fix: Expose name prop to allow controlling resource naming (#967)

* allow customizing name for resources

* chore: add changeset

* chore: update api

* chore: cleanup

Author: awsluja

.changeset/many-lobsters-move.md

@@ -0,0 +1,5 @@
+---
+'@aws-amplify/auth-construct-alpha': patch
+---
+
+Allow users to customize the resource names for auth.

packages/auth-construct/API.md

@@ -31,6 +31,7 @@ export type AppleProviderProps = Omit<aws_cognito.UserPoolIdentityProviderAppleP
 
 // @public
 export type AuthProps = {
+    name?: string;
     loginWith: {
         email?: EmailLogin;
         phone?: PhoneNumberLogin;

packages/auth-construct/src/construct.test.ts

@@ -1734,15 +1734,113 @@ void describe('Auth construct', () => {
         },
       });
     });
+
+    void it('does not automatically map email attributes if phone is also enabled', () => {
+      const app = new App();
+      const stack = new Stack(app);
+      new AmplifyAuth(stack, 'test', {
+        loginWith: {
+          email: true,
+          phone: true, // this makes phone_number a required attribute
+          externalProviders: {
+            google: {
+              clientId: googleClientId,
+              clientSecret: SecretValue.unsafePlainText(googleClientSecret),
+            },
+            facebook: {
+              clientId: facebookClientId,
+              clientSecret: facebookClientSecret,
+            },
+            signInWithApple: {
+              clientId: appleClientId,
+              keyId: appleKeyId,
+              privateKey: applePrivateKey,
+              teamId: appleTeamId,
+            },
+            loginWithAmazon: {
+              clientId: amazonClientId,
+              clientSecret: amazonClientSecret,
+            },
+            oidc: {
+              clientId: oidcClientId,
+              clientSecret: oidcClientSecret,
+              issuerUrl: oidcIssuerUrl,
+              name: oidcProviderName,
+            },
+            callbackUrls: ['https://redirect.com'],
+            logoutUrls: ['https://logout.com'],
+          },
+        },
+      });
+      const template = Template.fromStack(stack);
+      template.hasResourceProperties('AWS::Cognito::UserPool', {
+        UsernameAttributes: ['email', 'phone_number'],
+        AutoVerifiedAttributes: ['email', 'phone_number'],
+      });
+      const mappingThatShouldNotExist = {
+        AttributeMapping: {
+          email: 'email',
+        },
+      };
+      assert.throws(() => {
+        template.hasResourceProperties(
+          'AWS::Cognito::UserPoolIdentityProvider',
+          {
+            ...ExpectedAmazonIDPProperties,
+            ...mappingThatShouldNotExist,
+          }
+        );
+      });
+      assert.throws(() => {
+        template.hasResourceProperties(
+          'AWS::Cognito::UserPoolIdentityProvider',
+          {
+            ...ExpectedAppleIDPProperties,
+            ...mappingThatShouldNotExist,
+          }
+        );
+      });
+      assert.throws(() => {
+        template.hasResourceProperties(
+          'AWS::Cognito::UserPoolIdentityProvider',
+          {
+            ...ExpectedFacebookIDPProperties,
+            ...mappingThatShouldNotExist,
+          }
+        );
+      });
+      assert.throws(() => {
+        template.hasResourceProperties(
+          'AWS::Cognito::UserPoolIdentityProvider',
+          {
+            ...ExpectedGoogleIDPProperties,
+            ...mappingThatShouldNotExist,
+          }
+        );
+      });
+      assert.throws(() => {
+        template.hasResourceProperties(
+          'AWS::Cognito::UserPoolIdentityProvider',
+          {
+            ...ExpectedOidcIDPProperties,
+            ...mappingThatShouldNotExist,
+          }
+        );
+      });
+    });
   });
 
