adding new page for access customization, configuring geofence collections, and new set up page

Author: manavgurnani21

src/components/GeoLegacyResourcesBanner/GeoLegacyResourcesBanner.tsx

@@ -5,9 +5,17 @@ import classNames from 'classnames';
 export const GeoLegacyResourcesBanner = () => {
   return (
     <Callout backgroundColor="background.error">
-      Amazon Location Service has introduced new APIs for Maps and Places which
-      no longer require account-bound resources. Amplify Geo no longer supports
-      the provisioning of legacy (account-bound) maps and place indices. Please{' '}
+      Amazon Location Service has introduced{' '}
+      <Link
+        href="https://us-west-2.console.aws.amazon.com/location/home?region=us-west-2#/feature-spotlight"
+        passHref
+        className={classNames('amplify-link')}
+      >
+        new APIs for Maps and Places
+      </Link>{' '}
+      which no longer require account-bound resources. Amplify Geo no longer
+      supports the provisioning of legacy (account-bound) maps and place
+      indices. Please{' '}
       <Link
         href="https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_location-readme.html"
         passHref

src/directory/directory.mjs

@@ -530,6 +530,9 @@ export const directory = {
                     {
                       path: 'src/pages/[platform]/build-a-backend/add-aws-services/geo/set-up-geo/index.mdx'
                     },
+                    {
+                      path: 'src/pages/[platform]/build-a-backend/add-aws-services/geo/custom-authorization/index.mdx'
+                    },
                     {
                       path: 'src/pages/[platform]/build-a-backend/add-aws-services/geo/maps/index.mdx'
                     },

src/pages/[platform]/build-a-backend/add-aws-services/geo/configure-geofencing/index.mdx

@@ -29,70 +29,62 @@ A Geofence is a virtual perimeter for a real-world geographic area. A Geofence c
 
 ## Setup a new Geofence Collection
 
+```ts title="amplify/geo/resource.ts"
+import { defineCollection } from "@aws-amplify/backend-geo";
+
+export const collection = defineCollection({
+  name: 'amplifyCollection',
+  description: 'This is an Amplify collection.',
+  access: (allow) => [
+    allow.authenticated.to(['create', 'read', 'update', 'delete', 'list']),
+    allow.guest.to(['read', 'list'])
+  ]
+});
+```
+
+Now update your `backend.ts` file with the collection created in your `resource.ts` file.
+
 ```ts title="amplify/backend.ts"
 import { defineBackend } from "@aws-amplify/backend";
 import { Policy, PolicyStatement } from "aws-cdk-lib/aws-iam";
 import { CfnGeofenceCollection } from "aws-cdk-lib/aws-location";
 import { auth } from "./auth/resource";
 import { data } from "./data/resource";
+import { collection } from "./geo/resource";
 
 const backend = defineBackend({
   auth,
   data,
-  // additional resources
+  collection
 });
+```
 
-const geoStack = backend.createStack("geo-stack");
-
-// create a location services geofence collection
-const myGeofenceCollection = new CfnGeofenceCollection(
-  geoStack,
-  "GeofenceCollection",
-  {
-    collectionName: "myGeofenceCollection",
-    pricingPlan: "RequestBasedUsage",
-    tags: [
-      {
-        key: "name",
-        value: "myGeofenceCollection",
-      },
-    ],
-  }
-);
-
-// create an IAM policy to allow interacting with geofence collection resource
-const myGeofenceCollectionPolicy = new Policy(
-  geoStack,
-  "GeofenceCollectionPolicy",
-  {
-    policyName: "myGeofenceCollectionPolicy",
-    statements: [
-      new PolicyStatement({
-        actions: [
-          "geo:GetGeofence",
-          "geo:PutGeofence",
-          "geo:BatchPutGeofence",
-          "geo:BatchDeleteGeofence",
-          "geo:ListGeofences",
-        ],
-        resources: [myGeofenceCollection.attrArn],
-      }),
-    ],
-  }
-);
-
-// apply the policy to the authenticated and unauthenticated roles
-backend.auth.resources.authenticatedUserIamRole.attachInlinePolicy(myGeofenceCollectionPolicy);
-backend.auth.resources.unauthenticatedUserIamRole.attachInlinePolicy(myGeofenceCollectionPolicy);
-
-// patch the geofence collection resource to the expected output configuration
-backend.addOutput({
-  geo: {
-    geofence_collections: {
-      default: myGeofenceCollection.collectionName,
-      items: [myGeofenceCollection.collectionName],
-    },
-  },
+<Callout warning="true">
+
+AWS Location API keys currently do not support geofence collections or their associated APIs. Adding acesss definitions for any API keys using the `allow.apiKey.to()` definition will NOT result in the creation of an API key.
+
+</Callout>
+
+## Configure additional geofence collections
+
+Amplify Geo gives you the ability to configure your backend to automatically request and manage multiple geofence collections.
+
+You can define these additional geofence collections by reusing the `defineCollection` function while providing a unique `name` to identify the collection. You can configure specific access permissions to these collections by adding them to the API with the unique `name`.
+
+<Callout info>
+
+**Note**: If numerous geofence collections are defined, then one of them must be marked as default using the `isDefault` flag.
+
+</Callout>
+
+```ts title="amplify/geo/resource.ts"
+export const firstCollection = defineCollection({
+  name: 'firstCollection',
+  isDefault: true
+});
+
+export const secondCollection = defineCollection({
+  name: 'secondCollection'
 });
 ```
 
