Override Amplify-generated project-level IAM resources
amplify override projectRun the command above to override Amplify-generated project-level resources, such as IAM roles for authenticated and unauthenticated.
The command creates a new overrides.ts file under amplify/backend/awscloudformation/ which provides you the Amplify-generated resources as CDK constructs.
Apply all the overrides in the override(...) function. For example to rename and add a path for authenticated users' IAM role:
import { AmplifyRootStackTemplate } from '@aws-amplify/cli-extensibility-helper';
export function override(resources: AmplifyRootStackTemplate) { resources.authRole.roleName = "myCustomName" resources.authRole.path = "/<my-organization>/" // Note: CloudFormation limits you from updating the path if you don't recreate the resource. // Changing the role name will recreate the resource.}You can override the following project-level resources that Amplify generates:
| Amplify-generated resource | Description |
|---|---|
| authRole | The IAM role for authenticated access to your app backend |
| unauthRole | The IAM role for authenticated or guest access to your app backend |
Example: Modify authRole's IAM policies
For example, use amplify override project to further modify the authRole policy for Geo category beyond the default policy statements:
import { AmplifyRootStackTemplate } from "@aws-amplify/cli-extensibility-helper";
export function override(resources: AmplifyRootStackTemplate) { const authRole = resources.authRole;
const basePolicies = Array.isArray(authRole.policies) ? authRole.policies : [authRole.policies];
authRole.policies = [ ...basePolicies, { policyName: "amplify-permissions-custom-resources", policyDocument: { Version: "2012-10-17", Statement: [ //? Route calculator { Resource: "<ARN of Geo>", Action: ["geo:CalculateRoute*"], Effect: "Allow", }, ], }, }, ];}