amplify-cli icon indicating copy to clipboard operation
amplify-cli copied to clipboard
verified publisher icon aws-amplify

Manage and Sync Amplify backend in multiple AWS accounts

Open huytung228 opened this issue 6 months ago • 1 comments

Amplify CLI Version

13.0.1

Question

Hi people, now I'm struggling with manage Amplify in multi AWS accounts. Now I have 2 AWS account: dev & staging with the same Amplify BE. I initialized from 2 different local machines. Currently, I added resources on Dev Backend (like amplify add function,...), edit code, and push to git. In my staging env, I pulled the updated source code, and did amplify push. Unfortunately, It did not work. As my understanding, Amplify manages backend resource based on amplify/team-provider-info.json, and it does not work well with git. Anyone has experience of managing Amplify in multi AWS account, please help me.

huytung228 avatar May 28 '25 03:05 huytung228

Current vs Expected Behavior

Current Behavior

// team-provider-info.json contains account-specific information
{
  "dev": {
    "awscloudformation": {
      "AuthRoleName": "amplify-myapp-dev-123456-authRole",
      "UnauthRoleArn": "arn:aws:iam::123456789012:role/amplify-myapp-dev-123456-unauthRole",
      "AuthRoleArn": "arn:aws:iam::123456789012:role/amplify-myapp-dev-123456-authRole",
      "Region": "us-east-1",
      "DeploymentBucketName": "amplify-myapp-dev-123456-deployment",
      "UnauthRoleName": "amplify-myapp-dev-123456-unauthRole",
      "StackName": "amplify-myapp-dev-123456",
      "StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/amplify-myapp-dev-123456"
    }
  }
}

When this file is committed to Git and pulled in a different AWS account, the account-specific ARNs and resource names cause conflicts during amplify push.

Expected Behavior

flowchart TD
    A["Dev Account: Add resources"] --> B["Commit backend config to Git"]
    B --> C["Staging Account: Pull changes"]
    C --> D["amplify push adapts to current account"]
    D --> E["✅ Resources created in staging account"]
    
    style E fill:#ccffcc

The CLI should be able to adapt the team-provider-info.json to the current AWS account context or provide a mechanism to manage account-specific configurations separately.

Hi @huytung228,

Thank you for reporting this issue. You've correctly identified a fundamental challenge with Amplify CLI's multi-account workflow - the team-provider-info.json file contains account-specific information that doesn't translate well across different AWS accounts via Git.

This is a known limitation where the StateManager treats environment configurations as static rather than account-adaptable. The file contains hardcoded ARNs, stack names, and deployment bucket names that are specific to the AWS account where they were created.

Workarounds for now:

  1. Use separate Git branches for each AWS account environment
  2. Manually update team-provider-info.json after pulling changes
  3. Use amplify env import to recreate environments in different accounts

Long-term solution needed: We need to enhance the CLI to support account-agnostic environment configurations, possibly through the newer envParamManager system that's already being developed.

This issue affects many users working with multi-account setups. We'd welcome community contributions to help solve this workflow challenge! The solution would likely involve modifying how the team-provider-info.json is processed to support dynamic account resolution.

Related issues: #6298, #12326, #3363, #10495

pahud avatar Aug 20 '25 16:08 pahud