From a509b8eeb057be51f303b47e4e5618b4985bfc9d Mon Sep 17 00:00:00 2001
From: akshbhu <39866697+akshbhu@users.noreply.github.com>
Date: Thu, 29 Jul 2021 15:10:23 -0700
Subject: [PATCH] feat: Override functionality enabled for Root stack (#7702)

* feat: initial commit

* feat: root stack creation on init with cdk

* feat: enable for push

* feat: added build command for root stack override

* fix: authrole and Unauthrole Names

* feat: added synthesizer and address comments

* feat: added hash for root stack

* feat: deploy root stack to disk

* feat: updated amplifyMeta after root override

* feat: update curren-cloud-backend

* feat: refractor Root transform and added unit tests

* fix: removes Template from Cloudform

* feat: added build step in overrides
---
 .../src/state-manager/pathManager.ts          |  43 +++
 packages/amplify-cli/amplify-plugin.json      |   1 +
 .../src/commands/build-overrides.ts           |  27 ++
 .../amplify-helpers/push-resources.ts         |   2 +
 .../amplify-helpers/resource-status.ts        |  41 ++-
 .../root-stack-builder.test.ts.snap           | 161 +++++++++
 .../root-stack-transform.test.ts.snap         | 322 ++++++++++++++++++
 .../root-stack-builder/overrides/override.js  |  14 +
 .../root-stack-builder.test.ts                | 200 +++++++++++
 .../root-stack-transform.test.ts              |  48 +++
 .../src/index.ts                              |   3 +
 .../src/initializer.ts                        |  40 ++-
 .../src/overrideManager.ts                    |  61 ++++
 .../src/push-resources.ts                     |  75 ++--
 .../src/root-stack-builder/index.ts           |   2 +
 .../root-stack-builder/root-stack-builder.ts  | 190 +++++++++++
 .../root-stack-transform.ts                   | 264 ++++++++++++++
 .../root-stack-builder/stackSynthesizer.ts    |  45 +++
 .../src/root-stack-builder/types.ts           |  31 ++
 .../src/utility-functions.js                  |   7 +
 .../src/utils/override-skeleton-generator.ts  |   4 +-
 21 files changed, 1546 insertions(+), 35 deletions(-)
 create mode 100644 packages/amplify-cli/src/commands/build-overrides.ts
 create mode 100644 packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/__snapshots__/root-stack-builder.test.ts.snap
 create mode 100644 packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/__snapshots__/root-stack-transform.test.ts.snap
 create mode 100644 packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/overrides/override.js
 create mode 100644 packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/root-stack-builder.test.ts
 create mode 100644 packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/root-stack-transform.test.ts
 create mode 100644 packages/amplify-provider-awscloudformation/src/overrideManager.ts
 create mode 100644 packages/amplify-provider-awscloudformation/src/root-stack-builder/index.ts
 create mode 100644 packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-builder.ts
 create mode 100644 packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-transform.ts
 create mode 100644 packages/amplify-provider-awscloudformation/src/root-stack-builder/stackSynthesizer.ts
 create mode 100644 packages/amplify-provider-awscloudformation/src/root-stack-builder/types.ts

diff --git a/packages/amplify-cli-core/src/state-manager/pathManager.ts b/packages/amplify-cli-core/src/state-manager/pathManager.ts
index d7c0425fd38..f310104cab3 100644
--- a/packages/amplify-cli-core/src/state-manager/pathManager.ts
+++ b/packages/amplify-cli-core/src/state-manager/pathManager.ts
@@ -20,6 +20,11 @@ export const PathConstants = {
   BackendDirName: 'backend',
   CurrentCloudBackendDirName: '#current-cloud-backend',
 
+  // 2nd Level
+  OverrideDirName: 'overrides',
+  ProviderName: 'awscloudformation',
+  CfnStacksBuildDirName: 'build',
+
   // FileNames
   AmplifyAdminConfigFileName: 'config.json',
 
@@ -35,6 +40,7 @@ export const PathConstants = {
   LocalAWSInfoFileName: 'local-aws-info.json',
   TeamProviderInfoFileName: 'team-provider-info.json',
   BackendConfigFileName: 'backend-config.json',
+  OverrideFileName: 'override.ts',
 
   CLIJSONFileName: 'cli.json',
   CLIJSONFileNameGlob: 'cli*.json',
@@ -77,6 +83,43 @@ export class PathManager {
   getBackendDirPath = (projectPath?: string): string =>
     this.constructPath(projectPath, [PathConstants.AmplifyDirName, PathConstants.BackendDirName]);
 
+  getOverrideDirPath = (projectPath: string, category: string, resourceName: string): string => {
+    return this.constructPath(projectPath, [
+      PathConstants.AmplifyDirName,
+      PathConstants.BackendDirName,
+      category!,
+      resourceName!,
+      PathConstants.OverrideDirName,
+    ]);
+  };
+
+  getRootOverrideDirPath = (projectPath: string): string => {
+    return this.constructPath(projectPath, [
+      PathConstants.AmplifyDirName,
+      PathConstants.BackendDirName,
+      PathConstants.ProviderName,
+      PathConstants.OverrideDirName,
+    ]);
+  };
+
+  getRootStackDirPath = (projectPath: string): string => {
+    return this.constructPath(projectPath, [
+      PathConstants.AmplifyDirName,
+      PathConstants.BackendDirName,
+      PathConstants.ProviderName,
+      PathConstants.CfnStacksBuildDirName,
+    ]);
+  };
+
+  getCurrentCloudRootStackDirPath = (projectPath: string): string => {
+    return this.constructPath(projectPath, [
+      PathConstants.AmplifyDirName,
+      PathConstants.CurrentCloudBackendDirName,
+      PathConstants.ProviderName,
+      PathConstants.CfnStacksBuildDirName,
+    ]);
+  };
+
   getCurrentCloudBackendDirPath = (projectPath?: string): string =>
     this.constructPath(projectPath, [PathConstants.AmplifyDirName, PathConstants.CurrentCloudBackendDirName]);
 
diff --git a/packages/amplify-cli/amplify-plugin.json b/packages/amplify-cli/amplify-plugin.json
index 2849e512d89..e51b3b77fa6 100644
--- a/packages/amplify-cli/amplify-plugin.json
+++ b/packages/amplify-cli/amplify-plugin.json
@@ -2,6 +2,7 @@
   "name": "core",
   "type": "core",
   "commands": [
+    "build-overrides",
     "categories",
     "configure",
     "console",
diff --git a/packages/amplify-cli/src/commands/build-overrides.ts b/packages/amplify-cli/src/commands/build-overrides.ts
new file mode 100644
index 00000000000..9be78a5cdcb
--- /dev/null
+++ b/packages/amplify-cli/src/commands/build-overrides.ts
@@ -0,0 +1,27 @@
+/**
+ * Command to transform CFN with overrides
+ */
+const subcommand = 'build-overrides';
+
+module.exports = {
+  name: subcommand,
+  run: async context => {
+    try {
+      const {
+        parameters: { options },
+      } = context;
+      await context.amplify.executeProviderUtils(context, 'awscloudformation', 'buildOverrides', {
+        forceCompile: true,
+      });
+    } catch (error) {
+      context.print.error(error.message);
+
+      if (error.stack) {
+        context.print.info(error.stack);
+      }
+
+      context.usageData.emitError(error);
+      process.exitCode = 1;
+    }
+  },
+};
diff --git a/packages/amplify-cli/src/extensions/amplify-helpers/push-resources.ts b/packages/amplify-cli/src/extensions/amplify-helpers/push-resources.ts
index 4e71549cc77..97f9407b9f4 100644
--- a/packages/amplify-cli/src/extensions/amplify-helpers/push-resources.ts
+++ b/packages/amplify-cli/src/extensions/amplify-helpers/push-resources.ts
@@ -49,6 +49,8 @@ export async function pushResources(
     }
   }
 
+  // building all CFN stacks here to get the resource Changes
+  context.amplify.executeProviderUtils(context, 'awscloudformation', 'buildOverrides', { forceCompile: true });
   const hasChanges = await showResourceTable(category, resourceName, filteredResources);
 
   // no changes detected
diff --git a/packages/amplify-cli/src/extensions/amplify-helpers/resource-status.ts b/packages/amplify-cli/src/extensions/amplify-helpers/resource-status.ts
index 2ece49a12d7..78e37f4c6a8 100644
--- a/packages/amplify-cli/src/extensions/amplify-helpers/resource-status.ts
+++ b/packages/amplify-cli/src/extensions/amplify-helpers/resource-status.ts
@@ -9,6 +9,7 @@ import { CLOUD_INITIALIZED, CLOUD_NOT_INITIALIZED, getCloudInitStatus } from './
 import { ServiceName as FunctionServiceName, hashLayerResource } from 'amplify-category-function';
 import { removeGetUserEndpoints } from '../amplify-helpers/remove-pinpoint-policy';
 import { pathManager, stateManager, $TSMeta, $TSAny, NotInitializedError } from 'amplify-cli-core';
+import { rootStackFileName } from 'amplify-provider-awscloudformation';
 
 async function isBackendDirModifiedSinceLastPush(resourceName, category, lastPushTimeStamp, hashFunction) {
   // Pushing the resource for the first time hence no lastPushTimeStamp
@@ -29,6 +30,17 @@ async function isBackendDirModifiedSinceLastPush(resourceName, category, lastPus
   return localDirHash !== cloudDirHash;
 }
 
