Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Feb 21, 2024

Configure user allow list

Each Amplify authenticated user can be configured to have their own unique logging configuration. This is helpful in enabling you debug issues more granularly for your users.

Retrieve userIDs with Amplify Auth.

You can use the Amplify Auth category to retrieve the userId for a specific user if needed. You can also retrieve the userId by visiting the Amazon Cognito console and inspecting the User ID in User pools.


Configure user allow list

Below is an example of setting different default and category log level for an authenticated user.

Add a userLogLevel section and for each user identifier add a defaultLogLevel and categoryLogLevel.

"awsCloudWatchLoggingPlugin": {
"enable": true,
"logGroupName": "<log-group-name>",
"region": "<region>",
"localStoreMaxSizeInMB": 1,
"flushIntervalInSeconds": 60,
"loggingConstraints": {
"defaultLogLevel": "ERROR",
"userLogLevel": {
"xyz-123": {
"defaultLogLevel": "DEBUG",
"categoryLogLevel": {
"Storage": "VERBOSE",
"Api": "VERBOSE"

Provide a dictionary of UserLogLevel at initialization and configuration of the AWSCloudWatchLoggingPlugin.

do {
let categoryLogLevels: [String: LogLevel] = ["Storage": .verbose, "API": .verbose]
let userLogLevel = UserLogLevel(defaultLogLevel: .debug, categoryLogLevel: categoryLogLevels)
let userLogLevels: [String: UserLogLevel] = ["xyz-123": userLogLevel]
let loggingConstraints = LoggingConstraints(defaultLogLevel: .warn, userLogLevel: userLogLevels)
let loggingConfiguration = AWSCloudWatchLoggingPluginConfiguration(logGroupName: "<log-group-name>", region: "<region>", loggingConstraints: loggingConstraints)
let loggingPlugin = AWSCloudWatchLoggingPlugin(loggingPluginConfiguration: loggingConfiguration)
try Amplify.add(plugin: loggingPlugin)
} catch {
assert(false, "Error initializing Amplify: \(error)")