Security of AWS configuration details with environment.ts file


I got an AWS Amplify project for the first time. But I have worked on many Firebase projects. My question here is the security of AWS configuration details.

We normally put Firebase configurations on the environment.ts file and no issues for security there. But how about AWS Amplify configurations here with the environment.ts file? Is that secured or do I need to remove it from environment.ts

AWS Amplify file config is like so:

const config= {
    "aws_project_region": "",
    "aws_cognito_identity_pool_id": "",
    "aws_cognito_region": "",
    "aws_user_pools_id": "",
    "aws_user_pools_web_client_id": "",
    "oauth": {}


This is basically the aws-exports.js file that amplify creates when we initialize the project. We add this file to .gitignore so its not committed to version control. Unlike firebase, we don’t need to share this file with all developers. This file will be generated by amplify cli whenever a developer sets up the amplify project on his machine.

So the flow goes like this:

  1. A new developer can clone your amplify project repo (which contains amplify folder)
  2. Run amplify configure to login with correct aws account and create credentials for CLI.
  3. Run amplify init to select the profile you create in previous step and then select the existing amplify project on that aws account. This will automatically create that aws-exports file for that particular developer.

Thus you won’t ever need to share this file with anyone and it’ll be secure.

Answered By – Hashir Baig

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published