+export function getHashForRootStack(dirPath, files?: string[]) {
+  const options: HashElementOptions = {
+    folders: { exclude: ['.*', 'node_modules', 'test_coverage', 'dist', 'build'] },
+    files: {
+      include: files,
+    },
+  };
+
+  return hashElement(dirPath, options).then(result => result.hash);
+}
+
 export function getHashForResourceDir(dirPath, files?: string[]) {
   const options: HashElementOptions = {
     folders: { exclude: ['.*', 'node_modules', 'test_coverage', 'dist', 'build'] },
@@ -388,6 +400,10 @@ export async function getResourceStatus(category?, resourceName?, providerName?,
   // if not equal there is a tag update
   const tagsUpdated = !_.isEqual(stateManager.getProjectTags(), stateManager.getCurrentProjectTags());
 
+  // check if there is an update in root stack
+
+  const rootStackUpdated: boolean = await isRootStackModifiedSinceLastPush(getHashForRootStack);
+
   return {
     resourcesToBeCreated,
     resourcesToBeUpdated,
@@ -395,6 +411,7 @@ export async function getResourceStatus(category?, resourceName?, providerName?,
     resourcesToBeDeleted,
     tagsUpdated,
     allResources,
+    rootStackUpdated,
   };
 }
 
@@ -416,6 +433,7 @@ export async function showResourceTable(category, resourceName, filteredResource
     resourcesToBeSynced,
     allResources,
     tagsUpdated,
+    rootStackUpdated,
   } = await getResourceStatus(category, resourceName, undefined, filteredResources);
 
   let noChangeResources = _.differenceWith(
@@ -501,8 +519,29 @@ export async function showResourceTable(category, resourceName, filteredResource
     print.info('\nTag Changes Detected');
   }
 
+  if (rootStackUpdated) {
+    print.info('\n RootStack Changes Detected');
+  }
+
   const resourceChanged =
-    resourcesToBeCreated.length + resourcesToBeUpdated.length + resourcesToBeSynced.length + resourcesToBeDeleted.length > 0 || tagsUpdated;
+    resourcesToBeCreated.length + resourcesToBeUpdated.length + resourcesToBeSynced.length + resourcesToBeDeleted.length > 0 ||
+    tagsUpdated ||
+    rootStackUpdated;
 
