2

I am new to web development, and the react/next/amplify ecosystem, but I have been playing around with it and it seems great. I am just having difficulties deploying my app. It seems to be an order of operations thing I might be doing wrong with the initial configuration, I am not sure.

So I followed the 5-minute tutorial on how to set Next.js up with aws-amplify using the git based deployment (so no amplify init), I then started to follow along with the todo tutorial for aws-amplify that I had previously completed, which included the aws-exports.js file. I could not deploy it because I was getting an import error for not being able to resolve ./aws-exports, which made sense because it wasn't there. I eventually performed a amplify init and had a copy, but found this is in the .gitignore file so it still failed when I tried to deploy. I took it out of my .gitignore just to see and voila a successful build.

This seemed wrong to me because why would it be in the .gitignore if it wasn't supposed to be? I found this post that says the info is sensitive, but the documentation says otherwise.

This file is consumed by the Amplify JavaScript library for configuration. It contains information which is non-sensitive and only required for external, unauthenticated actions from clients (such as user registration or sign-in flows in the case of Auth) or for constructing appropriate endpoint URLs after authorization has taken place.

So, can I leave this file out of the .gitignore? Is there a better way to do this? I experienced the same issue and solved it the same way deploying to Vercel, which may be my preferred deployment method bc of the easy lambda function integration (if that matters to the answer).

Thanks for any input.

Jeff Tilton
  • 1,256
  • 1
  • 14
  • 28
  • Hy can you check my answer at [AWS amplify deploy failure due to aws-exports](https://stackoverflow.com/questions/59708481/aws-amplify-deploy-failure-due-to-aws-exports/59817501#59817501). I believe it can be related, you should not expose your aws-exports but generate it in amplify runtime. – Pedro Frattezi Silva Aug 24 '20 at 19:42
  • @PedroFratteziSilva I had seen your post and even linked to it. I see that you say that the aws-exports should not be exposed, but the documentation states that the information is non-sensitive. Also, want if I want to host on a different service like Vercel? Shouldn't I be able to use was for security/api and deploy on a different service, it would never be able to generate that file then. I appreciate your input. – Jeff Tilton Aug 24 '20 at 20:21

1 Answers1

0

Sorry for late to the party, I don't disagree with the doc which stated that aws-exports.js is non-sensitive, if you look into that file, it just bunch endpoints and nothing really enable you to "hack" into the system, unless you didn't config your @auth directive correctly. But I understand your concerns, and I don't like the style that endpoints are being exposed to clients in a single file, but they eventually will expose to user, either from the network tab or your code where you reference the endpoint.

A good reason that you should include aws-exports.js in your .gitignore is that you don't want to deal with conflicts in git, since this file will be auto-generated during build time.

If you using server-side rendering, seems like you are by using next.js, you can easily acchive only expose what is needed for client, I won't get into it as that's another topic.

tao
  • 1
  • 1