feat(amplify): source code providers

packages/@aws-cdk/aws-amplify/README.md

@@ -27,8 +27,11 @@ import amplify = require('@aws-cdk/aws-amplify');
 import cdk = require('@aws-cdk/core');
 
 const amplifyApp = new amplify.App(this, 'MyApp', {
-  repository: 'https://github.com/<user>/<repo>',
-  oauthToken: cdk.SecretValue.secretsManager('my-github-token'),
+  sourceCodeProvider: new amplify.GitHubSourceCodeProvider({
+    owner: '<user>',
+    repository: '<repo>',
+    oauthToken: cdk.SecretValue.secretsManager('my-github-token')
+  }),
   buildSpec: codebuild.BuildSpec.fromObject({ // Alternatively add a `amplify.yml` to the repo
     version: '1.0',
     frontend: {
@@ -53,6 +56,20 @@ const amplifyApp = new amplify.App(this, 'MyApp', {
 });
 ```
 
+To connect your `App` to CodeCommit, use the `CodeCommitSourceCodeProvider`:
+```ts
+const repository = new codecommit.Repository(this, 'Repo', {
+  repositoryName: 'my-repo'
+});
+
+const amplifyApp = new amplify.App(this, 'App', {
+  sourceCodeProvider: new amplify.CodeCommitSourceCodeProvider({ repository })
+});
+```
+
+The IAM role associated with the `App` will automatically be granted the permission
+to pull the CodeCommit repository.
+
 Add branches:
 ```ts
 const master = amplifyApp.addBranch('master'); // `id` will be used as repo branch name

packages/@aws-cdk/aws-amplify/lib/app.ts

@@ -20,27 +20,69 @@ export interface IApp extends IResource {
 }
 
 /**
- * Properties for an App
+ * Configuration for the source code provider
  */
-export interface AppProps {
+export interface SourceCodeProviderConfig {
+  /**
+   * The repository for the application. Must use the `HTTPS` protocol.
+   *
+   * @example https://github.com/aws/aws-cdk
+   */
+  readonly repository: string;
+
+  /**
+   * OAuth token for 3rd party source control system for an Amplify App, used
+   * to create webhook and read-only deploy key. OAuth token is not stored.
+   *
+   * Either `accessToken` or `oauthToken` must be specified if `repository`
+   * is sepcified.
+   *
+   * @default - do not use a token
+   */
+  readonly oauthToken?: SecretValue;
+
   /**
    * Personal Access token for 3rd party source control system for an Amplify
    * App, used to create webhook and read-only deploy key. Token is not stored.
    *
    * Either `accessToken` or `oauthToken` must be specified if `repository`
    * is sepcified.
    *
-   * @default - use OAuth token
+   * @default - do not use a token
    */
   readonly accessToken?: SecretValue;
+}
+
+/**
+ * A source code provider
+ */
+export interface ISourceCodeProvider {
+  /**
+   * Binds the source code provider to an app
+   *
+   * @param app The app [disable-awslint:ref-via-interface]
+   */
+  bind(app: App): SourceCodeProviderConfig;
+}
 
+/**
+ * Properties for an App
+ */
+export interface AppProps {
   /**
    * The name for the application
    *
    * @default - a CDK generated name
    */
   readonly appName?: string;
 
+  /**
+   * The source code provider for this application
+   *
+   * @default - not connected to a source code provider
+   */
+  readonly sourceCodeProvider?: ISourceCodeProvider;
+
   /**
    * The auto branch creation configuration. Use this to automatically create
    * branches that match a certain pattern.
@@ -92,31 +134,12 @@ export interface AppProps {
   readonly environmentVariables?: { [name: string]: string };
 
   /**
-   * The IAM service role to associate with the application
+   * The IAM service role to associate with the application. The App
+   * implements IGrantable.
    *
    * @default - a new role is created
    */
   readonly role?: iam.IRole;
-
-  /**
-   * OAuth token for 3rd party source control system for an Amplify App, used
-   * to create webhook and read-only deploy key. OAuth token is not stored.
-   *
-   * Either `accessToken` or `oauthToken` must be specified if `repository`
-   * is sepcified.
-   *
-   * @default - use access token
-   */
-  readonly oauthToken?: SecretValue;
-
-  /**
-   * The repository for the application. Must use the `HTTPS` protocol.
-   *
-   * @example https://github.com/aws/aws-cdk
-   *
-   * @default - not connected to a repository
-   */
-  readonly repository?: string;
 }
 
 /**
@@ -168,14 +191,6 @@ export class App extends Resource implements IApp, iam.IGrantable {
   constructor(scope: Construct, id: string, props: AppProps) {
     super(scope, id);
 