   return resourceChanged;
 }
+
+async function isRootStackModifiedSinceLastPush(hashFunction): Promise<boolean> {
+  try {
+    const projectPath = pathManager.findProjectRoot();
+    const localBackendDir = pathManager.getRootStackDirPath(projectPath!);
+    const cloudBackendDir = pathManager.getCurrentCloudRootStackDirPath(projectPath!);
+
+    const localDirHash = await hashFunction(localBackendDir, [rootStackFileName]);
+    const cloudDirHash = await hashFunction(cloudBackendDir, [rootStackFileName]);
+
+    return localDirHash !== cloudDirHash;
+  } catch (error) {
+    throw new Error('Amplify Project not initialized.');
+  }
+}
diff --git a/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/__snapshots__/root-stack-builder.test.ts.snap b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/__snapshots__/root-stack-builder.test.ts.snap
new file mode 100644
index 00000000000..c50f3f58fff
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/__snapshots__/root-stack-builder.test.ts.snap
@@ -0,0 +1,161 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Check RootStack Template generates root stack Template 1`] = `
+Object {
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "Root Stack for AWS Amplify CLI",
+  "Outputs": Object {
+    "AuthRoleArn": Object {
+      "Value": Object {
+        "Fn::GetAtt": Array [
+          "AuthRole",
+          "Arn",
+        ],
+      },
+    },
+    "Region": Object {
+      "Description": "CloudFormation provider root stack Region",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-Region",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::Region",
+      },
+    },
+    "StackId": Object {
+      "Description": "CloudFormation provider root stack name",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-StackId",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::StackId",
+      },
+    },
+    "StackName": Object {
+      "Description": "CloudFormation provider root stack ID",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-StackName",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::StackName",
+      },
+    },
+    "UnAuthRoleArn": Object {
+      "Value": Object {
+        "Fn::GetAtt": Array [
+          "UnauthRole",
+          "Arn",
+        ],
+      },
+    },
+  },
+  "Parameters": Object {
+    "AuthRoleName": Object {
+      "Default": "AuthRoleName",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "DeploymentBucketName": Object {
+      "Default": "DeploymentBucket",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "UnauthRoleName": Object {
+      "Default": "UnAuthRoleName",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+  },
+  "Resources": Object {
+    "AuthRole": Object {
+      "Properties": Object {
+        "AssumeRolePolicyDocument": Object {
+          "Statement": Array [
+            Object {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Effect": "Deny",
+              "Principal": Object {
+                "Federated": "cognito-identity.amazonaws.com",
+              },
+              "Sid": "",
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "RoleName": Object {
+          "Ref": "AuthRoleName",
+        },
+      },
+      "Type": "AWS::IAM::Role",
+    },
+    "DeploymentBucket": Object {
+      "DeletionPolicy": "Retain",
+      "Properties": Object {
+        "BucketName": Object {
+          "Ref": "DeploymentBucketName",
+        },
+      },
+      "Type": "AWS::S3::Bucket",
+      "UpdateReplacePolicy": "Retain",
+    },
+    "UnauthRole": Object {
+      "Properties": Object {
+        "AssumeRolePolicyDocument": Object {
+          "Statement": Array [
+            Object {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Effect": "Deny",
+              "Principal": Object {
+                "Federated": "cognito-identity.amazonaws.com",
+              },
+              "Sid": "",
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "RoleName": Object {
+          "Ref": "UnauthRoleName",
+        },
+      },
+      "Type": "AWS::IAM::Role",
+    },
+  },
+}
+`;
+
+exports[`Check RootStack Template rootstack template generated by constructor 1`] = `
+Object {
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "Root Stack for AWS Amplify CLI",
+}
+`;
+
+exports[`Check RootStack Template rootstack template generated by constructor with some parameters 1`] = `
+Object {
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "Root Stack for AWS Amplify CLI",
+  "Parameters": Object {
+    "AuthRoleName": Object {
+      "Default": "AuthRoleName",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "DeploymentBucketName": Object {
+      "Default": "DeploymentBucket",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "UnauthRoleName": Object {
+      "Default": "UnAuthRoleName",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+  },
+}
+`;
diff --git a/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/__snapshots__/root-stack-transform.test.ts.snap b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/__snapshots__/root-stack-transform.test.ts.snap
new file mode 100644
index 00000000000..91d28d6105e
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/__snapshots__/root-stack-transform.test.ts.snap
@@ -0,0 +1,322 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Check RootStack Template Generated rootstack template during Push with overrides 1`] = `
+Object {
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "Root Stack for AWS Amplify CLI",
+  "Outputs": Object {
+    "AuthRoleArn": Object {
+      "Value": Object {
+        "Fn::GetAtt": Array [
+          "AuthRole",
+          "Arn",
+        ],
+      },
+    },
+    "AuthRoleName": Object {
+      "Value": Object {
+        "Ref": "AuthRoleName",
+      },
+    },
+    "DeploymentBucketName": Object {
+      "Description": "CloudFormation provider root stack deployment bucket name",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-DeploymentBucketName",
+        },
+      },
+      "Value": Object {
+        "Ref": "DeploymentBucketName",
+      },
+    },
+    "Region": Object {
+      "Description": "CloudFormation provider root stack Region",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-Region",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::Region",
+      },
+    },
+    "StackId": Object {
+      "Description": "CloudFormation provider root stack name",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-StackId",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::StackId",
+      },
+    },
+    "StackName": Object {
+      "Description": "CloudFormation provider root stack ID",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-StackName",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::StackName",
+      },
+    },
+    "UnAuthRoleArn": Object {
+      "Value": Object {
+        "Fn::GetAtt": Array [
+          "UnauthRole",
+          "Arn",
+        ],
+      },
+    },
+    "UnauthRoleName": Object {
+      "Value": Object {
+        "Ref": "UnauthRoleName",
+      },
+    },
+  },
+  "Parameters": Object {
+    "AuthRoleName": Object {
+      "Default": "AuthRoleName",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "DeploymentBucketName": Object {
+      "Default": "DeploymentBucket",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "UnauthRoleName": Object {
+      "Default": "UnAuthRoleName",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "random": Object {
+      "Default": "cjsncksdncks",
+      "Description": "nkjdsncksndc",
+      "Type": "String",
+    },
+  },
+  "Resources": Object {
+    "AuthRole": Object {
+      "Properties": Object {
+        "AssumeRolePolicyDocument": Object {
+          "Statement": Array [
+            Object {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Effect": "Deny",
+              "Principal": Object {
+                "Federated": "cognito-identity.amazonaws.com",
+              },
+              "Sid": "",
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "RoleName": "randomrole",
+      },
+      "Type": "AWS::IAM::Role",
+    },
+    "DeploymentBucket": Object {
+      "DeletionPolicy": "Retain",
+      "Properties": Object {
+        "BucketEncryption": BucketEncryption {
+          "ServerSideEncryptionConfiguration": Array [
+            ServerSideEncryptionRule {
+              "ServerSideEncryptionByDefault": ServerSideEncryptionByDefault {
+                "SSEAlgorithm": "AES256",
+              },
+            },
+          ],
+        },
+        "BucketName": Object {
+          "Ref": "DeploymentBucketName",
+        },
+      },
+      "Type": "AWS::S3::Bucket",
+      "UpdateReplacePolicy": "Retain",
+    },
+    "UnauthRole": Object {
+      "Properties": Object {
+        "AssumeRolePolicyDocument": Object {
+          "Statement": Array [
+            Object {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Effect": "Deny",
+              "Principal": Object {
+                "Federated": "cognito-identity.amazonaws.com",
+              },
+              "Sid": "",
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "RoleName": Object {
+          "Ref": "UnauthRoleName",
+        },
+      },
+      "Type": "AWS::IAM::Role",
+    },
+  },
+}
+`;
+
+exports[`Check RootStack Template Generated rootstack template during init 1`] = `
+Object {
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Description": "Root Stack for AWS Amplify CLI",
+  "Outputs": Object {
+    "AuthRoleArn": Object {
+      "Value": Object {
+        "Fn::GetAtt": Array [
+          "AuthRole",
+          "Arn",
+        ],
+      },
+    },
+    "AuthRoleName": Object {
+      "Value": Object {
+        "Ref": "AuthRoleName",
+      },
+    },
+    "DeploymentBucketName": Object {
+      "Description": "CloudFormation provider root stack deployment bucket name",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-DeploymentBucketName",
+        },
+      },
+      "Value": Object {
+        "Ref": "DeploymentBucketName",
+      },
+    },
+    "Region": Object {
+      "Description": "CloudFormation provider root stack Region",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-Region",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::Region",
+      },
+    },
+    "StackId": Object {
+      "Description": "CloudFormation provider root stack name",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-StackId",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::StackId",
+      },
+    },
+    "StackName": Object {
+      "Description": "CloudFormation provider root stack ID",
+      "Export": Object {
+        "Name": Object {
+          "Fn::Sub": "\${AWS::StackName}-StackName",
+        },
+      },
+      "Value": Object {
+        "Ref": "AWS::StackName",
+      },
+    },
+    "UnAuthRoleArn": Object {
+      "Value": Object {
+        "Fn::GetAtt": Array [
+          "UnauthRole",
+          "Arn",
+        ],
+      },
+    },
+    "UnauthRoleName": Object {
+      "Value": Object {
+        "Ref": "UnauthRoleName",
+      },
+    },
+  },
+  "Parameters": Object {
+    "AuthRoleName": Object {
+      "Default": "AuthRoleName",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "DeploymentBucketName": Object {
+      "Default": "DeploymentBucket",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+    "UnauthRoleName": Object {
+      "Default": "UnAuthRoleName",
+      "Description": "Name of the common deployment bucket provided by the parent stack",
+      "Type": "String",
+    },
+  },
+  "Resources": Object {
+    "AuthRole": Object {
+      "Properties": Object {
+        "AssumeRolePolicyDocument": Object {
+          "Statement": Array [
+            Object {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Effect": "Deny",
+              "Principal": Object {
+                "Federated": "cognito-identity.amazonaws.com",
+              },
+              "Sid": "",
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "RoleName": Object {
+          "Ref": "AuthRoleName",
+        },
+      },
+      "Type": "AWS::IAM::Role",
+    },
+    "DeploymentBucket": Object {
+      "DeletionPolicy": "Retain",
+      "Properties": Object {
+        "BucketEncryption": BucketEncryption {
+          "ServerSideEncryptionConfiguration": Array [
+            ServerSideEncryptionRule {
+              "ServerSideEncryptionByDefault": ServerSideEncryptionByDefault {
+                "SSEAlgorithm": "AES256",
+              },
+            },
+          ],
+        },
+        "BucketName": Object {
+          "Ref": "DeploymentBucketName",
+        },
+      },
+      "Type": "AWS::S3::Bucket",
+      "UpdateReplacePolicy": "Retain",
+    },
+    "UnauthRole": Object {
+      "Properties": Object {
+        "AssumeRolePolicyDocument": Object {
+          "Statement": Array [
+            Object {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Effect": "Deny",
+              "Principal": Object {
+                "Federated": "cognito-identity.amazonaws.com",
+              },
+              "Sid": "",
+            },
+          ],
+          "Version": "2012-10-17",
+        },
+        "RoleName": Object {
+          "Ref": "UnauthRoleName",
+        },
+      },
+      "Type": "AWS::IAM::Role",
+    },
+  },
+}
+`;
diff --git a/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/overrides/override.js b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/overrides/override.js
new file mode 100644
index 00000000000..5e79253de19
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/overrides/override.js
@@ -0,0 +1,14 @@
+function overrideProps(props) {
+  props.authRole.roleName = 'randomrole';
+  props.addCfnParameter(
+    {
+      type: 'String',
+      description: 'nkjdsncksndc',
+      default: 'cjsncksdncks',
+    },
+    'random',
+  );
+  return props;
+}
+
+module.exports = { overrideProps };
diff --git a/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/root-stack-builder.test.ts b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/root-stack-builder.test.ts
new file mode 100644
index 00000000000..1cce2084fc7
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/root-stack-builder.test.ts
@@ -0,0 +1,200 @@
+import { SynthUtils } from '@aws-cdk/assert';
+import * as cdk from '@aws-cdk/core';
+import { AmplifyRootStack } from '../../root-stack-builder/root-stack-builder';
+
+jest.mock('../../root-stack-builder/stackSynthesizer');
+
+describe('Check RootStack Template', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+  test('rootstack template generated by constructor', () => {
+    const app = new cdk.App();
+    let mocksynth: cdk.IStackSynthesizer;
+    const stack = new AmplifyRootStack(app, 'rootStack', { synthesizer: mocksynth });
+    expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot();
+  });
+
+  test('rootstack template generated by constructor with some parameters', () => {
+    const app = new cdk.App();
+    let mocksynth: cdk.IStackSynthesizer;
+    const stack = new AmplifyRootStack(app, 'rootStack', { synthesizer: mocksynth });
+
+    stack.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'DeploymentBucket',
+      },
+      'DeploymentBucketName',
+    );
+
+    stack.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'AuthRoleName',
+      },
+      'AuthRoleName',
+    );
+
+    stack.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'UnAuthRoleName',
+      },
+      'UnauthRoleName',
+    );
+    expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot();
+  });
+
+  test('adding same logicalId parameter should throw error', () => {
+    const app = new cdk.App();
+    let mocksynth: cdk.IStackSynthesizer;
+    const stack = new AmplifyRootStack(app, 'rootStack', { synthesizer: mocksynth });
+
+    stack.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'AuthRoleName',
+      },
+      'AuthRoleName',
+    );
+
+    expect(() =>
+      stack.addCfnParameter(
+        {
+          type: 'String',
+          description: 'Name of the common deployment bucket provided by the parent stack',
+          default: 'AuthRoleName',
+        },
+        'AuthRoleName',
+      ),
+    ).toThrow('logical Id already Exists');
+  });
+
+  test(' adding two resources with same logicalId throw error', () => {
+    const app = new cdk.App();
+    let mocksynth: cdk.IStackSynthesizer;
+    const stack = new AmplifyRootStack(app, 'rootStack', { synthesizer: mocksynth });
+
+    stack.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'DeploymentBucket',
+      },
+      'DeploymentBucketName',
+    );
+
+    // Add Outputs
+    stack.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack Region',
+        value: cdk.Fn.ref('AWS::Region'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-Region'),
+      },
+      'Region',
+    );
+
+    stack.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack ID',
+        value: cdk.Fn.ref('AWS::StackName'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-StackName'),
+      },
+      'StackName',
+    );
+
+    expect(() =>
+      stack.addCfnOutput(
+        {
+          description: 'CloudFormation provider root stack deployment bucket name',
+          value: cdk.Fn.ref('DeploymentBucketName'),
+          exportName: cdk.Fn.sub('${AWS::StackName}-DeploymentBucketName'),
+        },
+        'DeploymentBucketName',
+      ),
+    ).toThrow(`There is already a Construct with name 'DeploymentBucketName' in AmplifyRootStack`);
+  });
+
+  test('generates root stack Template', async () => {
+    const app = new cdk.App();
+    let mocksynth: cdk.IStackSynthesizer;
+    const stack = new AmplifyRootStack(app, 'rootStack', { synthesizer: mocksynth });
+
+    stack.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'DeploymentBucket',
+      },
+      'DeploymentBucketName',
+    );
+
+    stack.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'AuthRoleName',
+      },
+      'AuthRoleName',
+    );
+
+    stack.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'UnAuthRoleName',
+      },
+      'UnauthRoleName',
+    );
+
+    // Add Outputs
+    stack.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack Region',
+        value: cdk.Fn.ref('AWS::Region'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-Region'),
+      },
+      'Region',
+    );
+
+    stack.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack ID',
+        value: cdk.Fn.ref('AWS::StackName'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-StackName'),
+      },
+      'StackName',
+    );
+
+    stack.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack name',
+        value: cdk.Fn.ref('AWS::StackId'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-StackId'),
+      },
+      'StackId',
+    );
+
+    stack.addCfnOutput(
+      {
+        value: cdk.Fn.getAtt('AuthRole', 'Arn').toString(),
+      },
+      'AuthRoleArn',
+    );
+
+    stack.addCfnOutput(
+      {
+        value: cdk.Fn.getAtt('UnauthRole', 'Arn').toString(),
+      },
+      'UnAuthRoleArn',
+    );
+
+    await stack.generateRootStackResources();
+    expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot();
+  });
+});
diff --git a/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/root-stack-transform.test.ts b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/root-stack-transform.test.ts
new file mode 100644
index 00000000000..d05bd2e668b
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/__tests__/root-stack-builder/root-stack-transform.test.ts
@@ -0,0 +1,48 @@
+import { AmplifyRootStackTransform, CommandType, RootStackTransformOptions } from '../../root-stack-builder/root-stack-transform';
+import * as path from 'path';
+import { prePushCfnTemplateModifier } from '../../pre-push-cfn-processor/pre-push-cfn-modifier';
+
+jest.mock('amplify-cli-core');
+
+jest.mock('../../utils/override-skeleton-generator');
+
+describe('Check RootStack Template', () => {
+  it('Generated rootstack template during init', async () => {
+    // CFN transform for Root stack
+    const rootStackFileName = 'template.json';
+    const props: RootStackTransformOptions = {
+      resourceConfig: {
+        stackFileName: rootStackFileName,
+      },
+      cfnModifiers: prePushCfnTemplateModifier,
+    };
+    const rootTransform = new AmplifyRootStackTransform(props, CommandType.INIT);
+    const mock_template = await rootTransform.transform();
+    expect(mock_template).toMatchSnapshot();
+  });
+
+  it('Generated rootstack template during Push with overrides', async () => {
+    // CFN transform for Root stack
+    const rootStackFileName = 'template.json';
+    const rootFilePath = 'randomPath';
+    const overridePath = path.join(__dirname, 'overrides', 'override.js');
+    const overrideDir = path.join(__dirname, 'overrides');
+
+    const props: RootStackTransformOptions = {
+      resourceConfig: {
+        stackFileName: rootStackFileName,
+      },
+      deploymentOptions: {
+        rootFilePath,
+      },
+      overrideOptions: {
+        overrideFnPath: overridePath,
+        overrideDir,
+      },
+      cfnModifiers: prePushCfnTemplateModifier,
+    };
+    const rootTransform = new AmplifyRootStackTransform(props, CommandType.PUSH);
+    const mock_template = await rootTransform.transform();
+    expect(mock_template).toMatchSnapshot();
+  });
+});
diff --git a/packages/amplify-provider-awscloudformation/src/index.ts b/packages/amplify-provider-awscloudformation/src/index.ts
index 0602d926a78..6a9cf939f9e 100644
--- a/packages/amplify-provider-awscloudformation/src/index.ts
+++ b/packages/amplify-provider-awscloudformation/src/index.ts
@@ -33,6 +33,8 @@ import { $TSContext } from 'amplify-cli-core';
 export { resolveAppId } from './utils/resolve-appId';
 export { loadConfigurationForEnv } from './configuration-manager';
 import { updateEnv } from './update-env';
+export const rootStackFileName = 'root-cloudformation-stack.json';
+export { storeRootStackTemplate } from './initializer';
 
