Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Page updated Apr 21, 2025

Configure client library

The aws-amplify client library can be configured for use inside function handler files by using the credentials available from the AWS Lambda runtime. To get started, use the getAmplifyDataClientConfig from the backend runtime package and pass the generated env object to retrieve the preconfigured resourceConfig and libraryOptions.

amplify/my-function/handler.ts
import { getAmplifyDataClientConfig } from '@aws-amplify/backend/function/runtime';
import { env } from '$amplify/env/my-function';
const { resourceConfig, libraryOptions } = await getAmplifyDataClientConfig(
env
);

When using getAmplifyDataClientConfig, your function requires schema information stored in an Amplify deployed Amazon S3 bucket. This bucket is created during backend deployment and includes necessary access grants for your function. Modifying this bucket outside of the backend deployment process may cause unexpected failures on your function.

resourceConfig and libraryOptions are returned for you to pass into Amplify.configure. This will instruct the client library which resources it can interact with, and where to retrieve AWS credentials to use when signing requests to those resources.

amplify/my-function/handler.ts
import { getAmplifyDataClientConfig } from '@aws-amplify/backend/function/runtime';
import { Amplify } from 'aws-amplify';
import { env } from '$amplify/env/my-function';
const { resourceConfig, libraryOptions } = await getAmplifyDataClientConfig(
env
);
Amplify.configure(resourceConfig, libraryOptions);

The client library will now have access to perform operations against other AWS resources as specified by the function's IAM role. This is handled for you when granting access to other resources using the access property, however it can also be extended using CDK.

Under the hood

The getAmplifyDataClientConfig function assists with creating the arguments' values to pass to Amplify.configure, which reads from the generated env object in order to produce configuration for the resources you have granted your function access to interact with. Under the hood this is also generating the configuration that specifies how the client library should behave, namely where the library should read credentials.

amplify/my-function/handler.ts
import { env } from "$amplify/env/my-function";
Amplify.configure(
{/* resource configuration */},
{
Auth: {
credentialsProvider: {
// instruct the client library to read credentials from the environment
getCredentialsAndIdentityId: async () => ({
credentials: {
accessKeyId: env.AWS_ACCESS_KEY_ID,
secretAccessKey: env.AWS_SECRET_ACCESS_KEY,
sessionToken: env.AWS_SESSION_TOKEN,
},
}),
clearCredentialsAndIdentityId: () => {
/* noop */
},
},
},
}
);