Skip to main content
  • An Enkryptify workspace with admin access
  • An AWS account with permissions to create IAM roles and policies
  • An AWS Amplify app
Enkryptify connects to your AWS account by assuming an IAM Role that you create. We use temporary credentials from sts:AssumeRole to manage secrets in AWS Secrets Manager.
  • Trust relationship:
    • Trusted entity: AWS Account 676206939822 (Enkryptify)
    • External ID: not required (will be added in a future update)
  • Required permissions on the assumed role (inline policy example below):
    • amplify:UpdateApp
    • amplify:UpdateBranch
    • amplify:GetApp
    • amplify:GetBranch
    • amplify:ListApps
    • amplify:ListBranches
You may scope the Resource to specific secret ARNs. The example uses * for simplicity.

Steps to complete

1

Create a new sync

  • Go to the Syncs tab of your project and click on AWS Amplify.
2

Start IAM role creation (trust setup)

  • In AWS IAM → RolesCreate role.
  • Trusted entity type: AWS AccountAnother AWS Account.
  • Enter Account ID 676206939822.
  • External ID: not required (will be added in a future update). Start IAM role creation (trust setup)
3

Finish role creation

  • Skip the ‘Add permissions’ step.
  • Provide a role name and finish creation.
4

Attach Amplify permissions

  • On the role page, go to PermissionsAdd permissionsCreate inline policyJSON, then paste:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowAmplifyAccess",
      "Effect": "Allow",
      "Action": [
        "amplify:UpdateApp",
        "amplify:UpdateBranch",
        "amplify:GetApp",
        "amplify:GetBranch",
        "amplify:ListApps",
        "amplify:ListBranches"
      ],
      "Resource": "*"
    }
  ]
}
Attach Secrets Manager permissionsPolicy editor
5

Copy the Role ARN

  • From the role’s Summary, copy the Role ARN. Copy the Role ARN
6

Authenticate in Enkryptify

  • Paste the Role ARN into Enkryptify to complete authentication.
  • Select the AWS region you want to sync secrets to.
7

Connect to an Amplify app

  • Select the Amplify app you want to sync.
8

Map Enkryptify environment to Amplify branch

  • Example: mainproduction or developstaging.
  • Or choose ‘All branches’ for app-level variables.