AWS Amplify Config Files with CI


I’ve been using AWS amplify to build my iOS app’s backend.

I have created 4 DTAP environments in the backend, with 4 different configurations, and use a run-script to switch in the correct versions of awsconfiguration.json and amplifyconfiguration.json at compile-time based on the selected scheme.

Since these auto-generated config files contain a number of secrets and API keys, I am keeping them away from source control in my .gitignore as this would be a point of failure, and I don’t want to expose my entire backend in this way.

This works fine locally, but when I run my CI on Bitrise, the build fails since these config files aren’t present. I need to find a way to get these AWS and Amplify config files into the CI to be able to create my test builds.

If I am being overly cautious, and the config files are actually fine to keep in source control (i.e. not secret), please let me know. I really don’t want to set up secrets as individual environment variables, since Amplify will have several secrets and endpoints for each environment I need, and it feels too messy and complicated to have a script building these config files as a CI stage.

Things I’ve tried:

  • Creating mock config files with fake secrets that is copied in at compile time - this fails because the compile-time script still tries to copy the non-existent config files for the real environment
  • Using individual environment variables as secrets in Bitrise - this is likely to work, but will be a monumental effort for my 1-dev startup to maintain
  • Touching a fake config file to copy over - this works but means the actual AWS infra doesn’t work in the test builds

I’ll be grateful for any thoughts, suggestions or experience anyone has.





Somebody posted a similar question in Jan - Using secret environment variables in AWS Cognito config file - but didn’t get any responses.