-    if (props.repository && !props.accessToken && !props.oauthToken) {
-      throw new Error('Either `accessToken` or `oauthToken` must be specified');
-    }
-
-    if (props.repository && !props.repository.startsWith('https://')) {
-      throw new Error('`repository` must use the HTTPS protocol');
-    }
-
     this.customRules = props.customRules || [];
     this.environmentVariables = props.environmentVariables || {};
     this.autoBranchEnvironmentVariables = props.autoBranchCreation && props.autoBranchCreation.environmentVariables || {};
@@ -185,8 +200,10 @@ export class App extends Resource implements IApp, iam.IGrantable {
     });
     this.grantPrincipal = role;
 
+    const sourceCodeProviderOptions = props.sourceCodeProvider?.bind(this);
+
     const app = new CfnApp(this, 'Resource', {
-      accessToken: props.accessToken && props.accessToken.toString(),
+      accessToken: sourceCodeProviderOptions?.accessToken?.toString(),
       autoBranchCreationConfig: props.autoBranchCreation && {
         autoBranchCreationPatterns: props.autoBranchCreation.patterns,
         basicAuthConfig: props.autoBranchCreation.basicAuth && props.autoBranchCreation.basicAuth.bind(this, 'BranchBasicAuth'),
@@ -205,8 +222,8 @@ export class App extends Resource implements IApp, iam.IGrantable {
       environmentVariables: Lazy.anyValue({ produce: () => renderEnvironmentVariables(this.environmentVariables) }, { omitEmptyArray: true }),
       iamServiceRole: role.roleArn,
       name: props.appName || this.node.id,
-      oauthToken: props.oauthToken && props.oauthToken.toString(),
-      repository: props.repository,
+      oauthToken: sourceCodeProviderOptions?.oauthToken?.toString(),
+      repository: sourceCodeProviderOptions?.repository,
     });
 
     this.appId = app.attrAppId;

packages/@aws-cdk/aws-amplify/lib/index.ts

@@ -2,6 +2,7 @@ export * from './app';
 export * from './branch';
 export * from './domain';
 export * from './basic-auth';
+export * from './source-code-providers';
 
 // AWS::Amplify CloudFormation Resources:
 export * from './amplify.generated';

packages/@aws-cdk/aws-amplify/lib/source-code-providers.ts

@@ -0,0 +1,62 @@
+import * as codecommit from '@aws-cdk/aws-codecommit';
+import { SecretValue } from '@aws-cdk/core';
+import { App, ISourceCodeProvider, SourceCodeProviderConfig } from './app';
+
+/**
+ * Properties for a GitHub source code provider
+ */
+export interface GitHubSourceCodeProviderProps {
+  /**
+   * The user or organization owning the repository
+   */
+  readonly owner: string;
+
+  /**
+   * The name of the repository
+   */
+  readonly repository: string;
+
+  /**
+   * A personal access token with the `repo` scope
+   */
+  readonly oauthToken: SecretValue;
+}
+
+/**
+ * GitHub source code provider
+ */
+export class GitHubSourceCodeProvider implements ISourceCodeProvider {
+  constructor(private readonly props: GitHubSourceCodeProviderProps) {}
+
+  public bind(_app: App): SourceCodeProviderConfig {
+    return {
+      repository: `https://github.com/${this.props.owner}/${this.props.repository}`,
+      oauthToken: this.props.oauthToken
+    };
+  }
+}
+
+/**
+ * Properties for a CodeCommit source code provider
+ */
+export interface CodeCommitSourceCodeProviderProps {
+  /**
+   * The CodeCommit repository
+   */
+  readonly repository: codecommit.IRepository;
+}
+
+/**
+ * CodeCommit source code provider
+ */
+export class CodeCommitSourceCodeProvider implements ISourceCodeProvider {
+  constructor(private readonly props: CodeCommitSourceCodeProviderProps) {}
+
+  public bind(app: App): SourceCodeProviderConfig {
+    this.props.repository.grantPull(app);
+
+    return {
+      repository: this.props.repository.repositoryCloneUrlHttp
+    };
+  }
+}

packages/@aws-cdk/aws-amplify/package.json

@@ -91,6 +91,7 @@
     "@aws-cdk/aws-iam": "0.0.0",
     "@aws-cdk/aws-kms": "0.0.0",
     "@aws-cdk/aws-codebuild": "0.0.0",
+    "@aws-cdk/aws-codecommit": "0.0.0",
     "@aws-cdk/aws-secretsmanager": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "constructs": "^2.0.0"
@@ -99,6 +100,7 @@
     "@aws-cdk/aws-iam": "0.0.0",
     "@aws-cdk/aws-kms": "0.0.0",
     "@aws-cdk/aws-codebuild": "0.0.0",
+    "@aws-cdk/aws-codecommit": "0.0.0",
     "@aws-cdk/aws-secretsmanager": "0.0.0",
     "@aws-cdk/core": "0.0.0",
     "constructs": "^2.0.0"