AWS has added the ability to add IAM (Identity and Access Management) server roles to Amplify hosting, enabling more secure access to other AWS services such as databases or S3 storage.
The new feature is for applications which perform server-side rendering (SSR), and allow fine-grained permissions to be defined for access to AWS services. Previously, it was necessary to define environment variables for credentials required by an application. The new IAM SSR compute roles provide temporary rather than long-lived credentials, and are managed in the same way as other AWS IAM roles. Accessing credentials for external services is also possible, via AWS Secrets Manager.
This is a significant step towards enterprise readiness for Amplify, a service which abstracts the complexity of configuring AWS services for the application types it supports, but which some users have found frustrating thanks to missing features or performance issues.
Amplify hosting is part of the Amplify developer platform, which also includes frontend libraries, authentication and user management, persistent storage on S3, a management console, and AI services. Amplify hosting is serverless, and uses the AWS CloudFront CDN (content delivery network) for global low latency. Amplify uses TypeScript as its primary language, including defining application requirements, which is why the company describes it as a “code-first developer experience for building full-stack apps using TypeScript.”
Supported frameworks for Amplify Hosting are Next.js, Nuxt, or other frameworks with a community or custom adapter. SPA (Single Page Application) frameworks including React, Angular and Vue.js are also supported, as well as static site generators such as Gatsby, Hugo and Jekyll. SSR applications add complexity because code runs on the host as well as on the client.
On the client side, Amplify targets mobile and web applications, including React Native and Flutter. Amplify UI is a set of React components for building a rich user interface.
Amplify has the potential to enable quick and robust development of secure, scalable applications. Like all abstractions though, it can cause issues when the developer needs access to out of scope features, or runs into issues with the generated applications and infrastructure. A long-standing problem is delays when a Next.js application cold starts, recently raised again by a user complaining that “the website takes more than 3-4 seconds to load because of the cold start.” Another user found it impossible to set the NODE_OPTIONS environment variable, used by the Node.js runtime, because “Amplify just ignores it.”
Another developer ran up an unexpected bill when using an Amazon OpenSearch database with Amplify. The developer created a prototype with Amplify, then deleted it, but did not realise that an OpenSearch virtual machine was left running. AWS refunded the cost and has improved the documentation.
There is nothing in Amplify that developers cannot also achieve by configuring their own AWS infrastructure with the full CDK (Cloud Development Kit) or other tools, but to do so would require deeper knowledge of AWS. Amplify simplifies this but it may be less well cost-optimized or even cause problems, as with the OpenSearch example, when users need to go beyond what it offers out of the box.