@@ -117,30 +109,21 @@ export const auth = defineAuth({
 });
 ```
 
-2. Add permissions to the Cognito User Pool Group role
+2. Update the collection access definition in your `resource.ts`
 
-```ts title="amplify/backend.ts"
-const myGeofenceCollectionPolicy = new Policy(
-  geoStack,
-  "GeofenceCollectionPolicy",
-  {
-    policyName: "myGeofenceCollectionPolicy",
-    statements: [
-      new PolicyStatement({
-        actions: [
-          "geo:GetGeofence",
-          "geo:PutGeofence",
-          "geo:BatchPutGeofence",
-          "geo:BatchDeleteGeofence",
-          "geo:ListGeofences",
-        ],
-        resources: [myGeofenceCollection.attrArn],
-      }),
-    ],
-  }
-);
-
-backend.auth.resources.groups["User"].role.attachInlinePolicy(myGeofenceCollectionPolicy);
+```ts title="amplify/geo/resource.ts"
+import { defineCollection } from "@aws-amplify/backend-geo";
+
+export const collection = defineCollection({
+  name: 'amplifyCollection',
+  description: 'This is an Amplify collection.',
+  access: (allow) => [
+    allow.authenticated.to(['create', 'read', 'update', 'delete', 'list']),
+    allow.guest.to(['read', 'list']),
+    // highlight-next-line
+    allow.groups("User").to(['read', 'update'])
+  ]
+});
 ```
 
 > Note: If you combine `Auth/Guest user access` and `Individual Group access`, users who are members of a group will only be granted the permissions of the group, and not the authenticated user permissions. The permissions apply to ALL Geofences in a collection. For example, If you add `Read` permission such as `ListGeofences` and `GetGeofence` to `User` Cognito group, ALL users added to that group will be able to read the properties of ALL Geofences in that Geofence collection.

src/pages/[platform]/build-a-backend/add-aws-services/geo/configure-location-search/index.mdx

@@ -27,131 +27,51 @@ export function getStaticProps(context) {
   };
 }
 
-
-Amplify's `geo` category enables you to search by places, addresses, and coordinates in your app with "place index" resources.
+Amplify's `geo` category enables you to search by places, addresses, and coordinates in your app with "place index" resources. These resources also include an API key with access restrictions specified from the `access` callback. This API key will be used to render the location search components if your application requires access control on the components. To set up or learn more about Amazon Location API keys, visit the [developer guide](https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html).
 
