docs icon indicating copy to clipboard operation
docs copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

Contradictory Information - amplifyconfiguration.json

Open robinmalburn opened this issue 1 year ago • 5 comments

Describe the content issue: It's stated in several places throughout the Javascript documentation that we need to import the amplifyconfiguration.json in order to configure the Amplify client. However, the amplify-cli automatically adds this file to the project's .gitignore and the docs recommend that the file not be added version control... so it's a little unclear whether this file should be being tracked or not, or whether the import should be being handled in another way?

Given the file's automatically being added to .gitignore and listed for exclusion from source control, there's a concern this may track sensitive data in future, but then the rest of the documentation assumes this file will be readily available for use by the JS and bundling with JS, but the fact it's not tracked breaks deployments by Ampify.

Which content should we be following to ensure projects can be deployed whilst ensuring project security?

URL page where content issue is:

robinmalburn avatar Jan 31 '24 12:01 robinmalburn

Hey @robinmalburn :wave: thanks for raising this! The primary reason this file is gitignored is due to it holding references to resources for a specific environment. If you are in a situation where you have a private repo and one branch/env, committing this file is fine -- after all it will be used in your frontend application and surfaced to the client.

In Amplify (Gen 1) this file is created on amplify init, pull, env checkout, and push. Maybe a few others, but those are the primary commands you'd interact with that will create/update this file.

This file is somewhat similar to dotenv files where you may have a set of required env vars for your application to work, but they are often tied to the environment and change across environments.

josefaidt avatar Jan 31 '24 18:01 josefaidt

Hi @josefaidt, many thanks for the quick response.

Treating the file like a dotenv equivalent makes a lot of sesne, especially in a multi-dev / multi-env environment. With that in mind, recommending it goes in .gitignore makes total sense.

I think the missing piece of the puzzle, for me at least, is that during builds, it seems like Amplify can automatically run an amplify pull (though it says it'll create aws-exports.js, I assume it actually creates an amplifyconfiguration.json instead/as well).

I wonder if there's a way that could be called out more clearly in the docs (or located alongside the place it says the file shouldn't be tracked), just to sign post people to how to best link up the backend deployment side of things. If there's a way of keeping things autogenerated at build time instead of being tracked, in light of the use case conversation, that definitely seems like a good path to nudge people down.

robinmalburn avatar Feb 01 '24 14:02 robinmalburn

I probably have a lot more ground to cover. Nonetheless, how does one fix this then? I am hosting this in a private repo and am inclined to just commenting-out everything that Amplify created in .gitignore

ilko-masaldzhiyski avatar Feb 26 '24 22:02 ilko-masaldzhiyski

Might be useful https://docs.amplify.aws/gen2/reference/amplifyconfiguration/

GaNiziolek avatar Mar 18 '24 02:03 GaNiziolek