 function init(context) {
   return initializer.run(context);
@@ -156,4 +158,5 @@ module.exports = {
   loadConfigurationForEnv,
   getConfiguredSSMClient,
   updateEnv,
+  rootStackFileName,
 };
diff --git a/packages/amplify-provider-awscloudformation/src/initializer.ts b/packages/amplify-provider-awscloudformation/src/initializer.ts
index 03ddb87225a..0be6c46053d 100644
--- a/packages/amplify-provider-awscloudformation/src/initializer.ts
+++ b/packages/amplify-provider-awscloudformation/src/initializer.ts
@@ -1,9 +1,13 @@
 import { $TSContext } from 'amplify-cli-core';
 import _ from 'lodash';
+import { CommandType } from './root-stack-builder';
+import { rootStackFileName } from '.';
+import { pathManager, PathConstants, stateManager, JSONUtilities } from 'amplify-cli-core';
+import { Template } from './root-stack-builder/types';
+import { transformRootStack } from './overrideManager';
 
 const moment = require('moment');
 const path = require('path');
-const { pathManager, PathConstants, stateManager, JSONUtilities } = require('amplify-cli-core');
 const glob = require('glob');
 const archiver = require('./utils/archiver');
 const fs = require('fs-extra');
@@ -25,14 +29,10 @@ export async function run(context) {
   if (!context.exeInfo || context.exeInfo.isNewEnv) {
     context.exeInfo = context.exeInfo || {};
     const { projectName } = context.exeInfo.projectConfig;
-    const initTemplateFilePath = path.join(__dirname, '..', 'resources', 'rootStackTemplate.json');
     const timeStamp = `${moment().format('Hmmss')}`;
     const { envName = '' } = context.exeInfo.localEnvInfo;
     let stackName = normalizeStackName(`amplify-${projectName}-${envName}-${timeStamp}`);
     const awsConfig = await configurationManager.getAwsConfig(context);
-
-    await configurePermissionsBoundaryForInit(context);
-
     const amplifyServiceParams = {
       context,
       awsConfig,
@@ -41,20 +41,25 @@ export async function run(context) {
       stackName,
     };
     const { amplifyAppId, verifiedStackName, deploymentBucketName } = await amplifyServiceManager.init(amplifyServiceParams);
+    await configurePermissionsBoundaryForInit(context);
+
+    // start root stack builder and deploy
 
+    // moved cfn build to next its builder
     stackName = verifiedStackName;
     const Tags = context.amplify.getTags(context);
 
     const authRoleName = `${stackName}-authRole`;
     const unauthRoleName = `${stackName}-unauthRole`;
 
-    const rootStack = JSONUtilities.readJson(initTemplateFilePath);
-    await prePushCfnTemplateModifier(rootStack);
+    // CFN transform for Root stack
+    const rootStack = await transformRootStack(CommandType.INIT);
     // Track Amplify Console generated stacks
     if (!!process.env.CLI_DEV_INTERNAL_DISABLE_AMPLIFY_APP_DELETION) {
       rootStack.Description = 'Root Stack for AWS Amplify Console';
     }
 
+    // deploy steps
     const params = {
       StackName: stackName,
       Capabilities: ['CAPABILITY_NAMED_IAM', 'CAPABILITY_AUTO_EXPAND'],
@@ -164,12 +169,33 @@ function cloneCLIJSONForNewEnvironment(context) {
 export async function onInitSuccessful(context) {
   configurationManager.onInitSuccessful(context);
   if (context.exeInfo.isNewEnv) {
+    await storeRootStackTemplate();
     context = await storeCurrentCloudBackend(context);
     await storeArtifactsForAmplifyService(context);
   }
   return context;
 }
 
