Page updated Jan 16, 2024

Modify Amplify-generated resources

Amplify Storage uses underlying AWS services and resources such as S3 and DynamoDB. You can customize these underlying resources for your specific use case.

amplify override storage
1amplify override storage

Run the command above to override Amplify-generated storage resources including the S3 bucket, DynamoDB tables, and more.

The command creates a new overrides.ts file under amplify/backend/storage/<resource-name>/ which provides you the Amplify-generated resources as CDK constructs.

Customize Amplify-generated S3 resources

Apply all the overrides in the override(...) function. For example to enable versioning on your S3 bucket:

import { AmplifyS3ResourceTemplate } from '@aws-amplify/cli-extensibility-helper'; export function override(resources: AmplifyS3ResourceTemplate) { resources.s3Bucket.versioningConfiguration = { status: 'Enabled' }; }
1import { AmplifyS3ResourceTemplate } from '@aws-amplify/cli-extensibility-helper';
2
3export function override(resources: AmplifyS3ResourceTemplate) {
4 resources.s3Bucket.versioningConfiguration = {
5 status: 'Enabled'
6 };
7}

You can override the following S3-related resources that Amplify generates:

Amplify-generated resourceDescription
s3BucketThe S3 bucket that Amplify generates for file storage upon amplify add storage
s3AuthPublicPolicyThe IAM policy for authenticated users' write access to public/* prefix
s3AuthProtectedPolicyThe IAM policy for authenticated users' write access to protected/* prefix
s3AuthPrivatePolicyThe IAM policy for authenticated users' write access to private/* prefix
s3AuthUploadPolicyThe IAM policy for authenticated users' write access to uploads/* prefix
s3AuthReadPolicyThe IAM policy for authenticated users' read access
s3GuestPublicPolicyThe IAM policy for guest users' write access to public/* prefix
s3GuestUploadPolicyThe IAM policy for guest users' write access to uploads/* prefix
s3GuestReadPolicyThe IAM policy for guest users' read access

For example, you can use amplify override storage to add additional PUT and GET access IAM policy statements to the S3 bucket's default public Auth policy:

import { AmplifyS3ResourceTemplate } from '@aws-amplify/cli-extensibility-helper'; export function override(resources: AmplifyS3ResourceTemplate) { resources.s3AuthPublicPolicy.policyDocument.Statement = [ ...resources.s3AuthPublicPolicy.policyDocument.Statement, { Effect: 'Allow', Action: ['s3:PutObject', 's3:PutObjectAcl', 's3:GetObject'], Resource: '<ARN of the S3 resource>' } ]; }
1import { AmplifyS3ResourceTemplate } from '@aws-amplify/cli-extensibility-helper';
2
3export function override(resources: AmplifyS3ResourceTemplate) {
4 resources.s3AuthPublicPolicy.policyDocument.Statement = [
5 ...resources.s3AuthPublicPolicy.policyDocument.Statement,
6 {
7 Effect: 'Allow',
8 Action: ['s3:PutObject', 's3:PutObjectAcl', 's3:GetObject'],
9 Resource: '<ARN of the S3 resource>'
10 }
11 ];
12}

Please refer to the IAM documentation for more information on actions, resources, and condition keys for Amazon S3.

Customize Amplify-generated DynamoDB tables

Apply all the overrides in the override(...) function. For example to enable time-to-live specification on your DynamoDB table:

import { AmplifyDDBResourceTemplate } from '@aws-amplify/cli-extensibility-helper'; export function override(resources: AmplifyDDBResourceTemplate) { resources.dynamoDBTable.timeToLiveSpecification = { attributeName: 'ttl', enabled: true }; }
1import { AmplifyDDBResourceTemplate } from '@aws-amplify/cli-extensibility-helper';
2
3export function override(resources: AmplifyDDBResourceTemplate) {
4 resources.dynamoDBTable.timeToLiveSpecification = {
5 attributeName: 'ttl',
6 enabled: true
7 };
8}

You can override the following DynamoDB resources that Amplify generates:

Amplify-generated resourceDescription
dynamoDBTableThe DynamoDB table that Amplify creates upon amplify add storage