5.0.0
Amplify CLI version 5.0.0 includes two major changes:
- IAM Permissions Boundary feature
- Updated Lambda layer behavior
IAM Permissions Boundary
AWS Amplify CLI now supports IAM permission boundaries to limit Amplify-generated IAM roles. The AWS Amplify CLI is a command line toolchain that helps frontend developers create app backends in the cloud that include IAM roles controlling access to AWS resources. With IAM permissions boundaries, Amplify-generated IAM roles can perform only the actions that are allowed by both the roles’ policies and permissions boundary.
With today’s launch, IT admins can ensure that their developers and Amplify backends have access only to the services that they need. In addition, organizations that require every IAM role to have a permissions boundary assigned can now adopt AWS Amplify CLI. Learn more about how to setup IAM permissions boundaries for Amplify-generated IAM roles in the Amplify documentation.
Updated Lambda layer behavior
Amplify has updated the way Lambda layer versions are managed with Amplify CLI version 5.0.0. Amplify CLI enables you to configure Lambda layers to pull common code & assets for your Lambda functions into a centralized location.
In order to take advantage of the newest features and bug fixes, a one-way migration is required for layers created with an older Amplify CLI version. All developers working on a common Amplify project and any CI/CD pipelines should upgrade to the latest version of Amplify CLI.
How to initiate layer migration
Any update to an existing Lambda layer triggers a migration for that layer upon amplify push
. Once the layers are migrated, the layers CANNOT be used with Amplify CLI below version 5.0.0.
Changes to layer behavior
Starting with the Amplify CLI version 5.0.0 and above, the following changes are coming to Lambda layers:
- Ability to pin a function to always use the latest layer version of a Lambda layer
- Layers auto-installs and packages dependencies listed within
package.json
orPipfile
- Ability to customize layer version descriptions
- Ability to delete individual Lambda layer versions
- Bug fix: Layer version updates are now managed globally, preventing multiple team members from creating conflicting layer versions