+export const storeRootStackTemplate = async (template?: Template) => {
+  // generate template again as the folder structure was not created when root stack was initiaized
+  if (template === undefined) {
+    template = await transformRootStack(CommandType.ON_INIT);
+  }
+
+  // RootStack deployed to backend/awscloudformation/build
+  const projectRoot = pathManager.findProjectRoot();
+  const rootStackBackendBuildDir = pathManager.getRootStackDirPath(projectRoot);
+  const rootStackCloudBackendBuildDir = pathManager.getCurrentCloudRootStackDirPath(projectRoot);
+
+  fs.ensureDirSync(rootStackBackendBuildDir);
+  const rootStackBackendFilePath = path.join(rootStackBackendBuildDir, rootStackFileName);
+  const rootStackCloudBackendFilePath = path.join(rootStackCloudBackendBuildDir, rootStackFileName);
+
+  JSONUtilities.writeJson(rootStackBackendFilePath, template);
+  // copy the awscloudformation backend to #current-cloud-backend
+  fs.copySync(rootStackBackendFilePath, rootStackCloudBackendFilePath);
+};
+
 function storeCurrentCloudBackend(context) {
   const zipFilename = '#current-cloud-backend.zip';
   const backendDir = context.amplify.pathManager.getBackendDirPath();
diff --git a/packages/amplify-provider-awscloudformation/src/overrideManager.ts b/packages/amplify-provider-awscloudformation/src/overrideManager.ts
new file mode 100644
index 00000000000..8a383d731bc
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/overrideManager.ts
@@ -0,0 +1,61 @@
+import { AmplifyRootStackTransform, CommandType, RootStackTransformOptions } from './root-stack-builder';
+import { rootStackFileName } from '.';
+import { prePushCfnTemplateModifier } from './pre-push-cfn-processor/pre-push-cfn-modifier';
+import * as path from 'path';
+import { pathManager } from 'amplify-cli-core';
+import { Template } from 'cloudform-types';
+/**
+ *
+ * @param context
+ * @returns
+ */
+export async function transformCfnWithOverrides(context): Promise<Template> {
+  const flags = context.parameters.options;
+  if (flags['no-override']) {
+    return;
+  }
+
+  const rootStack = await transformRootStack(CommandType.PUSH);
+  return rootStack;
+  // can enable other CFN Transfomer here and also make a registry of which categories supports overrides Transfomer
+}
+
+export const transformRootStack = async (commandType: CommandType): Promise<Template> => {
+  try {
+    let props: RootStackTransformOptions;
+    // add check here to see if the override folder is present or not
+    if (commandType === CommandType.INIT) {
+      props = {
+        resourceConfig: {
+          stackFileName: rootStackFileName,
+        },
+        cfnModifiers: prePushCfnTemplateModifier,
+      };
+    } else if (commandType === CommandType.PUSH || commandType === CommandType.ON_INIT) {
+      const projectPath = pathManager.findProjectRoot();
+      const rootFilePath = path.join(pathManager.getRootStackDirPath(projectPath), rootStackFileName);
+      const overrideFnPath = path.join(pathManager.getRootOverrideDirPath(projectPath), 'build', 'override.js');
+      const overrideDir = pathManager.getRootOverrideDirPath(projectPath);
+
+      props = {
+        resourceConfig: {
+          stackFileName: rootStackFileName,
+        },
+        deploymentOptions: {
+          rootFilePath,
+        },
+        overrideOptions: {
+          overrideFnPath,
+          overrideDir,
+        },
+        cfnModifiers: prePushCfnTemplateModifier,
+      };
+    }
+    // generate , override and deploy stacks to disk
+    const rootTransform = new AmplifyRootStackTransform(props, commandType);
+    const rootStack = await rootTransform.transform();
+    return rootStack;
+  } catch (error) {
+    throw new Error(error);
+  }
+};
diff --git a/packages/amplify-provider-awscloudformation/src/push-resources.ts b/packages/amplify-provider-awscloudformation/src/push-resources.ts
index f367bf67697..4395bf7288f 100644
--- a/packages/amplify-provider-awscloudformation/src/push-resources.ts
+++ b/packages/amplify-provider-awscloudformation/src/push-resources.ts
@@ -35,7 +35,7 @@ import { uploadAuthTriggerFiles } from './upload-auth-trigger-files';
 import archiver from './utils/archiver';
 import amplifyServiceManager from './amplify-service-manager';
 import { DeploymentManager, DeploymentStep, DeploymentOp, DeploymentStateManager, runIterativeRollback } from './iterative-deployment';
-import { Fn, Template } from 'cloudform-types';
+import { Fn } from 'cloudform-types';
 import { getGqlUpdatedResource } from './graphql-transformer/utils';
 import { isAmplifyAdminApp } from './utils/admin-helpers';
 import { fileLogger } from './utils/aws-logger';
@@ -46,6 +46,11 @@ import { preProcessCFNTemplate } from './pre-push-cfn-processor/cfn-pre-processo
 import { AUTH_TRIGGER_STACK, AUTH_TRIGGER_TEMPLATE } from './utils/upload-auth-trigger-template';
 import { ensureValidFunctionModelDependencies } from './utils/remove-dependent-function';
 import { legacyLayerMigration, postPushLambdaLayerCleanup, prePushLambdaLayerPrompt } from './lambdaLayerInvocations';
+import { CommandType } from './root-stack-builder';
+import { rootStackFileName } from '.';
+import { storeRootStackTemplate } from './initializer';
+import { transformRootStack } from './overrideManager';
+import { Template } from './root-stack-builder/types';
 
 const logger = fileLogger('push-resources');
 
@@ -53,8 +58,7 @@ const logger = fileLogger('push-resources');
 const ApiServiceNameElasticContainer = 'ElasticContainer';
 
 const spinner = ora('Updating resources in the cloud. This may take a few minutes...');
-const rootStackFileName = 'rootStackTemplate.json';
-const nestedStackFileName = 'nested-cloudformation-stack.yml';
+
 const optionalBuildDirectoryName = 'build';
 const cfnTemplateGlobPattern = '*template*.+(yaml|yml|json)';
 const parametersJson = 'parameters.json';
@@ -79,6 +83,7 @@ export async function run(context: $TSContext, resourceDefinition: $TSObject) {
       resourcesToBeDeleted,
       tagsUpdated,
       allResources,
+      rootStackUpdated,
     } = resourceDefinition;
     const cloudformationMeta = context.amplify.getProjectMeta().providers.awscloudformation;
     const {
@@ -208,6 +213,7 @@ export async function run(context: $TSContext, resourceDefinition: $TSObject) {
       resourcesToBeUpdated.length > 0 ||
       resourcesToBeDeleted.length > 0 ||
       tagsUpdated ||
+      rootStackUpdated ||
       context.exeInfo.forcePush
     ) {
       // If there is an API change, there will be one deployment step. But when there needs an iterative update the step count is > 1
@@ -221,12 +227,12 @@ export async function run(context: $TSContext, resourceDefinition: $TSObject) {
 
         // generate nested stack
         const backEndDir = pathManager.getBackendDirPath();
-        const nestedStackFilepath = path.normalize(path.join(backEndDir, providerName, nestedStackFileName));
-        await generateAndUploadRootStack(context, nestedStackFilepath, nestedStackFileName);
+        const nestedStackFilepath = path.normalize(path.join(backEndDir, providerName, rootStackFileName));
+        await generateAndUploadRootStack(context, nestedStackFilepath, rootStackFileName);
 
         // Use state manager to do the final deployment. The final deployment include not just API change but the whole Amplify Project
         const finalStep: DeploymentOp = {
-          stackTemplatePathOrUrl: nestedStackFileName,
+          stackTemplatePathOrUrl: rootStackFileName,
           tableNames: [],
           stackName: cloudformationMeta.StackName,
           parameters: {
@@ -265,6 +271,9 @@ export async function run(context: $TSContext, resourceDefinition: $TSObject) {
 
         try {
           await updateCloudFormationNestedStack(context, nestedStack, resourcesToBeCreated, resourcesToBeUpdated);
+          storeRootStackTemplate(nestedStack);
+          // if the only root stack updates, function is called with empty resources . this fn copies amplifyMeta and backend Config to #current-cloud-backend
+          context.amplify.updateamplifyMetaAfterPush([]);
         } catch (err) {
           if (err?.name === 'ValidationError' && err?.message === 'No updates are to be performed.') {
             return;
@@ -662,19 +671,17 @@ async function updateCloudFormationNestedStack(
   resourcesToBeUpdated: $TSAny,
 ) {
   const backEndDir = pathManager.getBackendDirPath();
-  const nestedStackFilepath = path.normalize(path.join(backEndDir, providerName, nestedStackFileName));
-
-  JSONUtilities.writeJson(nestedStackFilepath, nestedStack);
-
-  const transformedStackPath = await preProcessCFNTemplate(nestedStackFilepath);
-
+  const projectRoot = pathManager.findProjectRoot();
+  const nestedStackFilePath = path.join(pathManager.getRootStackDirPath(projectRoot), rootStackFileName);
+  // deploy new nested stack to disk
+  JSONUtilities.writeJson(nestedStackFilePath, nestedStack);
   const cfnItem = await new Cloudformation(context, generateUserAgentAction(resourcesToBeCreated, resourcesToBeUpdated));
   const providerDirectory = path.normalize(path.join(backEndDir, providerName));
 