-  void it('does not automatically map email attributes if phone is also enabled', () => {
+  void it('sets resource names based on id and name property', () => {
     const app = new App();
     const stack = new Stack(app);
+    const stackId = 'test';
+    const name = 'name';
+    const expectedPrefix = stackId + name;
     new AmplifyAuth(stack, 'test', {
+      name: name,
       loginWith: {
         email: true,
-        phone: true, // this makes phone_number a required attribute
+        phone: true,
         externalProviders: {
           google: {
             clientId: googleClientId,
@@ -1768,50 +1866,22 @@ void describe('Auth construct', () => {
             issuerUrl: oidcIssuerUrl,
             name: oidcProviderName,
           },
+          saml: {
+            name: samlProviderName,
+            metadata: {
+              metadataContent: samlMetadataContent,
+              metadataType: 'FILE',
+            },
+          },
           callbackUrls: ['https://redirect.com'],
           logoutUrls: ['https://logout.com'],
         },
       },
     });
     const template = Template.fromStack(stack);
-    template.hasResourceProperties('AWS::Cognito::UserPool', {
-      UsernameAttributes: ['email', 'phone_number'],
-      AutoVerifiedAttributes: ['email', 'phone_number'],
-    });
-    const mappingThatShouldNotExist = {
-      AttributeMapping: {
-        email: 'email',
-      },
-    };
-    assert.throws(() => {
-      template.hasResourceProperties('AWS::Cognito::UserPoolIdentityProvider', {
-        ...ExpectedAmazonIDPProperties,
-        ...mappingThatShouldNotExist,
-      });
-    });
-    assert.throws(() => {
-      template.hasResourceProperties('AWS::Cognito::UserPoolIdentityProvider', {
-        ...ExpectedAppleIDPProperties,
-        ...mappingThatShouldNotExist,
-      });
-    });
-    assert.throws(() => {
-      template.hasResourceProperties('AWS::Cognito::UserPoolIdentityProvider', {
-        ...ExpectedFacebookIDPProperties,
-        ...mappingThatShouldNotExist,
-      });
-    });
-    assert.throws(() => {
-      template.hasResourceProperties('AWS::Cognito::UserPoolIdentityProvider', {
-        ...ExpectedGoogleIDPProperties,
-        ...mappingThatShouldNotExist,
-      });
-    });
-    assert.throws(() => {
-      template.hasResourceProperties('AWS::Cognito::UserPoolIdentityProvider', {
-        ...ExpectedOidcIDPProperties,
-        ...mappingThatShouldNotExist,
-      });
+    const resourceNames = Object.keys(template['template']['Resources']);
+    resourceNames.map((name) => {
+      assert.equal(name.startsWith(expectedPrefix), true);
     });
   });
 

packages/auth-construct/src/construct.ts

@@ -103,6 +103,8 @@ export class AmplifyAuth
 
   private readonly oAuthSettings: cognito.OAuthSettings | undefined;
 
+  private readonly name: string;
+
   /**
    * Create a new Auth construct with AuthProps.
    * If no props are provided, email login and defaults will be used.
@@ -114,11 +116,13 @@ export class AmplifyAuth
   ) {
     super(scope, id);
 
+    this.name = props.name ?? '';
+
     // UserPool
     this.computedUserPoolProps = this.getUserPoolProps(props);
     this.userPool = new cognito.UserPool(
       this,
-      'UserPool',
+      `${this.name}UserPool`,
       this.computedUserPoolProps
     );
 
