Configuring AWS Amplify with Terraform

In this blog post, I am going to demonstrate how you can set up an AWS Amplify app with a Route53-managed domain using Terraform.

To get started we will need to set up an AWS Amplify app using the aws_amplify_app Terraform module.

Creating The Amplify App

resource "aws_amplify_app" "my_amplify_app" {
    name = "My_Amplify_App"
    description = "App Description"
    repository = "<REPO_URL>"
    access_token = "<MyGithubAccessToken>"

Let's break this down;

  1. We are creating an Amplify app called My_Amplify_App.
  2. The app has a description of App Description which is useful when viewing the AWS Console.
  3. We are providing the URL of the GitHub repository and an access token for our Github Account. Amplify requires access to our GitHub repository because AWS manages the build and deployment of our project.

Amplify Branches

Next, we will need to create a branch for our Amplify app. This can be done using the aws_amplify_branch Terraform module.

resource "aws_amplify_branch" "my_master_branch" {
    app_id =
    branch_name = "master"
    stage = "PRODUCTION"
    enable_auto_build = true
    enable_pull_request_preview = true

Let's break this down;

  1. Amplify branches require an app_id. We can get the app id of our Amplify app using the output.
  2. We are setting the branch_name to "master". This creates a master branch within Amplify which maps to the master branch in git.
  3. Setting stage to "PRODUCTION" describes the current branch as our production stage.
  4. enable_auto_build set to true means that anytime a commit is made to the git branch, a new deployment will be triggered.
  5. enable_pull_request_preview set to true means that when a pull request is open against the branch, a preview deployment will be triggered.

Domain Association

Finally, we want to associate our domain with our Amplify app using the aws_amplify_domain_association Terraform module. This step requires verifying we own the domain name which we'll discuss a little further down.

resource "aws_amplify_domain_association" "my_app_domain" {
    app_id =
    domain_name = ""
    wait_for_verification = false

    sub_domain {
        branch_name = aws_amplify_branch.my_master_branch.branch_name
        prefix = ""

Let's break this down;

  1. We are associating the domain "" with the master branch on Amplify.
  2. wait_for_verification is set to false because in Terraform there is a circular dependency. The output from this module provides us with a certificate_verification_dns_record which we can use to set up the CNAME verification record but it only outputs once the module has completed.

Configuring Route 53.

resource "aws_route53_record" "design_record" {
  zone_id = aws_route53_zone.my_zone.zone_id
  name    = ""
  type    = "CNAME"
  ttl     = 300
  records = [aws_amplify_app.my_amplify_app.default_domain]

We are creating a Route 53 CNAME record using the aws_route53_record Terraform module that points the domain "" to the default Amplify domain name.

Next, we will need to verify our ownership of the domain using the same aws_route53_record Terraform module.

resource "aws_route53_record" "design_cname_record" {
  zone_id = aws_route53_zone.my_zone.zone_id
  name    = split(" CNAME ", aws_amplify_domain_association.my_app_domain.certificate_verification_dns_record)[0]
  type    = "CNAME"
  ttl     = 300
  records = [split(" CNAME ", aws_amplify_domain_association.my_app_domain.certificate_verification_dns_record)[1]]
  1. The certificate_verification_dns_record is a string with the format record_name CNAME record_value and is an output value from the aws_amplify_domain_association Terraform module.
  2. We can split the certificate_verification_dns_record and use its parts to form the name and value for the Route 53 record.

Third Party Domain Provider.

If you are using a third-party domain provider, you can copy the output from certificate_verification_dns_record and manually add a CNAME record. certificate_verification_dns_record is a string in the format <record_name> CNAME <record_value>.

You will also need a CNAME with the record name set to your domain name and the record value set to your Amplify default domain.