-  const log = logger('updateCloudFormationNestedStack', [providerDirectory, transformedStackPath]);
+  const log = logger('updateCloudFormationNestedStack', [providerDirectory, nestedStackFilePath]);
   try {
     log();
-    await cfnItem.updateResourceStack(transformedStackPath);
+    await cfnItem.updateResourceStack(nestedStackFilePath);
   } catch (error) {
     log(error);
     throw error;
@@ -817,15 +824,33 @@ async function formNestedStack(
   serviceName?: string,
   skipEnv?: boolean,
 ) {
-  const initTemplateFilePath = path.join(__dirname, '..', 'resources', rootStackFileName);
-  const nestedStack = JSONUtilities.readJson<Template>(initTemplateFilePath);
+  // CFN transform for Root stack
+  const rootStack = await transformRootStack(CommandType.PUSH);
+
+  // get the {deploymentBucketName , AuthRoleName , UnAuthRole from overridded data}
+
+  const metaToBeUpdated = {
+    DeploymentBucketName: rootStack.Resources.DeploymentBucket.Properties.BucketName,
+    AuthRoleName: rootStack.Resources.AuthRole.Properties.RoleName,
+    UnauthRoleName: rootStack.Resources.UnauthRole.Properties.RoleName,
+  };
+  // sanitize this data if needed
+  for (const key of Object.keys(metaToBeUpdated)) {
+    if (typeof metaToBeUpdated[key] === 'object' && 'Ref' in metaToBeUpdated[key]) {
+      delete metaToBeUpdated[key];
+    }
+  }
+  // update amplify meta with updated root stack Info
+  if (Object.keys(metaToBeUpdated).length) {
+    context.amplify.updateProvideramplifyMeta(providerName, metaToBeUpdated);
+  }
 
   // Track Amplify Console generated stacks
   try {
     const amplifyMeta = stateManager.getMeta();
     const appId = amplifyMeta.providers[providerName].AmplifyAppId;
     if ((await isAmplifyAdminApp(appId)).isAdminApp) {
-      nestedStack.Description = 'Root Stack for AWS Amplify Console';
+      rootStack.Description = 'Root Stack for AWS Amplify Console';
     }
   } catch (err) {
     console.info('App not deployed yet.');
@@ -864,7 +889,7 @@ async function formNestedStack(
       }
     });
 
-    nestedStack.Resources[APIGW_AUTH_STACK_LOGICAL_ID] = stack;
+    rootStack.Resources[APIGW_AUTH_STACK_LOGICAL_ID] = stack;
   }
 
   if (AuthTriggerTemplateURL) {
@@ -907,22 +932,22 @@ async function formNestedStack(
       });
     });
 
-    nestedStack.Resources[AUTH_TRIGGER_STACK] = stack;
+    rootStack.Resources[AUTH_TRIGGER_STACK] = stack;
   }
 
   if (NetworkStackS3Url) {
-    nestedStack.Resources[NETWORK_STACK_LOGICAL_ID] = {
+    rootStack.Resources[NETWORK_STACK_LOGICAL_ID] = {
       Type: 'AWS::CloudFormation::Stack',
       Properties: {
         TemplateURL: NetworkStackS3Url,
       },
     };
 
-    nestedStack.Resources.DeploymentBucket.Properties['VersioningConfiguration'] = {
+    rootStack.Resources.DeploymentBucket.Properties['VersioningConfiguration'] = {
       Status: 'Enabled',
     };
 
-    nestedStack.Resources.DeploymentBucket.Properties['LifecycleConfiguration'] = {
+    rootStack.Resources.DeploymentBucket.Properties['LifecycleConfiguration'] = {
       Rules: [
         {
           ExpirationInDays: 7,
@@ -1060,7 +1085,7 @@ async function formNestedStack(
         if (resourceDetails.providerMetadata) {
           templateURL = resourceDetails.providerMetadata.s3TemplateURL;
 
-          nestedStack.Resources[resourceKey] = {
+          rootStack.Resources[resourceKey] = {
             Type: 'AWS::CloudFormation::Stack',
             Properties: {
               TemplateURL: templateURL,
@@ -1080,12 +1105,12 @@ async function formNestedStack(
       const authParameters = loadResourceParameters(context, 'auth', authResourceName);
 
       if (authParameters.identityPoolName) {
-        updateIdPRolesInNestedStack(nestedStack, authResourceName);
+        updateIdPRolesInNestedStack(rootStack, authResourceName);
       }
     }
   }
 
