Page updated Nov 11, 2023

Configure user allow list

Each Amplify authenticated user can be configured to have their own unique logging configuration. This is helpful in enabling you debug issues more granularly for your users.

Retrieve userIDs with Amplify Auth.

You can use the Amplify Auth category to retrieve the userId for a specific user if needed. You can also retrieve the userId by visiting the Amazon Cognito console and inspecting the User ID in User pools.

1Amplify.Auth.getCurrentUser(
2 user.userId,
3 error -> // failed to fetch user
4);
1Amplify.Auth.getCurrentUser({ user ->
2 user.userId,{
3 // failed to get user
4})
1RxAmplify.Auth.getCurrentUser().subscribe(
2 result -> result.userId,
3 error -> // failed to get user
4 );

Configure user allow list

Below is an example of setting different default and category log level for an authenticated user.

Add a userLogLevel section and for each user identifier add a defaultLogLevel and categoryLogLevel.

1{
2 "awsCloudWatchLoggingPlugin": {
3 "enable": true,
4 "logGroupName": "<log-group-name>",
5 "region": "<region>",
6 "localStoreMaxSizeInMB": 1,
7 "flushIntervalInSeconds": 60,
8 "loggingConstraints": {
9 "defaultLogLevel": "ERROR",
10 "userLogLevel": {
11 "xyz-123": {
12 "defaultLogLevel": "DEBUG",
13 "categoryLogLevel": {
14 "Storage": "VERBOSE",
15 "Api": "VERBOSE"
16 }
17 }
18 }
19 }
20 }
21}

Provide a map of UserLogLevel at initialization and configuration of the AWSCloudWatchLoggingPlugin.

1Map<CategoryType, LogLevel> categoryOverrides = new HashMap<>();
2categoryOverrides.put(CategoryType.AUTH, LogLevel.VERBOSE);
3categoryOverrides.put(CategoryType.STORAGE, LogLevel.DEBUG);
4
5UserLogLevel userLogLevel = new UserLogLevel(LogLevel.WARN, categoryOverrides);
6
7Map<String, UserLogLevel> userOverrides = new HashMap<>();
8userOverrides.put("USER_ID", userLogLevel);
9
10LoggingConstraints loggingConstraints = new LoggingConstraints(LogLevel.WARN, categoryOverrides, userOverrides);
11
12AWSCloudWatchLoggingPluginConfiguration config = new AWSCloudWatchLoggingPluginConfiguration (<log-group-name>, <region>, loggingConstraints);
13Amplify.addPlugin(new AWSCloudWatchLoggingPlugin(config));
1val categoryOverrides = mapOf(CategoryType.AUTH to LogLevel.VERBOSE, CategoryType.STORAGE to LogLevel.DEBUG)
2val userOverrides = mapOf("USER_ID" to UserLogLevel(LogLevel.WARN, categoryOverrides))
3
4val loggingConstraints = LoggingConstraints(defaultLogLevel = LogLevel.WARN, userLogLevel = userOverrides)
5
6val config = AWSCloudWatchLoggingPluginConfiguration(logGroupName = <log-group-name>, region = <region>, loggingConstraints = loggingConstraints)
7Amplify.addPlugin(AWSCloudWatchLoggingPlugin(config))
1Map<CategoryType, LogLevel> categoryOverrides = new HashMap<>();
2categoryOverrides.put(CategoryType.AUTH, LogLevel.VERBOSE);
3categoryOverrides.put(CategoryType.STORAGE, LogLevel.DEBUG);
4
5UserLogLevel userLogLevel = new UserLogLevel(LogLevel.WARN, categoryOverrides);
6
7Map<String, UserLogLevel> userOverrides = new HashMap<>();
8userOverrides.put("USER_ID", userLogLevel);
9
10LoggingConstraints loggingConstraints = new LoggingConstraints(LogLevel.WARN, categoryOverrides, userOverrides);
11
12AWSCloudWatchLoggingPluginConfiguration config = new AWSCloudWatchLoggingPluginConfiguration (<log-group-name>, <region>, loggingConstraints);
13Amplify.addPlugin(new AWSCloudWatchLoggingPlugin(config));