Open kylekirkby opened 3 years ago
We have considered this, problem is we have a dependencies on Secrets Manager (Not supported with Functions), Amplify CLI doesn't support in order spinning up resources and since some of these resources are highly dependent on the order of things being stood up. I.E. Bucket needs to be created before Lambda to trigger from the bucket.
The IAM should be allowed to access the permission for the AppSync GraphQL. I am curious what you are thinking about this :)
AFAIK the amplify cli does actually support spinning up resources in a specified order via the backend-config.json file and the dependsOn
sections. I have something like this for updating permissions on the Lambda Execution roles that are attached to Cognito trigger functions I.e:
...
"perms": {
"postConfirmationUpdate": {
"service": "Cognito Post Confirmation Trigger Updates",
"providerPlugin": "awscloudformation",
"dependsOn": [
{
"category": "api",
"resourceName": "resourcesHub",
"attributes": ["GraphQLAPIIdOutput"]
},
{
"category": "function",
"resourceName": "resourceshub5749acdaPostConfirmation",
"attributes": ["LambdaExecutionRole"]
}
]
}
},
"auth": {
...
Unless I'm being short sighted the backend-config.json could be updated for amplify-video so that any resources depending on prior resources being created, can be added like:
...
"amplify-videoBuckets": {
"inputBucket": {
"service": "Amplify Video Buckets",
"providerPlugin": "awscloudformation",
"dependsOn": [
{
"category": "auth",
"resourceName": "resourcesHub",
"attributes": ["ARN"]
}
]
},
"outputBucket": {
"service": "Amplify Video Output Bucket",
"providerPlugin": "awscloudformation",
"dependsOn": [
{
"category": "auth",
"resourceName": "resourcesHub",
"attributes": ["ARN"]
}
]
}
},
"amplify-videoLambdaTriggers": {
"inputBucketTrigger": {
"service": "Amplify Video Bucket Triggers",
"providerPlugin": "awscloudformation",
"dependsOn": [
{
"category": "amplify-videoBuckets",
"resourceName": "inputBucket",
"attributes": ["ARN"]
}
]
},
"outputBucketTrigger": {
"service": "Amplify Video Output Bucket Triggers",
"providerPlugin": "awscloudformation",
"dependsOn": [
{
"category": "amplify-videoBuckets",
"resourceName": "outputBucket",
"attributes": ["ARN"]
}
]
},
}
"auth": {
AFAIK the above would work?! This is just an example that I quickly put together, of course.
Cheers!
Kyle
Which Category is your question related to? amplify-video / amplify-cli
Provide additional details It would be great if
amplify-video
utilized the coreamplify-cli
features, better.If possible
amplify-video
lambda functions should be able to be managed when runningamplify update function
. This could then allow these functions to share ARN's for other resources within Amplify. In example, the Cloudfront Signed URL function could be updated to give the correct IAM permissions for accessing the AppSync GraphQL API / DynamoDB. Or withamplify update function
, I could given a completely different lambda function access to MediaConvert/input/output buckets.