-  return nestedStack;
+  return rootStack;
 }
 
 function updateIdPRolesInNestedStack(nestedStack: $TSAny, authResourceName: $TSAny) {
diff --git a/packages/amplify-provider-awscloudformation/src/root-stack-builder/index.ts b/packages/amplify-provider-awscloudformation/src/root-stack-builder/index.ts
new file mode 100644
index 00000000000..198cae5cf99
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/root-stack-builder/index.ts
@@ -0,0 +1,2 @@
+export { AmplifyRootStackTransform, CommandType, ResourceConfig, RootStackTransformOptions } from './root-stack-transform';
+export { AmplifyRootStackTemplate } from './types';
diff --git a/packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-builder.ts b/packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-builder.ts
new file mode 100644
index 00000000000..ff38fbd5b90
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-builder.ts
@@ -0,0 +1,190 @@
+import * as cdk from '@aws-cdk/core';
+import * as s3 from '@aws-cdk/aws-s3';
+import * as iam from '@aws-cdk/aws-iam';
+import { AmplifyRootStackTemplate } from './types';
+import { IStackSynthesizer, ISynthesisSession } from '@aws-cdk/core';
+
+const CFN_TEMPLATE_FORMAT_VERSION = '2010-09-09';
+const ROOT_CFN_DESCRIPTION = 'Root Stack for AWS Amplify CLI';
+
+export type AmplifyRootStackProps = {
+  synthesizer: IStackSynthesizer;
+};
+
+export class AmplifyRootStack extends cdk.Stack implements AmplifyRootStackTemplate {
+  _scope: cdk.Construct;
+  deploymentBucket: s3.CfnBucket;
+  authRole: iam.CfnRole;
+  unauthRole: iam.CfnRole;
+  private _cfnParameterMap: Map<string, cdk.CfnParameter> = new Map();
+
+  constructor(scope: cdk.Construct, id: string, props: AmplifyRootStackProps) {
+    super(scope, id, props);
+    this._scope = scope;
+    this.templateOptions.templateFormatVersion = CFN_TEMPLATE_FORMAT_VERSION;
+    this.templateOptions.description = ROOT_CFN_DESCRIPTION;
+  }
+
+  /**
+   *
+   * @param props :cdk.CfnOutputProps
+   * @param logicalId: : lodicalId of the Resource
+   */
+  addCfnOutput(props: cdk.CfnOutputProps, logicalId: string): void {
+    try {
+      new cdk.CfnOutput(this, logicalId, props);
+    } catch (error) {
+      throw new Error(error);
+    }
+  }
+
+  /**
+   *
+   * @param props
+   * @param logicalId
+   */
+  addCfnMapping(props: cdk.CfnMappingProps, logicalId: string): void {
+    try {
+      new cdk.CfnMapping(this, logicalId, props);
+    } catch (error) {
+      throw new Error(error);
+    }
+  }
+
+  /**
+   *
+   * @param props
+   * @param logicalId
+   */
+  addCfnCondition(props: cdk.CfnConditionProps, logicalId: string): void {
+    try {
+      new cdk.CfnCondition(this, logicalId, props);
+    } catch (error) {
+      throw new Error(error);
+    }
+  }
+  /**
+   *
+   * @param props
+   * @param logicalId
+   */
+  addCfnResource(props: cdk.CfnResourceProps, logicalId: string): void {
+    try {
+      new cdk.CfnResource(this, logicalId, props);
+    } catch (error) {
+      throw new Error(error);
+    }
+  }
+
+  /**
+   *
+   * @param props
+   * @param logicalId
+   */
+  addCfnParameter(props: cdk.CfnParameterProps, logicalId: string): void {
+    try {
+      if (this._cfnParameterMap.has(logicalId)) {
+        throw new Error('logical Id already Exists');
+      }
+      this._cfnParameterMap.set(logicalId, new cdk.CfnParameter(this, logicalId, props));
+    } catch (error) {
+      throw new Error(error);
+    }
+  }
+
+  getCfnParameter(logicalId: string): cdk.CfnParameter {
+    if (this._cfnParameterMap.has(logicalId)) {
+      return this._cfnParameterMap.get(logicalId);
+    } else {
+      throw new Error(`Cfn Parameter with LogicalId ${logicalId} doesnt exist`);
+    }
+  }
+
+  generateRootStackResources = async () => {
+    this.deploymentBucket = new s3.CfnBucket(this, 'DeploymentBucket', {
+      bucketName: this._cfnParameterMap.get('DeploymentBucketName').valueAsString,
+    });
+
+    this.deploymentBucket.applyRemovalPolicy(cdk.RemovalPolicy.RETAIN);
+
+    this.authRole = new iam.CfnRole(this, 'AuthRole', {
+      roleName: this._cfnParameterMap.get('AuthRoleName').valueAsString,
+      assumeRolePolicyDocument: {
+        Version: '2012-10-17',
+        Statement: [
+          {
+            Sid: '',
+            Effect: 'Deny',
+            Principal: {
+              Federated: 'cognito-identity.amazonaws.com',
+            },
+            Action: 'sts:AssumeRoleWithWebIdentity',
+          },
+        ],
+      },
+    });
+
+    this.unauthRole = new iam.CfnRole(this, 'UnauthRole', {
+      roleName: this._cfnParameterMap.get('UnauthRoleName').valueAsString,
+      assumeRolePolicyDocument: {
+        Version: '2012-10-17',
+        Statement: [
+          {
+            Sid: '',
+            Effect: 'Deny',
+            Principal: {
+              Federated: 'cognito-identity.amazonaws.com',
+            },
+            Action: 'sts:AssumeRoleWithWebIdentity',
+          },
+        ],
+      },
+    });
+  };
+
+  // add Function for Custom Resource in Root stack
+  /**
+   *
+   * @param _
+   * @returns
+   */
+  public renderCloudFormationTemplate = (_: ISynthesisSession): string => {
+    return JSON.stringify(this._toCloudFormation(), undefined, 2);
+  };
+}
+
+/**
+ * additional class to merge CFN parameters and CFN outputs as cdk doesnt allow same logical ID of constructs in same stack
+ */
+export class AmplifyRootStackOutputs extends cdk.Stack implements AmplifyRootStackTemplate {
+  constructor(scope: cdk.Construct, id: string, props: AmplifyRootStackProps) {
+    super(scope, id, props);
+  }
+  deploymentBucket?: s3.CfnBucket;
+  authRole?: iam.CfnRole;
+  unauthRole?: iam.CfnRole;
+
+  addCfnParameter(props: cdk.CfnParameterProps, logicalId: string): void {
+    throw new Error('Method not implemented.');
+  }
+  addCfnOutput(props: cdk.CfnOutputProps, logicalId: string): void {
+    try {
+      new cdk.CfnOutput(this, logicalId, props);
+    } catch (error) {
+      throw new Error(error);
+    }
+  }
+  addCfnMapping(props: cdk.CfnMappingProps, logicalId: string): void {
+    throw new Error('Method not implemented.');
+  }
+  addCfnCondition(props: cdk.CfnConditionProps, logicalId: string): void {
+    throw new Error('Method not implemented.');
+  }
+  addCfnResource(props: cdk.CfnResourceProps, logicalId: string): void {
+    throw new Error('Method not implemented.');
+  }
+
+  public renderCloudFormationTemplate = (_: ISynthesisSession): string => {
+    return JSON.stringify((this as any)._toCloudFormation(), undefined, 2);
+  };
+}
diff --git a/packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-transform.ts b/packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-transform.ts
new file mode 100644
index 00000000000..0422cf117e1
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/root-stack-builder/root-stack-transform.ts
@@ -0,0 +1,264 @@
+import { AmplifyRootStackTemplate, Template } from './types';
+import { JSONUtilities, pathManager } from 'amplify-cli-core';
+import { AmplifyRootStack, AmplifyRootStackOutputs } from './root-stack-builder';
+import { RootStackSythesizer } from './stackSynthesizer';
+import { App } from '@aws-cdk/core';
+import * as cdk from '@aws-cdk/core';
+import { buildOverrideDir } from '../utils/override-skeleton-generator';
+
+export enum CommandType {
+  'PUSH',
+  'INIT',
+  'ON_INIT',
+}
+
+type RootStackOptions = {
+  rootStackFileName: string;
+  event: CommandType;
+  overrideDir?: string;
+};
+
+export type RootStackConfig = {
+  stackFileName: string;
+};
+
+export type ResourceConfig = {
+  resourceName: string;
+  categoryName: string;
+  stackFileName: string;
+};
+
+export interface RootStackTransformOptions {
+  //inputParser: IInputParser[];  // not needed for root stack
+  resourceConfig: RootStackConfig;
+  deploymentOptions?: DeploymentOptions;
+  overrideOptions?: OverrideOptions;
+  cfnModifiers: Function;
+}
+
+export interface DeploymentOptions {
+  templateStack?: Template;
+  rootFilePath: string;
+}
+
+export interface OverrideOptions {
+  overrideFnPath: string;
+  overrideDir: string;
+}
+
+export class AmplifyRootStackTransform {
+  private app: App | undefined;
+  private _rootTemplateObj: AmplifyRootStack; // Props to modify Root stack data
+  private _resourceConfig: RootStackConfig; // Config about resource to override (in this case only root stack)
+  private _rootStackOptions: RootStackOptions; // options to help generate  cfn template
+  private _command: CommandType;
+  private _synthesizer: RootStackSythesizer;
+  private _synthesizerOutputs: RootStackSythesizer;
+  private _rootTemplateObjOutputs: AmplifyRootStackOutputs;
+  private _deploymentOptions: DeploymentOptions;
+  private _overrideProps: OverrideOptions;
+  private _cfnModifiers: Function;
+
+  constructor(options: RootStackTransformOptions, command: CommandType) {
+    this._resourceConfig = options.resourceConfig;
+    this._command = command;
+    this._synthesizer = new RootStackSythesizer();
+    this.app = new App();
+    this._synthesizerOutputs = new RootStackSythesizer();
+    this._deploymentOptions = options.deploymentOptions;
+    this._overrideProps = options.overrideOptions;
+    this._cfnModifiers = options.cfnModifiers;
+  }
+
+  public async transform(): Promise<Template> {
+    // parse Input data
+    this._rootStackOptions = await this.getInput(); // get RootStackOptions from cli-inputs.json (not required for root Stack)
+
+    // generate cfn Constructs and AmplifyRootStackTemplate object to get overridden
+    await this.generateRootStackTemplate();
+
+    // apply override on Amplify Object having CDK Constructs for Root Stack
+    await this.applyOverride();
+
+    // generate CFN template
+    const template: Template = await this.synthesizeTemplates();
+
+    this._cfnModifiers(template);
+
+    // save stack
+    if (this._command === CommandType.PUSH) {
+      await this.deployOverrideStacksToDisk({
+        templateStack: template,
+        rootFilePath: this._deploymentOptions.rootFilePath,
+      });
+    }
+    return template;
+  }
+
+  private applyOverride = async () => {
+    if (this._rootStackOptions.event === CommandType.PUSH) {
+      const { overrideProps } = await import(this._overrideProps.overrideFnPath);
+      if (typeof overrideProps === 'function' && overrideProps) {