@@ -133,7 +137,7 @@ export class AmplifyAuth
       this.domainPrefix &&
       this.providerSetupResult.providersList.length > 0
     ) {
-      this.userPool.addDomain('UserPoolDomain', {
+      this.userPool.addDomain(`${this.name}UserPoolDomain`, {
         cognitoDomain: { domainPrefix: this.domainPrefix },
       });
     } else if (
@@ -174,7 +178,7 @@ export class AmplifyAuth
     // UserPool Client
     const userPoolClient = new cognito.UserPoolClient(
       this,
-      'UserPoolAppClient',
+      `${this.name}UserPoolAppClient`,
       {
         userPool: this.userPool,
         authFlows: DEFAULTS.AUTH_FLOWS,
@@ -244,7 +248,7 @@ export class AmplifyAuth
    */
   private setupAuthAndUnAuthRoles = (identityPoolId: string): DefaultRoles => {
     const result: DefaultRoles = {
-      auth: new Role(this, 'authenticatedUserRole', {
+      auth: new Role(this, `${this.name}authenticatedUserRole`, {
         assumedBy: new FederatedPrincipal(
           'cognito-identity.amazonaws.com',
           {
@@ -258,7 +262,7 @@ export class AmplifyAuth
           'sts:AssumeRoleWithWebIdentity'
         ),
       }),
-      unAuth: new Role(this, 'unauthenticatedUserRole', {
+      unAuth: new Role(this, `${this.name}unauthenticatedUserRole`, {
         assumedBy: new FederatedPrincipal(
           'cognito-identity.amazonaws.com',
           {
@@ -286,14 +290,19 @@ export class AmplifyAuth
   ) => {
     // setup identity pool
     const region = Stack.of(this).region;
-    const identityPool = new cognito.CfnIdentityPool(this, 'IdentityPool', {
-      allowUnauthenticatedIdentities: DEFAULTS.ALLOW_UNAUTHENTICATED_IDENTITIES,
-    });
+    const identityPool = new cognito.CfnIdentityPool(
+      this,
+      `${this.name}IdentityPool`,
+      {
+        allowUnauthenticatedIdentities:
+          DEFAULTS.ALLOW_UNAUTHENTICATED_IDENTITIES,
+      }
+    );
     const roles = this.setupAuthAndUnAuthRoles(identityPool.ref);
     const identityPoolRoleAttachment =
       new cognito.CfnIdentityPoolRoleAttachment(
         this,
-        'IdentityPoolRoleAttachment',
+        `${this.name}IdentityPoolRoleAttachment`,
         {
           identityPoolId: identityPool.ref,
           roles: {
@@ -602,7 +611,7 @@ export class AmplifyAuth
       const googleProps = external.google;
       result.google = new cognito.UserPoolIdentityProviderGoogle(
         this,
-        'GoogleIdP',
+        `${this.name}GoogleIdP`,
         {
           userPool,
           clientId: googleProps.clientId,
@@ -624,7 +633,7 @@ export class AmplifyAuth
     if (external.facebook) {
       result.facebook = new cognito.UserPoolIdentityProviderFacebook(
         this,
-        'FacebookIDP',
+        `${this.name}FacebookIDP`,
         {
           userPool,
           ...external.facebook,
@@ -645,7 +654,7 @@ export class AmplifyAuth
     if (external.loginWithAmazon) {
       result.amazon = new cognito.UserPoolIdentityProviderAmazon(
         this,
-        'AmazonIDP',
+        `${this.name}AmazonIDP`,
         {
           userPool,
           ...external.loginWithAmazon,
@@ -667,7 +676,7 @@ export class AmplifyAuth
     if (external.signInWithApple) {
       result.apple = new cognito.UserPoolIdentityProviderApple(
         this,
-        'AppleIDP',
+        `${this.name}AppleIDP`,
         {
           userPool,
           ...external.signInWithApple,
@@ -687,36 +696,44 @@ export class AmplifyAuth
       result.providersList.push('APPLE');
     }
     if (external.oidc) {
-      result.oidc = new cognito.UserPoolIdentityProviderOidc(this, 'OidcIDP', {
-        userPool,
-        ...external.oidc,
-        attributeMapping:
-          external.oidc.attributeMapping ?? shouldMapEmailAttributes
-            ? {
-                email: {
-                  attributeName: 'email',
-                },
-              }
-            : undefined,
-      });
+      result.oidc = new cognito.UserPoolIdentityProviderOidc(
+        this,
+        `${this.name}OidcIDP`,
+        {
+          userPool,
+          ...external.oidc,
+          attributeMapping:
+            external.oidc.attributeMapping ?? shouldMapEmailAttributes
+              ? {
+                  email: {
+                    attributeName: 'email',
+                  },
+                }
+              : undefined,
+        }
+      );
       result.providersList.push('OIDC');
     }
     if (external.saml) {
       const saml = external.saml;
-      result.saml = new cognito.UserPoolIdentityProviderSaml(this, 'SamlIDP', {
-        userPool,
-        attributeMapping: saml.attributeMapping,
-        identifiers: saml.identifiers,
-        idpSignout: saml.idpSignout,
-        metadata: {
-          metadataContent: saml.metadata.metadataContent,
-          metadataType:
-            saml.metadata.metadataType === 'FILE'
-              ? UserPoolIdentityProviderSamlMetadataType.FILE
-              : UserPoolIdentityProviderSamlMetadataType.URL,
-        },
-        name: saml.name,
-      });
+      result.saml = new cognito.UserPoolIdentityProviderSaml(
+        this,
+        `${this.name}SamlIDP`,
+        {
+          userPool,
+          attributeMapping: saml.attributeMapping,
+          identifiers: saml.identifiers,
+          idpSignout: saml.idpSignout,
+          metadata: {
+            metadataContent: saml.metadata.metadataContent,
+            metadataType:
+              saml.metadata.metadataType === 'FILE'
+                ? UserPoolIdentityProviderSamlMetadataType.FILE
+                : UserPoolIdentityProviderSamlMetadataType.URL,
+          },
+          name: saml.name,
+        }
+      );
       result.providersList.push('SAML');
     }
     return result;

packages/auth-construct/src/types.ts

@@ -242,6 +242,10 @@ export type TriggerEvent = (typeof triggerEvents)[number];
  * Input props for the AmplifyAuth construct
  */
 export type AuthProps = {
+  /**
+   * Specify a name which will aid in generating resource names.
+   */
+  name?: string;
   /**
    * Specify how you would like users to log in. You can choose from email, phone, and even external providers such as LoginWithAmazon.
    */