Resource: aws_amplify_app

Provides an Amplify App resource, a fullstack serverless app hosted on the AWS Amplify Console.

Example Usage

resource "aws_amplify_app" "example" {
  name       = "example"
  repository = "https://github.com/example/app"

  # The default build_spec added by the Amplify Console for React.
  build_spec = <<-EOT
    version: 0.1
    frontend:
      phases:
        preBuild:
          commands:
            - yarn install
        build:
          commands:
            - yarn run build
      artifacts:
        baseDirectory: build
        files:
          - '**/*'
      cache:
        paths:
          - node_modules/**/*
  EOT

  # The default rewrites and redirects added by the Amplify Console.
  custom_rule {
    source = "/<*>"
    status = "404"
    target = "/index.html"
  }

  environment_variables = {
    ENV = "test"
  }
}

Repository with Tokens

If you create a new Amplify App with the repository argument, you also need to set oauth_token or access_token for authentication. For GitHub, get a personal access token and set access_token as follows:

resource "aws_amplify_app" "example" {
  name       = "example"
  repository = "https://github.com/example/app"

  # GitHub personal access token
  access_token = "..."
}

You can omit access_token if you import an existing Amplify App created by the Amplify Console (using OAuth for authentication).

Auto Branch Creation

resource "aws_amplify_app" "example" {
  name = "example"

  enable_auto_branch_creation = true

  # The default patterns added by the Amplify Console.
  auto_branch_creation_patterns = [
    "*",
    "*/**",
  ]

  auto_branch_creation_config {
    # Enable auto build for the created branch.
    enable_auto_build = true
  }
}

Basic Authorization

resource "aws_amplify_app" "example" {
  name = "example"

  enable_basic_auth      = true
  basic_auth_credentials = base64encode("username1:password1")
}

Rewrites and Redirects

resource "aws_amplify_app" "example" {
  name = "example"

  # Reverse Proxy Rewrite for API requests
  # https://docs.aws.amazon.com/amplify/latest/userguide/redirects.html#reverse-proxy-rewrite
  custom_rule {
    source = "/api/<*>"
    status = "200"
    target = "https://api.example.com/api/<*>"
  }

  # Redirects for Single Page Web Apps (SPA)
  # https://docs.aws.amazon.com/amplify/latest/userguide/redirects.html#redirects-for-single-page-web-apps-spa
  custom_rule {
    source = "</^[^.]+$|\\.(?!(css|gif|ico|jpg|js|png|txt|svg|woff|ttf|map|json)$)([^.]+$)/>"
    status = "200"
    target = "/index.html"
  }
}

Custom Image

resource "aws_amplify_app" "example" {
  name = "example"

  environment_variables = {
    "_CUSTOM_IMAGE" = "node:16",
  }
}

Custom Headers

resource "aws_amplify_app" "example" {
  name = "example"

  custom_headers = <<-EOT
    customHeaders:
      - pattern: '**'
        headers:
          - key: 'Strict-Transport-Security'
            value: 'max-age=31536000; includeSubDomains'
          - key: 'X-Frame-Options'
            value: 'SAMEORIGIN'
          - key: 'X-XSS-Protection'
            value: '1; mode=block'
          - key: 'X-Content-Type-Options'
            value: 'nosniff'
          - key: 'Content-Security-Policy'
            value: "default-src 'self'"
  EOT
}

Argument Reference

This resource supports the following arguments:

An auto_branch_creation_config block supports the following arguments:

A custom_rule block supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

A production_branch block supports the following attributes:

Import

In Terraform v1.5.0 and later, use an import block to import Amplify App using Amplify App ID (appId). For example:

import {
  to = aws_amplify_app.example
  id = "d2ypk4k47z8u6"
}

Using terraform import, import Amplify App using Amplify App ID (appId). For example:

% terraform import aws_amplify_app.example d2ypk4k47z8u6

App ID can be obtained from App ARN (e.g., arn:aws:amplify:us-east-1:12345678:apps/d2ypk4k47z8u6).