Making amplify-video work well with amplify-cli

[kylekirkby]

Which Category is your question related to? amplify-video / amplify-cli

Provide additional details It would be great if amplify-video utilized the core amplify-cli features, better.

If possible amplify-video lambda functions should be able to be managed when running amplify update function. This could then allow these functions to share ARN's for other resources within Amplify. In example, the Cloudfront Signed URL function could be updated to give the correct IAM permissions for accessing the AppSync GraphQL API / DynamoDB. Or with amplify update function, I could given a completely different lambda function access to MediaConvert/input/output buckets.

[wizage]

We have considered this, problem is we have a dependencies on Secrets Manager (Not supported with Functions), Amplify CLI doesn't support in order spinning up resources and since some of these resources are highly dependent on the order of things being stood up. I.E. Bucket needs to be created before Lambda to trigger from the bucket.

The IAM should be allowed to access the permission for the AppSync GraphQL. I am curious what you are thinking about this :)

[kylekirkby]

AFAIK the amplify cli does actually support spinning up resources in a specified order via the backend-config.json file and the dependsOn sections. I have something like this for updating permissions on the Lambda Execution roles that are attached to Cognito trigger functions I.e:

...
    "perms": {
        "postConfirmationUpdate": {
            "service": "Cognito Post Confirmation Trigger Updates",
            "providerPlugin": "awscloudformation",
            "dependsOn": [
                {
                    "category": "api",
                    "resourceName": "resourcesHub",
                    "attributes": ["GraphQLAPIIdOutput"]
                },
                {
                    "category": "function",
                    "resourceName": "resourceshub5749acdaPostConfirmation",
                    "attributes": ["LambdaExecutionRole"]
                }
            ]
        }
    },
    "auth": {
...

Unless I'm being short sighted the backend-config.json could be updated for amplify-video so that any resources depending on prior resources being created, can be added like:

...
    "amplify-videoBuckets": {
        "inputBucket": {
            "service": "Amplify Video Buckets",
            "providerPlugin": "awscloudformation",
            "dependsOn": [
                {
                    "category": "auth",
                    "resourceName": "resourcesHub",
                    "attributes": ["ARN"]
                }
            ]
        },
                "outputBucket": {
            "service": "Amplify Video Output Bucket",
            "providerPlugin": "awscloudformation",
            "dependsOn": [
                {
                    "category": "auth",
                    "resourceName": "resourcesHub",
                    "attributes": ["ARN"]
                }
            ]
        }
    },
       "amplify-videoLambdaTriggers": {
        "inputBucketTrigger": {
            "service": "Amplify Video Bucket Triggers",
            "providerPlugin": "awscloudformation",
            "dependsOn": [
                {
                    "category": "amplify-videoBuckets",
                    "resourceName": "inputBucket",
                    "attributes": ["ARN"]
                }
            ]
        },
                "outputBucketTrigger": {
            "service": "Amplify Video Output Bucket Triggers",
            "providerPlugin": "awscloudformation",
            "dependsOn": [
                {
                    "category": "amplify-videoBuckets",
                    "resourceName": "outputBucket",
                    "attributes": ["ARN"]
                }
            ]
        },
         }
    "auth": {

AFAIK the above would work?! This is just an example that I quickly put together, of course.

Cheers!

Kyle