Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-amplify-alpha): Amplify SSR compute role support #33882

Open
2 tasks
Lezzio opened this issue Mar 24, 2025 · 1 comment · May be fixed by #33962
Open
2 tasks

(aws-amplify-alpha): Amplify SSR compute role support #33882

Lezzio opened this issue Mar 24, 2025 · 1 comment · May be fixed by #33962
Labels
@aws-cdk/aws-amplify Related to AWS Amplify effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@Lezzio
Copy link

Lezzio commented Mar 24, 2025
edited
Loading

Describe the feature

Hi,

The Amplify CDK is missing some capabilities specified in the documentation and API. I'd like to add a IAM SSR Compute role to my Amplify app (Amplify IAM roles documentation)

The API supports it:
https://docs.aws.amazon.com/cli/latest/reference/amplify/update-app.html

--compute-role-arn (string)

The Amazon Resource Name (ARN) of the IAM role to assign to an SSR app. The SSR Compute role allows the Amplify Hosting compute service to securely access specific Amazon Web Services resources based on the role's permissions. For more information about the SSR Compute role, see Adding an SSR Compute role in the Amplify User Guide.

Would it be possible to expose such a property to support it in using the cdk library ?

In the mean time I'll try using an AwsCustomResource as a workaround, open to any alternative

Use Case

Simple capabilities gap, use case is setting the Amplify IAM compute role natively using the cdk

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.39.1-alpha.0

Environment details (OS name and version, etc.)

macOS
@Lezzio Lezzio added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Mar 24, 2025
@github-actions github-actions bot added the @aws-cdk/aws-amplify Related to AWS Amplify label Mar 24, 2025
@pahud
Copy link
Contributor

pahud commented Mar 24, 2025
edited
Loading

Issue Analysis

I've analyzed issue #33882 requesting support for Amplify SSR compute role in the CDK library.

Current Status

  • The AWS Amplify service API supports setting an IAM compute role for SSR applications via the computeRoleArn parameter
  • The CDK @aws-cdk/aws-amplify-alpha package includes support for SSR applications through Platform.WEB_COMPUTE
  • However, the CDK construct doesn't expose the ability to set a compute role ARN

Technical Gap

After reviewing the code in packages/@aws-cdk/aws-amplify-alpha/lib/app.ts:

  1. AppProps interface doesn't include a property for specifying the compute role ARN
  2. The underlying CfnApp resource isn't being configured with this property
  3. While the App class supports role assignment through props.role, this is for the general Amplify service role, not the SSR compute-specific role

Proposed Solution

To fix this issue, the CDK would need to:

  1. Add a computeRoleArn property to the AppProps interface in app.ts
  2. Pass this property to the CfnApp resource when creating an Amplify app
  3. Add proper documentation for the property

Making this a p2 and we welcome PRs.

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Mar 24, 2025
@mazyu36 mazyu36 linked a pull request Mar 28, 2025 that will close this issue
Draft
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-amplify Related to AWS Amplify effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(amplify): add compute role support for Amplify app mazyu36/aws-cdk
2 participants
@pahud @Lezzio