search

aws-amplify / amplify-cli

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Apache License 2.0
2.81k stars 820 forks source link

Reduce number of roles? #13542

Open bergmorten opened 7 months ago

bergmorten commented 7 months ago

Is this feature request related to a new or existing Amplify category?

api

Is this related to another service?

No response

Describe the feature you'd like to request

I notice that Amplify creates a lot of roles. My project has already 50 roles. Amplify creates for example a role per function and per graph table with IAM. If we should deploy the app to multiple domains/environments then we could hit the limit of 1000 roles (expandable by request to 5000).

Describe the solution you'd like

For GraphQL API I can not see the need for a role per table with IAM auth. There should be possible to have a common role with a resource array with each table arn?

Function roles is more tricky, but I think you should see if there is possible to combine them?

Describe alternatives you've considered

Common role for API with tables with IAM

Additional context

No response

Is this something that you'd be interested in working on?

Would this feature include a breaking change?

mkaya95 commented 7 months ago

Hi, I am suggesting you create different AWS accounts for each environment. So it will be better isolation for each environment and you will have less trouble regarding limits. Of course, your cost will increase if you are using additional services such as Opensearch, EC2, RDS database since you need to create instances for each environment

ykethan commented 7 months ago

Hey @bergmorten, thank you for reaching out. marking this as feature-request for the Amplify team to evaluate the improvement.