch remote/customer1
As you develop and merge changes into your main branch, you will want to also merge main into your "production" branches e.g., merge origin/main -> origin/customer1 etc.
We are creating the backend of our mobile/web app in Amplify and we have two environments there
1- Amplify Prod
2- Amplify Dev
Currently all of our developers who have access to amplify can pull both dev and prod environment in their local systems by running the amplify pull command. What we are trying to figure out is that is there any way we can restrict them to pull the prod environment? Like when they try to pull the prod environment they need to provide a password for successful pull or just totally restrict them to pull the prod? TIA
I am pretty new to Spring Boot. I am looking to set up my application to use my IAM role for S3 access while my project is hosted on EC2, and local credentials for when I am testing on my machine. I am using DefaultAWSCredentialsProviderChain() in my AmazonS3ClientBuilder, I just can't figure out where I need to set up the credentials for when I am testing locally. I was hoping to set up a configuration file for the AWS credentials that I can put in my .gitignore.
Am I going about this the right way?
Figured it out.
Needed to created a file called "credentials" in my root directory with the following information:
[default]
aws_access_key_id=KEY
aws_secret_access_key=SECRET
Obviously replace KEY and SECRET with your own.
Now DefaultAWSCredentialsProviderChain() can see the credentials on my machine, and will use my IAM role when running on my EC2.
I have deployed the django application on aws . I want that application should be deployed by team as well. What is procedure to do this? I have searched a lot and almost spent couple of hours . Anyone has any answer or tutorial?
Can we share these keys ?
aws_access_key_id
aws_secret_access_key
No, the AWS access keys should be kept secret and not even stored under version control.
For deployment (i.e. the credentials needed to actually release the code - used by EB), you should use an aws profile. Add a ~/.aws/credentials file with
[myprofile]
aws_access_key_id=...
aws_secret_access_key=...
and then, on all eb commands use --profile. e.g.
eb create --profile myprofile
If your application requires other AWS services (e.g. RDS, S3, SQS), then you can use the same local profile for development (although I would recommend not requiring any other AWS for testing) by using then environment variable export AWS_PROFILE=myprofile. And then rely on AWS roles and policies for the production environment.
If you feel you need the secret keys as django settings, then consider using https://django-environ.readthedocs.org where you can keep all those secrets on a .env file that gets loaded by django. But again, this file should not be under version control.
You should also create IAM users for every person in your team, so each person has its own credentials, and you can more easily monitor or if needed, revoke credentials.