Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Nov 19, 2024

Deletion protection and Backup resources

Deleting a Amplify sandbox with a resource enabled with deletion protection, the deploy process will fail and the resource will need to be manually deleted on the AWS console.

Using the AWS Cloud Development Kit (CDK) we can configure Amplify generated resource to enable deletion protection and backups on supported resources. For example, you can use AWS CDK to enable Point-in-time recovery for DynamoDB tables, or use AWS Backup as a advanced backup option.

Using underlying CDK construct properties you can modify resource configurations. This allows you to customize backend resources beyond what is offered via the define* functions.

Enabling deletion protection on a Auth resource

For example, if you would like to enable deletion protection on a Cognito user pool resource created by Amplify Auth.

amplify/backend.ts
import { defineBackend } from '@aws-amplify/backend';
import { auth } from './auth/resource';
import { data } from './data/resource';
const backend = defineBackend({
auth,
data
});
const { cfnUserPool } = backend.auth.resources.cfnResources
cfnUserPool.deletionProtection = "ACTIVE";

Enabling Deletion protection on a Data resource

For example, if you would like to enable Deletion protection on all DynamoDB tables created by GraphQL API.

amplify/backend.ts
import { defineBackend } from '@aws-amplify/backend';
import { auth } from './auth/resource';
import { data } from './data/resource';
const backend = defineBackend({
auth,
data
});
const { amplifyDynamoDbTables } = backend.data.resources.cfnResources;
for (const table of Object.values(amplifyDynamoDbTables)) {
table.deletionProtectionEnabled = true;
}

Enabling Point-in-time recovery for DynamoDB tables

For example, enabling Point-in-time recovery for all the DynamoDB tables created by GraphQL API. By default Point-in-Time recovery retains backups for 35 days.

amplify/backend.ts
import { defineBackend } from '@aws-amplify/backend';
import { auth } from './auth/resource';
import { data } from './data/resource';
const backend = defineBackend({
auth,
data
});
const { amplifyDynamoDbTables } = backend.data.resources.cfnResources;
for (const table of Object.values(amplifyDynamoDbTables)) {
table.pointInTimeRecoveryEnabled = true;
}

Enabling Backups for DynamoDB tables

For example, if your DynamoDB tables requires backups that extend the default 35 days point-in-time recovery, AWS Backup service can be utilized to centralize and automate backups for DynamoDB tables. The example below outlines a backup plan configured to run daily at midnight, for all DynamoDB tables.

amplify/backend.ts
import { defineBackend } from "@aws-amplify/backend";
import {
BackupPlan,
BackupPlanRule,
BackupResource,
BackupVault,
} from "aws-cdk-lib/aws-backup";
import { Schedule } from "aws-cdk-lib/aws-events";
import { Duration } from "aws-cdk-lib/core";
import { auth } from "./auth/resource";
import { data } from "./data/resource";
const backend = defineBackend({
auth,
data,
});
const backupStack = backend.createStack("backup-stack");
const myTables = Object.values(backend.data.resources.tables);
const vault = new BackupVault(backupStack, "BackupVault", {
backupVaultName: "backup-vault",
});
const plan = new BackupPlan(backupStack, "BackupPlan", {
backupPlanName: "backup-plan",
backupVault: vault,
});
plan.addRule(
new BackupPlanRule({
deleteAfter: Duration.days(60),
ruleName: "backup-plan-rule",
scheduleExpression: Schedule.cron({
minute: "0",
hour: "0",
day: "*",
month: "*",
year: "*",
}),
})
);
plan.addSelection("BackupPlanSelection", {
resources: myTables.map((table) => BackupResource.fromDynamoDbTable(table)),
allowRestores: true,
});

Retaining resources on stack deletion

For example, if you would like to retain a resource on stack deletion, you can use the applyRemovalPolicy property on the resource to add a retention policy.

ampx sandbox delete ignores any resource removal policy and always deletes all resources.

amplify/backend.ts
import { defineBackend } from "@aws-amplify/backend";
import { auth } from "./auth/resource";
import { data } from "./data/resource";
import { RemovalPolicy } from "aws-cdk-lib";
import { storage } from "./storage/resource";
const backend = defineBackend({
auth,
data,
storage,
});
// Retain the S3 bucket on stack deletion
backend.storage.resources.bucket.applyRemovalPolicy(RemovalPolicy.RETAIN);
// Retain the Cognito user pool on stack deletion
backend.auth.resources.userPool.applyRemovalPolicy(RemovalPolicy.RETAIN);
// Retain the DynamoDB table on stack deletion
backend.data.resources.cfnResources.amplifyDynamoDbTables["Todo"].applyRemovalPolicy(RemovalPolicy.RETAIN);