VPC Access for Amplify Static Applications

[DanielNetzeriAm]

We are using ECS to deploy ec2 instances as backend api's/microservices, all of those are inside a VPC in our QA and DEV account.

When we try to run Cypress unit tests the application makes http requests to those microservices resulting in timeout as the applications isn't part of the VPC.

a scenario for example: App Startup -> User Unauthorized -> Send Http Request to Auth Microservice -> Timeout. Tests fail.

Would be happy if there's a way to add Amplify applications into a VPC in general so we can control the access on the development environments.

[abhi7cr]

Hi @DanielNetzeriAm,

I believe we don't support hosting in VPC at the moment. I have added it to our feature backlog.

[shivaas]

is there an update on where this stands in terms of priority? with SPA apps testing in non-production environments becomes a challenge with not being able to deploy apps within a VPC

[rishikanttwr]

Any possible solutions for this issue?

[kevinphillips81]

Hi - is there any update to this please? It would be great to use Amplify to deploy internal applications rather than just externally facing ones. Thanks :)

[vbhakta8]

Is there a timeline on when this might be coming, if not is there any support guide on how we can add amplify apps to our VPC?

[vleandersson]

+1

[jimmymabunda]

+1

[joaobonsegno]

+1

[youwalther65]

Any news here or roadmap progress? Thx.

[rudyjdr]

any news please ?

[joshpopelka20]

any updates? Also, looking to have this feature

[JonathanReiss15]

Any updates here? Blocks my use case of accessing Elasticsearch cluster inside my VPC --- big deal breaker

[jhwang09]

I want to +1 on this one

[GabrieleMazzola]

+1 on this issue. This is currently creating us issues as we necessarily need to open our RDS to the Internet in order to have our Next backend connect to it.

[skolenkin]

+1 on this issue.

[alumni49242]

+1

[jethroguce]

+1

[mririgoyen]

It's been nearly 3 years since this was added to the backlog. Is there legitimately no progress to report on it? It does seem pretty insane that the recommendation is to just open RDS or other resources to the public facing internet just to deploy a Next.js site. Please allow configurable VPC access via amplify.yml or some other configuration panel in the Amplify Console. The convenience of Amplify is not worth the security implications if it cannot communicate with my data sources hosted within AWS as well.

[leoata]

^ I cant open up my database to the internet thats behind a VPC with many services containing sensitive data. As it stands, it isn't worth it in the slightest. This is a dealbreaker for me; I'd love to see some progress on this

[bigboypantson]

This would be ideal, if not I need to move a project off Amplify and into EC2 to access our VPC peering connection.

[IvanVeridian]

+1 on the above. Can we get a status update please? This is also a dealbreaker for my use-case.

[georgipasta]

+1 On all of the above. Not even just from a security standpoint, but in terms of ease of setup, all the "high level abstraction" that AWS Amplify adds is quickly negated by the fact that you have to go through extra hurdles just to be able to connect an ElastiCache instance for example.

[ashokmagadum]

+1

[KindArt]

+1

[hyoloui]

+1

[breaker05]

+1

This has been three years, so is this actually on your roadmap? Amplify would be a great solution if so, otherwise this product is useless to many, especially those of us needing SOC 2 compliance since the database being open is huge gap and is not a solution for production apps.

[skilef]

+1

[hyoloui]

+1

[jitendra-koodo]

+1

[RigoMiranda]

+1

[icanq]

+1

[mustafashykh]

+10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

[mustafashykh]

+1

[Haadiqbal]

+1

[Ehtashamm-Ul-Haq]

+1

[tayyab-1]

+1

[Fatima-Naseer]

+1

[navekedem-dooble]

+1

[icanq]

+1

[finchley-agilekinetic]

+1

[leog]

+1

[sameigen]

+1, in what universe is it okay to open 3306 to the world?

[swaminator]

Hi folks, we just wrote a blog post on how to access resources inside a VPC from an Amplify hosted app: https://aws.amazon.com/blogs/mobile/accessing-resources-in-a-amazon-virtual-private-cloud-amazon-vpc-from-next-js-api-routes/.

Would this meet your needs? If not, we'd love to learn more about what you would like to see.

[thewebwell]

Hi folks, we just wrote a blog post on how to access resources inside a VPC from an Amplify hosted app: https://aws.amazon.com/blogs/mobile/accessing-resources-in-a-amazon-virtual-private-cloud-amazon-vpc-from-next-js-api-routes/.

Would this meet your needs? If not, we'd love to learn more about what you would like to see.

Thanks for sharing this detailed post which is certainly useful, however for my own needs I would love to see how you can securely connect to an RDS database inside a VPC from the next app. This must surely be a very common use case for pretty much any ssr app.

[clementAC]

The blog post does not meet basic needs. I don't want to have another api (the lambda in the blog post act like it was an API). What I need is access ressources inside VPC from the backend part of my next.js application without any third party lambda in between.

[mustafashykh]

@swaminator Ideally we want to have a VPC option in app settings in amplify.

[flexicious]

@swaminator , what absolutely sucks is we find out that this glaring limitation exists after investing hours, days, weeks of time into Amplify. Nobody in their right mind is going to open up postgres to the internet. Its Thats how these thing get hacked and you get an email to send bitcoin to unlock your data, or worse yet, your customers data. We are headed back to a different solution - which is a total shame because amplify is so perfect in every way. Given that this has been open for 3 years gives me no hope that this will be addressed anytime soon. This should be added in giant bold letters as a disclaimer for anyone using amplify - because its just a waste of everyones time. Having a lambda pass through defeats the purpose of using next - at that point might as well just do s3 and apigw, no point in using amplify.

[mustafashykh]

I have set a reminder to keep posting in this thread :p, Guys at least can we get an ETA, doesn't need to be accurate just a ballpark would be fine

Requirements

• Choose VPC in the settings
• A dropdown with the following options, (Public), (Internal will only be available within the VPC network)

[nicolasmalfonso]

+1

[aris-setiawan]

Regrettably, this fundamental requirement is missing in Amplify. It should allow users to connect the backend code with any preferred ORM and DBMS directly and securely within the VPC network.