+        await buildOverrideDir(this._overrideProps.overrideDir);
+        this._rootTemplateObj = overrideProps(this._rootTemplateObj as AmplifyRootStackTemplate);
+      } else {
+        console.log('There is no override setup yet for Root Stack. To enable override : Run amplify override root');
+      }
+    }
+  };
+  /**
+   *
+   * @returns Object required to generate Stack using cdk
+   */
+  private getInput = async (): Promise<RootStackOptions> => {
+    if (this._command === CommandType.INIT || this._command === CommandType.ON_INIT) {
+      const buildConfig: RootStackOptions = {
+        event: this._command,
+        rootStackFileName: this._resourceConfig.stackFileName,
+      };
+      return buildConfig;
+    } else {
+      const projectPath = pathManager.findProjectRoot();
+      const buildConfig: RootStackOptions = {
+        event: this._command,
+        rootStackFileName: this._resourceConfig.stackFileName,
+        overrideDir: pathManager.getRootOverrideDirPath(projectPath),
+      };
+      return buildConfig;
+    }
+  };
+
+  /**
+   * Generates Root stack Template
+   * @returns CFN Template
+   */
+  private generateRootStackTemplate = async () => {
+    this._rootTemplateObj = new AmplifyRootStack(this.app, 'AmplifyRootStack', { synthesizer: this._synthesizer });
+
+    this._rootTemplateObj.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'DeploymentBucket',
+      },
+      'DeploymentBucketName',
+    );
+
+    this._rootTemplateObj.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'AuthRoleName',
+      },
+      'AuthRoleName',
+    );
+
+    this._rootTemplateObj.addCfnParameter(
+      {
+        type: 'String',
+        description: 'Name of the common deployment bucket provided by the parent stack',
+        default: 'UnAuthRoleName',
+      },
+      'UnauthRoleName',
+    );
+
+    // Add Outputs
+    this._rootTemplateObj.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack Region',
+        value: cdk.Fn.ref('AWS::Region'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-Region'),
+      },
+      'Region',
+    );
+
+    this._rootTemplateObj.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack ID',
+        value: cdk.Fn.ref('AWS::StackName'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-StackName'),
+      },
+      'StackName',
+    );
+
+    this._rootTemplateObj.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack name',
+        value: cdk.Fn.ref('AWS::StackId'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-StackId'),
+      },
+      'StackId',
+    );
+
+    this._rootTemplateObj.addCfnOutput(
+      {
+        value: cdk.Fn.getAtt('AuthRole', 'Arn').toString(),
+      },
+      'AuthRoleArn',
+    );
+
+    this._rootTemplateObj.addCfnOutput(
+      {
+        value: cdk.Fn.getAtt('UnauthRole', 'Arn').toString(),
+      },
+      'UnAuthRoleArn',
+    );
+
+    await this._rootTemplateObj.generateRootStackResources();
+
+    // add another stack as above stack duplicate logical Ids
+    this._rootTemplateObjOutputs = new AmplifyRootStackOutputs(this.app, 'AmplifyRootStackOutputs', {
+      synthesizer: this._synthesizerOutputs,
+    });
+    this._rootTemplateObjOutputs.addCfnOutput(
+      {
+        description: 'CloudFormation provider root stack deployment bucket name',
+        value: cdk.Fn.ref('DeploymentBucketName'),
+        exportName: cdk.Fn.sub('${AWS::StackName}-DeploymentBucketName'),
+      },
+      'DeploymentBucketName',
+    );
+
+    this._rootTemplateObjOutputs.addCfnOutput(
+      {
+        value: cdk.Fn.ref('AuthRoleName'),
+      },
+      'AuthRoleName',
+    );
+
+    this._rootTemplateObjOutputs.addCfnOutput(
+      {
+        value: cdk.Fn.ref('UnauthRoleName'),
+      },
+      'UnauthRoleName',
+    );
+  };
+
+  /**
+   *
+   * @returns return CFN templates sunthesized by app
+   */
+  private synthesizeTemplates = async (): Promise<Template> => {
+    this.app?.synth();
+    const templates = this._synthesizer.collectStacks();
+    const templatesOutput = this._synthesizerOutputs.collectStacks();
+    const cfnRootStack: Template = templates.get('AmplifyRootStack');
+    const cfnRootStackOutputs: Template = templatesOutput.get('AmplifyRootStackOutputs');
+    Object.assign(cfnRootStack.Outputs, cfnRootStackOutputs.Outputs);
+    return cfnRootStack;
+  };
+
+  private deployOverrideStacksToDisk = async (props: DeploymentOptions) => {
+    if (this._rootStackOptions.event === CommandType.PUSH) {
+      JSONUtilities.writeJson(props.rootFilePath, props.templateStack);
+    }
+  };
+
+  public getRootStack(): AmplifyRootStack {
+    if (this._rootTemplateObj != null) {
+      return this._rootTemplateObj;
+    } else {
+      throw new Error('Root Stack Template doesnt exist');
+    }
+  }
+}
diff --git a/packages/amplify-provider-awscloudformation/src/root-stack-builder/stackSynthesizer.ts b/packages/amplify-provider-awscloudformation/src/root-stack-builder/stackSynthesizer.ts
new file mode 100644
index 00000000000..44ea4f0afa3
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/root-stack-builder/stackSynthesizer.ts
@@ -0,0 +1,45 @@
+import { ISynthesisSession, Stack, LegacyStackSynthesizer } from '@aws-cdk/core';
+import { Template } from './types';
+import { AmplifyRootStack, AmplifyRootStackOutputs } from './root-stack-builder';
+
+export class RootStackSythesizer extends LegacyStackSynthesizer {
+  private stacks: Map<string, Stack> = new Map();
+  private static readonly stackAssets: Map<string, Template> = new Map();
+
+  protected synthesizeStackTemplate(stack: Stack, session: ISynthesisSession): void {
+    if (stack instanceof AmplifyRootStackOutputs) {
+      this.addStack(stack);
+      const template = stack.renderCloudFormationTemplate(session) as string;
+      const templateName = stack.node.id;
+      this.setStackAsset(templateName, template);
+      return;
+    } else if (stack instanceof AmplifyRootStack) {
+      this.addStack(stack);
+      const template = stack.renderCloudFormationTemplate(session) as string;
+      const templateName = stack.node.id;
+      this.setStackAsset(templateName, template);
+      return;
+    } else {
+      throw new Error('Error synthesizing the template. Expected Stack to be either instance of AmplifyRootStack');
+    }
+  }
+
+  setStackAsset(templateName: string, template: string): void {
+    RootStackSythesizer.stackAssets.set(templateName, JSON.parse(template));
+  }
+
+  collectStacks(): Map<string, Template> {
+    return new Map(RootStackSythesizer.stackAssets.entries());
+  }
+
+  addStack(stack: Stack) {
+    this.stacks.set(stack.node.id, stack);
+  }
+
+  getStack = (stackName: string): Stack => {
+    if (this.stacks.has(stackName)) {
+      return this.stacks.get(stackName)!;
+    }
+    throw new Error(`Stack ${stackName} is not created`);
+  };
+}
diff --git a/packages/amplify-provider-awscloudformation/src/root-stack-builder/types.ts b/packages/amplify-provider-awscloudformation/src/root-stack-builder/types.ts
new file mode 100644
index 00000000000..24629692e99
--- /dev/null
+++ b/packages/amplify-provider-awscloudformation/src/root-stack-builder/types.ts
@@ -0,0 +1,31 @@
+import * as cdk from '@aws-cdk/core';
+import * as s3 from '@aws-cdk/aws-s3';
+import * as iam from '@aws-cdk/aws-iam';
+
+export interface AmplifyRootStackTemplate {
+  deploymentBucket?: s3.CfnBucket;
+  authRole?: iam.CfnRole;
+  unauthRole?: iam.CfnRole;
+
+  addCfnParameter(props: cdk.CfnParameterProps, logicalId: string): void;
+  addCfnOutput(props: cdk.CfnOutputProps, logicalId: string): void;
+  addCfnMapping(props: cdk.CfnMappingProps, logicalId: string): void;
+  addCfnCondition(props: cdk.CfnConditionProps, logicalId: string): void;
+  addCfnResource(props: cdk.CfnResourceProps, logicalId: string): void;
+}
+
+export interface Template {
+  AWSTemplateFormatVersion?: string;
+  Description?: string;
+  Metadata?: Record<string, any>;
+  Parameters?: Record<string, any>;
+  Mappings?: {
+    [key: string]: {
+      [key: string]: Record<string, string | number | string[]>;
+    };
+  };
+  Conditions?: Record<string, any>;
+  Transform?: any;
+  Resources?: Record<string, any>;
+  Outputs?: Record<string, any>;
+}
diff --git a/packages/amplify-provider-awscloudformation/src/utility-functions.js b/packages/amplify-provider-awscloudformation/src/utility-functions.js
index 03c6e69b7e1..87a2ab8e385 100644
--- a/packages/amplify-provider-awscloudformation/src/utility-functions.js
+++ b/packages/amplify-provider-awscloudformation/src/utility-functions.js
@@ -6,6 +6,8 @@ const { Lex } = require('./aws-utils/aws-lex');
 const Polly = require('./aws-utils/aws-polly');
 const SageMaker = require('./aws-utils/aws-sagemaker');
 const { transformGraphQLSchema, getDirectiveDefinitions } = require('./transform-graphql-schema');
+const { transformCfnWithOverrides } = require('./overrideManager');
+
 const { updateStackForAPIMigration } = require('./push-resources');
 const SecretsManager = require('./aws-utils/aws-secretsmanager');
 const Route53 = require('./aws-utils/aws-route53');
@@ -60,6 +62,11 @@ module.exports = {
 
     return transformGraphQLSchema(context, optionsWithUpdateHandler);
   },
+
+  buildOverrides: async (context, category, options) => {
+    return transformCfnWithOverrides(context, category, options);
+  },
+
   newSecret: async (context, options) => {
     const { description, secret, name, version } = options;
     const client = await new SecretsManager(context);
diff --git a/packages/amplify-provider-awscloudformation/src/utils/override-skeleton-generator.ts b/packages/amplify-provider-awscloudformation/src/utils/override-skeleton-generator.ts
index a4a11e456d9..20b5d67b9b7 100644
--- a/packages/amplify-provider-awscloudformation/src/utils/override-skeleton-generator.ts
+++ b/packages/amplify-provider-awscloudformation/src/utils/override-skeleton-generator.ts
@@ -21,10 +21,10 @@ export const generateOverrideSkeleton = async (context: $TSContext): Promise<voi
 
   // 2. Build Override Directory
 
-  buildOverrideDir(overrideDirPath);
+  await buildOverrideDir(overrideDirPath);
 };
 
-function buildOverrideDir(cwd: string) {
+export async function buildOverrideDir(cwd: string) {
   const packageManager = getPackageManager(cwd);
 
   if (packageManager === null) {