export const meta = {
  title: `Override Amplify-generated S3 and DynamoDB resources`,
  description:
    'The "amplify override storage" command generates a developer-configurable "overrides" TypeScript file which provides Amplify-generated S3 and DynamoDB resources as CDK constructs. For example, developers can run the “amplify override storage” command to enable Transfer Acceleration for Amplify-generated S3 buckets.'
};

```bash
amplify override storage
```

Run the command above to override Amplify-generated storage resources including the S3 bucket, DynamoDB tables, and more.

The command creates a new `overrides.ts` file under `amplify/backend/storage/<resource-name>/` which provides you the Amplify-generated resources as [CDK constructs](https://docs.aws.amazon.com/cdk/latest/guide/home.html).

## Customize Amplify-generated S3 resources

Apply all the overrides in the `override(...)` function. For example to enable versioning on your S3 bucket:

```ts
import { AmplifyS3ResourceTemplate } from '@aws-amplify/cli-extensibility-helper';

export function override(resources: AmplifyS3ResourceTemplate) {
  resources.s3Bucket.versioningConfiguration = {
    status: 'Enabled'
  };
}
```

You can override the following S3-related resources that Amplify generates:

| Amplify-generated resource | Description |
| --- | --- |
| [s3Bucket](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html) | The S3 bucket that Amplify generates for file storage upon `amplify add storage` |
| [s3AuthPublicPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) | The IAM policy for authenticated users' write access to `public/*` prefix |
| [s3AuthProtectedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) | The IAM policy for authenticated users' write access to `protected/*` prefix |
| [s3AuthPrivatePolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) | The IAM policy for authenticated users' write access to `private/*` prefix |
| [s3AuthUploadPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) | The IAM policy for authenticated users' write access to `uploads/*` prefix |
| [s3AuthReadPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) | The IAM policy for authenticated users' read access |
| [s3GuestPublicPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) | The IAM policy for guest users' write access to `public/*` prefix |
| [s3GuestUploadPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) | The IAM policy for guest users' write access to `uploads/*` prefix |
| [s3GuestReadPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html) | The IAM policy for guest users' read access |

<br />

For example, you can use `amplify override storage` to add additional PUT and GET access IAM policy statements to the S3 bucket's default public Auth policy:

```ts
import { AmplifyS3ResourceTemplate } from '@aws-amplify/cli-extensibility-helper';

export function override(resources: AmplifyS3ResourceTemplate) {
  resources.s3AuthPublicPolicy.policyDocument.Statement =  [
    ...resources.s3AuthPublicPolicy.policyDocument.Statement, 
    {
      Effect: "Allow",
      Action: [ "s3:PutObject","s3:PutObjectAcl","s3:GetObject"], 
      Resource: "<ARN of the S3 resource>"
    }
  ]
}

```

Please refer to the [IAM documentation](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html) for more information on actions, resources, and condition keys for Amazon S3.

## Customize Amplify-generated DynamoDB tables

Apply all the overrides in the `override(...)` function. For example to enable time-to-live specification on your DynamoDB table:

```ts
import { AmplifyDDBResourceTemplate } from '@aws-amplify/cli-extensibility-helper';

export function override(resources: AmplifyDDBResourceTemplate) {
  resources.dynamoDBTable.timeToLiveSpecification = {
    attributeName: 'ttl',
    enabled: true
  };
}
```

You can override the following DynamoDB resources that Amplify generates:

| Amplify-generated resource | Description |
| --- | --- |
| [dynamoDBTable](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html) | The DynamoDB table that Amplify creates upon `amplify add storage` |