Skip to content
amplify.work

Customizing Auth Domain

This was last updated with the following packages:

ampx info
System:
  OS: macOS 14.7
  CPU: (10) arm64 Apple M1 Pro
  Memory: 94.00 MB / 32.00 GB
  Shell: /opt/homebrew/bin/fish
Binaries:
  Node: 22.8.0 - ~/.local/state/fnm_multishells/38414_1728665945506/bin/node
  Yarn: undefined - undefined
  npm: 10.8.2 - ~/.local/state/fnm_multishells/38414_1728665945506/bin/npm
  pnpm: 9.7.0 - ~/.local/state/fnm_multishells/38414_1728665945506/bin/pnpm
NPM Packages:
  @aws-amplify/auth-construct: Not Found
  @aws-amplify/backend: 1.4.0
  @aws-amplify/backend-auth: Not Found
  @aws-amplify/backend-cli: 1.2.9
  @aws-amplify/backend-data: Not Found
  @aws-amplify/backend-deployer: Not Found
  @aws-amplify/backend-function: Not Found
  @aws-amplify/backend-output-schemas: Not Found
  @aws-amplify/backend-output-storage: Not Found
  @aws-amplify/backend-secret: Not Found
  @aws-amplify/backend-storage: Not Found
  @aws-amplify/cli-core: Not Found
  @aws-amplify/client-config: Not Found
  @aws-amplify/deployed-backend-client: Not Found
  @aws-amplify/form-generator: Not Found
  @aws-amplify/model-generator: Not Found
  @aws-amplify/platform-core: Not Found
  @aws-amplify/plugin-types: Not Found
  @aws-amplify/sandbox: Not Found
  @aws-amplify/schema-generator: Not Found
  aws-amplify: 6.6.4
  aws-cdk: 2.162.0
  aws-cdk-lib: 2.162.0
  typescript: 5.6.3
AWS environment variables:
  AWS_PROFILE = josef
  AWS_REGION = us-east-1
  AWS_STS_REGIONAL_ENDPOINTS = regional
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables

Files

amplify/backend.ts
import { defineBackend } from "@aws-amplify/backend"
import {
  Certificate,
  CertificateValidation,
} from "aws-cdk-lib/aws-certificatemanager"
import { HostedZone } from "aws-cdk-lib/aws-route53"
import { auth } from "./auth/resource"
import { AuthWaf } from "./AuthWaf"


const backend = defineBackend({
  auth,
})


function enableAuthSubdomain() {
  // no sandbox
  if (!process.env.AWS_BRANCH) {
    return
  }


  // use the git branch to resolve the domain name
  // we'll want `auth.example.com` for main and `auth.<branch>.example.com` for others
  function resolveDomainName(root: string, branch: string) {
    const parts = ["auth", root]
    if (branch && branch !== "main") {
      parts.splice(1, 0, branch)
    }
    return parts.join(".")
  }


  // reference Route53 Hosted Zone details
  const DOMAIN = {
    HOSTED_ZONE_ID: "xxxxxx",
    HOSTED_ZONE_NAME: "example.com",
  } as const


  // create a stack for domain resources
  const stack = backend.createStack("Domain")


  // if you're not creating additional DNS records you can just use `fromHostedZoneId()`
  const hostedZone = HostedZone.fromHostedZoneAttributes(stack, "HostedZone", {
    hostedZoneId: DOMAIN.HOSTED_ZONE_ID,
    zoneName: DOMAIN.HOSTED_ZONE_NAME,
  })


  const domainName = resolveDomainName(
    DOMAIN.HOSTED_ZONE_NAME,
    process.env.AWS_BRANCH
  )


  const certificate = new Certificate(stack, "Certificate", {
    domainName,
    validation: CertificateValidation.fromDns(hostedZone),
  })


  // this leans on an implementation detail to output the custom domain to amplify_outputs.json
  backend.auth.resources.userPool.addDomain("CustomDomain", {
    customDomain: {
      domainName,
      certificate,
    },
  })
}


enableAuthSubdomain()