Amplify Backend Configuration

Amplify Backend Configuration

Configure and deploy the AWS Amplify backend using the ws1-amplify profile.

Step 1: AWS Profile Configuration

Ensure your AWS CLI is configured with the ws1-amplify profile:

# Verify profile exists
aws configure list --profile ws1-amplify

# If not configured, set it up
aws configure --profile ws1-amplify

Step 2: Update Backend Configuration

Before deployment, update the hardcoded bucket names in the backend code:

Files to update (use your unique bucket name):

# Use Find & Replace to update all instances
# From: itea-weather-data-lake-storage
# To: itea-weather-data-lake-storage-yourname

Key files:

• amplify/backend.ts
• amplify/functions/getTotalReadings/handler.ts
• amplify/custom/WeatherDataGlue/resource.ts

Step 3: Deploy Amplify Sandbox

Use the Amplify sandbox for development with the correct profile:

# Deploy sandbox environment
npx ampx sandbox --profile ws1-amplify

Step 4: Sandbox Deployment Process

The sandbox will deploy:

1. Authentication Resources:

   • Cognito User Pool
   • Cognito Identity Pool
   • IAM roles for authenticated/unauthenticated access

2. Storage Resources:

   • S3 bucket for processed datasets
   • CORS configuration for web access

3. Lambda Functions:

   • IoT device management functions
   • Data retrieval functions
   • Dataset processing functions

4. Custom CDK Constructs:

   • AWS Glue database and crawler
   • CloudFront distribution
   • EventBridge scheduled processing
   • Step Functions for orchestration
   • Dataset storage S3 bucket

5. IAM Policies and Roles:

   • Function execution roles
   • S3 access permissions

Step 5: Monitor Deployment

Watch the deployment process:

# The sandbox will show deployment progress
# ✓ Building backend...
# ✓ Deploying backend...
# ✓ Backend deployed successfully

Step 6: Verify Deployment

After successful deployment:

1. Check generated files:

   # Amplify outputs file should be created
   ls amplify_outputs.json
   

2. Verify AWS resources in the console:

   • Amplify: Check the app in Amplify Console
   • CloudFormation: Verify stack deployment
   • S3: Confirm bucket creation
   • Lambda: Check function deployment
   • Cognito: Verify User Pool creation

Step 7: User Setup and IoT Policy Attachment

After deployment, you need to configure user access to the platform:

7.1: Create Platform User

1. Sign up a new user through the frontend application:

   # Start the development server first
   pnpm dev
   # Navigate to your app and create an account
   

2. Add user to platform-admin group in Cognito:

   • Go to Amazon Cognito → User pools
   • Select the User Pool created by Amplify (usually named amplify-{app-name}-{env}-userPool)
   • Go to Groups tab → Create group
   • Group name: platform-admin
   • Description: Authenticated users with platform access
   • Go to Users tab → Select your user → Add to group → platform-admin

7.2: Get Cognito Identity ID

1. Go to Amazon Cognito → Identity pools
2. Select the Identity Pool generated by Amplify (usually named amplify-{app-name}-{env}-identityPool)
3. Switch to “Identity browser” tab
4. Find and copy the Identity ID of your user (format: us-east-1:12345678-1234-1234-1234-123456789012)

7.3: Attach IoT Policy to User

Critical Step: Attach the IoT policy to the specific user’s Identity ID:

# Replace <identity_ID> with the actual Identity ID from step 7.2
aws iot attach-principal-policy \
  --policy-name WeatherPlatformPubSubPolicy \
  --principal us-east-1:<identity_ID> \
  --region us-east-1 \
  --profile ws1-amplify

Example:

aws iot attach-principal-policy \
  --policy-name WeatherPlatformPubSubPolicy \
  --principal us-east-1:12345678-1234-1234-1234-123456789012 \
  --region us-east-1 \
  --profile ws1-amplify

7.4: Verify IoT Policy Attachment

Verify the policy was attached successfully:

1. Go to AWS IoT Core → Secure → Policies
2. Select WeatherPlatformPubSubPolicy
3. Switch to “Targets” tab
4. Verify you see the user’s Cognito Identity ID listed

Alternative CLI verification:

# List all principals attached to the policy
aws iot list-policy-principals \
  --policy-name WeatherPlatformPubSubPolicy \
  --profile ws1-amplify

Step 8: Frontend Configuration

Start the development server:

# Start Next.js development server
pnpm dev

The frontend will automatically use amplify_outputs.json for configuration.

Step 9: Troubleshooting

Common issues:

1. Profile not found:

   # Reconfigure profile
   aws configure --profile ws1-amplify
   

2. Deployment fails:

   # Clean and retry
   npx ampx sandbox delete --profile ws1-amplify
   npx ampx sandbox --profile ws1-amplify
   

3. Permission errors:

   • Verify IAM permissions for the ws1-amplify profile
   • Ensure sufficient permissions for CloudFormation, S3, Lambda, etc.

4. IoT policy attachment fails:

   # Verify policy exists
   aws iot get-policy --policy-name WeatherPlatformPubSubPolicy --profile ws1-amplify
   
   # Check if policy is already attached
   aws iot list-policy-principals --policy-name WeatherPlatformPubSubPolicy --profile ws1-amplify
   

5. User cannot access IoT resources:

   • Verify user is in platform-admin group in Cognito User Pool
   • Confirm IoT policy is attached to user’s Identity ID
   • Check if user’s Identity ID appears in IoT Core → Policies → WeatherPlatformPubSubPolicy → Targets

6. Dashboard not loading IoT data:

   • Ensure user is authenticated and in platform-admin group
   • Verify IoT policy attachment to user’s Identity ID
   • Check browser console for authentication errors

Without step 4, users cannot:

• Subscribe to IoT MQTT topics
• Receive real-time weather data
• Access the platform dashboard IoT features