aws-blocks
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseAWS Blocks Application Development
AWS Blocks 应用开发
Package naming: All packages are published under thescope (e.g.,@aws-blocks,@aws-blocks/core,@aws-blocks/blocks).@aws-blocks/bb-kv-store
包命名规则: 所有包均发布在作用域下(例如@aws-blocks、@aws-blocks/core、@aws-blocks/blocks)。@aws-blocks/bb-kv-store
Overview
概述
AWS Blocks is an Infrastructure-from-Code framework where Building Blocks bundle CDK, SDK, and local mocks into a single API. It provides 18+ Building Blocks covering storage, authentication, real-time communication, background jobs, file management, AI/search, email, and observability — all working locally without AWS credentials.
Key characteristics:
- One directory defines the entire backend
aws-blocks/ - Frontend imports are fully typed — no client generation needed
- All Building Blocks work locally without AWS (mocks persist to )
.bb-data/ - Deploy ephemeral, individual testing environments with and long-lived environments with
npm run sandboxusing least-privilege credentialsnpm run deploy
AWS Blocks是一种基础设施即代码(Infrastructure-from-Code)框架,其中构建模块将CDK、SDK和本地模拟工具整合为单一API。它提供了18余种构建模块,涵盖存储、身份验证、实时通信、后台任务、文件管理、AI/搜索、邮件和可观测性等功能——所有模块无需AWS凭证即可在本地运行。
核心特性:
- 单个目录定义整个后端
aws-blocks/ - 前端导入具备完整类型支持——无需生成客户端代码
- 所有构建模块无需AWS即可在本地运行(模拟数据持久化到目录)
.bb-data/ - 使用最小权限凭证,通过部署临时独立测试环境,通过
npm run sandbox部署长期运行环境npm run deploy
Scaffolding a New Project
搭建新项目
bash
npx @aws-blocks/create-blocks-app my-app
cd my-appbash
npx @aws-blocks/create-blocks-app my-app
cd my-appTo add AWS Blocks to an existing project:
向现有项目添加AWS Blocks:
bash
npx @aws-blocks/create-blocks-app .This detects the existing project and adds an workspace alongside your code.
aws-blocks/bash
npx @aws-blocks/create-blocks-app .该命令会检测现有项目,并在代码旁添加工作区。
aws-blocks/To add AWS Blocks to an Amplify Gen 2 project:
向Amplify Gen 2项目添加AWS Blocks:
bash
npx @aws-blocks/create-blocks-app .When the CLI detects , it automatically integrates AWS Blocks with your Amplify backend.
amplify/backend.tsbash
npx @aws-blocks/create-blocks-app .当CLI检测到时,会自动将AWS Blocks与你的Amplify后端集成。
amplify/backend.tsWith a specific template:
使用特定模板:
bash
npx @aws-blocks/create-blocks-app my-app --template demo
cd my-appbash
npx @aws-blocks/create-blocks-app my-app --template demo
cd my-appAvailable Templates
可用模板
| Template | Description |
|---|---|
| Vite + lit-html starter app with basic authentication, data persistence, and realtime to help demonstrate basic app architecture and patterns (used when --template is omitted) |
| Vite + lit-html starter with a single "hello world" API method and a bare frontend |
| React + Vite starter with a single API endpoint and typed React frontend |
| Backend-only — no frontend, just the AWS Blocks API with a single endpoint |
| Todo app with AuthBasic, KVStore, DistributedTable, Zod schemas, indexes, and auth-protected CRUD |
| Full AuthCognito passwordless email-OTP with roles, device management, and Authenticator UI |
| Next.js + React starter with AWS Blocks backend integration (SSR + Server Components) |
| 模板 | 描述 |
|---|---|
| Vite + lit-html入门应用,包含基础身份验证、数据持久化和实时功能,用于演示基础应用架构和模式(省略--template参数时使用) |
| Vite + lit-html入门应用,仅包含一个“hello world”API方法和极简前端 |
| React + Vite入门应用,包含一个API端点和类型化React前端 |
| 仅后端——无前端,仅包含带有单个端点的AWS Blocks API |
| 待办事项应用,集成AuthBasic、KVStore、DistributedTable、Zod模式、索引和受身份验证保护的CRUD操作 |
| 完整的AuthCognito无密码邮件OTP功能,包含角色、设备管理和认证器UI |
| Next.js + React入门应用,集成AWS Blocks后端(SSR + 服务端组件) |
Development Workflow
开发工作流
After scaffolding, refer to node_modules/@aws-blocks/blocks/README.md for the complete development workflow including:
- Core concepts (Architecture, Building Block selection)
- Project structure and Scope organization
- Error handling patterns
- Schema validation
- Local development
- Best practices and common mistakes
- Deployment IAM role setup and security guidance
When implementing a specific Building Block, read its package README for the detailed API reference (e.g., ). These are the authoritative docs for your installed version.
node_modules/@aws-blocks/bb-kv-store/README.md搭建项目后,请参考node_modules/@aws-blocks/blocks/README.md获取完整开发工作流,包括:
- 核心概念(架构、构建模块选择)
- 项目结构和作用域组织
- 错误处理模式
- 模式验证
- 本地开发
- 最佳实践和常见错误
- 部署IAM角色设置和安全指南
当实现特定构建模块时,请阅读其包的README以获取详细API参考(例如)。这些是对应已安装版本的权威文档。
node_modules/@aws-blocks/bb-kv-store/README.mdSecurity Considerations
安全注意事项
- Use in every method that shouldn't be public — ApiNamespace methods are unauthenticated by default
await auth.requireAuth(context) - Use for API keys and credentials — never hardcode or use
new AppSetting(scope, id, { secret: true })files.env - Always attach a schema to KVStore/AppSetting that accepts user data — the RPC layer validates structure but not business logic
- Do not add broad IAM policies — each Building Block already grants least-privilege scoped to its own resources
* - Never change on FileBucket — serve public files through CloudFront instead
blockPublicAccess - Configure explicitly for production — avoid wildcards
CORS_ALLOWED_ORIGINS - For cross-domain deployments, pass to auth constructors (enables
crossDomain: true)SameSite=None; Secure; Partitioned - Enable on Hosting for production alerts
monitoring: { enabled: true, snsTopicArn: '...' } - Add WAF and API Gateway throttling via CDK for public-facing apps — not included by default
- Logger provides serialization safety (circular refs, type coercion) but does NOT redact sensitive content — never pass raw credentials, tokens, or secrets to Logger methods; sanitize context objects before logging
- 在所有不应公开的方法中使用——ApiNamespace方法默认未认证
await auth.requireAuth(context) - 使用存储API密钥和凭证——切勿硬编码或使用
new AppSetting(scope, id, { secret: true })文件.env - 始终为接收用户数据的KVStore/AppSetting附加模式——RPC层仅验证结构,不验证业务逻辑
- 不要添加宽泛的IAM策略——每个构建模块已授予仅限于自身资源的最小权限
* - 切勿修改FileBucket的设置——应通过CloudFront提供公共文件
blockPublicAccess - 生产环境中显式配置——避免使用通配符
CORS_ALLOWED_ORIGINS - 对于跨域部署,向auth构造函数传递(启用
crossDomain: true)SameSite=None; Secure; Partitioned - 为生产环境的Hosting启用以接收告警
monitoring: { enabled: true, snsTopicArn: '...' } - 面向公众的应用通过CDK添加WAF和API网关限流——默认不包含这些功能
- Logger提供序列化安全(循环引用、类型转换)但不会脱敏敏感内容——切勿将原始凭证、令牌或机密传递给Logger方法;记录前请清理上下文对象