 ## Setup a new Location Search Index
 
+```ts title="amplify/geo/resource.ts"
+import { definePlace } from "@aws-amplify/backend-geo";
+
+export const searchIndex = definePlace({
+  name: 'amplfyPlace',
+  description: 'This is an Amplify search index.',
+  access: (allow) => [
+    allow.authenticated.to(['autocomplete', 'geocode']),
+    allow.guest.to(['autocomplete', 'geocode']),
+    allow.apiKey.to(['search'])
+  ],
+  apiKeyProps: {
+    apiKeyName: 'amplifyPlaceIndexKey'
+  }
+});
+```
+
+Now update your `backend.ts` file with the place index created in your `resource.ts` file.
+
 ```ts title="amplify/backend.ts"
 import { defineBackend } from "@aws-amplify/backend";
-import { Policy, PolicyStatement } from "aws-cdk-lib/aws-iam";
-// highlight-next-line
-import { CfnMap, CfnPlaceIndex } from "aws-cdk-lib/aws-location";
 import { auth } from "./auth/resource";
 import { data } from "./data/resource";
+// highlight-next-line
+import { searchIndex } from "./geo/resource";
 
 const backend = defineBackend({
   auth,
   data,
-  // additional resources
-});
-
-const geoStack = backend.createStack("geo-stack");
-
-// create a location services map
-const map = new CfnMap(geoStack, "Map", {
-  mapName: "myMap",
-  description: "Map",
-  configuration: {
-    style: "VectorEsriNavigation",
-  },
-  pricingPlan: "RequestBasedUsage",
-  tags: [
-    {
-      key: "name",
-      value: "myMap",
-    },
-  ],
-});
-
-
-// create an IAM policy to allow interacting with geo resource
-const myGeoPolicy = new Policy(geoStack, "GeoPolicy", {
-  policyName: "myGeoPolicy",
-  statements: [
-    new PolicyStatement({
-      actions: [
-        "geo:GetMapTile",
-        "geo:GetMapSprites",
-        "geo:GetMapGlyphs",
-        "geo:GetMapStyleDescriptor",
-      ],
-      resources: [map.attrArn],
-    }),
-  ],
-});
-
-// apply the policy to the authenticated and unauthenticated roles
-backend.auth.resources.authenticatedUserIamRole.attachInlinePolicy(myGeoPolicy);
-backend.auth.resources.unauthenticatedUserIamRole.attachInlinePolicy(myGeoPolicy);
-
-// highlight-start
-// create a location services place index
-const myIndex = new CfnPlaceIndex(geoStack, "PlaceIndex", {
-  dataSource: "Here",
-  dataSourceConfiguration: {
-    intendedUse: "SingleUse",
-  },
-  indexName: "myPlaceIndex",
-  pricingPlan: "RequestBasedUsage",
-  tags: [
-    {
-      key: "name",
-      value: "myPlaceIndex",
-    },
-  ],
-});
-
-// create a policy to allow access to the place index
-const myIndexPolicy = new Policy(geoStack, "IndexPolicy", {
-  policyName: "myIndexPolicy",
-  statements: [
-    new PolicyStatement({
-      actions: [
-        "geo:SearchPlaceIndexForPosition",
-        "geo:SearchPlaceIndexForText",
-        "geo:SearchPlaceIndexForSuggestions",
-        "geo:GetPlace",
-      ],
-      resources: [myIndex.attrArn],
-    }),
-  ],
-});
-
-// attach the policy to the authenticated and unauthenticated IAM roles
-backend.auth.resources.authenticatedUserIamRole.attachInlinePolicy(myIndexPolicy);
-backend.auth.resources.unauthenticatedUserIamRole.attachInlinePolicy(myIndexPolicy);
-// highlight-end
-
-// patch the place index resource to the expected output configuration
-backend.addOutput({
-  geo: {
-    aws_region: geoStack.region,
-    maps: {
-      items: {
-        [map.mapName]: {
-          style: "VectorEsriNavigation",
-        },
-      },
-      default: map.mapName,
-    },
-// highlight-start
-    search_indices: {
-      default: myIndex.indexName,
-      items: [myIndex.indexName],
-    },
-// highlight-end
-  },
+  // highlight-next-line
+  searchIndex
 });
 ```
 
-
 ## Location Search Index Pricing Plan
 The pricing plan for Search Index will be set to `RequestBasedUsage`.
 We advice you to go through the [location service pricing](https://aws.amazon.com/location/pricing/) along with the [location service terms](https://aws.amazon.com/service-terms/) (_82.5 section_) to learn more about the pricing plan.
 
 
-## Advanced Settings
+{/* MOVE THIS TO LEGACY RESOURCES PAGE */}
+{/* ## Advanced Settings
 You can optionally configure the data provider and result storage location for your location search index.
 
 ### Location Search data provider
@@ -175,4 +95,4 @@ You can specify how the results of a search operation will be stored by the call
 - SingleUse - specifies that the results won't be stored.
 - Storage - specifies that the result can be cached or stored in a database.
 
-Refer [this location service doc](https://docs.aws.amazon.com/location-places/latest/APIReference/API_DataSourceConfiguration.html#locationplaces-Type-DataSourceConfiguration-IntendedUse) for more information.
+Refer [this location service doc](https://docs.aws.amazon.com/location-places/latest/APIReference/API_DataSourceConfiguration.html#locationplaces-Type-DataSourceConfiguration-IntendedUse) for more information. */}