Scaffolder AWS CLI actions adds AWS building blocks to Backstage templates. It lets your templates talk to S3, ECR, and Secrets Manager during a scaffolding run. So a new service can set up a container registry, create a secret, or upload starter files to a bucket as part of the same guided flow your team already uses.
The plugin exposes simple actions that fit the common bootstrap steps teams repeat. Need to create an ECR repository with the settings you expect. Call an action in the template and move on. Need to store a token or password before the first deploy. Create a secret in Secrets Manager from the form input. Need to push generated files or static assets. Copy them to S3 from the workspace. Each step runs inside the scaffolder task so engineers do not switch tools or paste commands.
This helps platform teams standardize the first mile of a service. You can keep guardrails in one place. You can make new projects production ready faster with fewer manual steps. If your Backstage is self hosted and your stack runs on AWS, these actions give you a clean path to wire cloud tasks into software templates. It stays high level by design, so you add only the actions you need and keep your templates readable.
Installation Instructions
These instructions apply to self-hosted Backstage only.
Install the backend actions package
cd packages/backend
yarn add @roadiehq/scaffolder-backend-module-aws
If your app code lives in a monorepo that contains the code for plugin scaffolder backend, update your build to transpile files from node modules as well.
Classic backend register the actions
Add the actions to your scaffolder backend. Edit packages backend src plugins scaffolder ts.
// packages/backend/src/plugins/scaffolder.ts
import { Router } from 'express';
import { PluginEnvironment } from '../types';
import {
createRouter,
createBuiltinActions,
} from '@backstage/plugin-scaffolder-backend';
import {
createAwsS3CpAction,
createEcrAction,
createAwsSecretsManagerCreateAction,
} from '@roadiehq/scaffolder-backend-module-aws';
export default async function createPlugin(
env: PluginEnvironment,
): Promise<Router> {
const { logger, config, database, reader } = env;
const actions = [
createAwsS3CpAction(),
createEcrAction(),
createAwsSecretsManagerCreateAction(),
...createBuiltinActions({
containerRunner: env.containerRunner,
integrations: env.integrations,
config,
catalogClient: env.catalogClient,
reader,
}),
];
return await createRouter({
containerRunner: env.containerRunner,
logger,
config,
database,
catalogClient: env.catalogClient,
reader,
actions,
});
}
Optional AWS credentials for S3 copy action
If you need to override the default AWS credentials for the S3 copy action, pass a credential provider.
// packages/backend/src/plugins/scaffolder.ts
import { fromIni } from '@aws-sdk/credential-provider';
import { createAwsS3CpAction } from '@roadiehq/scaffolder-backend-module-aws';
const actions = [
createAwsS3CpAction({
credentials: fromIni({ profile: 'dev' }),
}),
// other actions here
];
New backend register the actions
Create a small backend module that wires these actions into the scaffolder plugin. Add a file at packages backend src modules scaffolderAwsModule ts.
// packages/backend/src/modules/scaffolderAwsModule.ts
import { createBackendModule, coreServices } from '@backstage/backend-plugin-api';
import { scaffolderActionsExtensionPoint } from '@backstage/plugin-scaffolder-node/alpha';
import {
createAwsS3CpAction,
createEcrAction,
createAwsSecretsManagerCreateAction,
} from '@roadiehq/scaffolder-backend-module-aws';
export const scaffolderAwsModule = createBackendModule({
pluginId: 'scaffolder',
moduleId: 'aws-actions',
register(env) {
env.registerInit({
deps: {
scaffolder: scaffolderActionsExtensionPoint,
logger: coreServices.logger,
},
init({ scaffolder, logger }) {
logger.info('Registering Roadie AWS scaffolder actions');
scaffolder.addActions(
createAwsS3CpAction(),
createEcrAction(),
createAwsSecretsManagerCreateAction(),
);
},
});
},
});
Add the module to your backend bootstrap. Edit packages backend src index ts.
// packages/backend/src/index.ts
import { createBackend } from '@backstage/backend-defaults';
import { scaffolderAwsModule } from './modules/scaffolderAwsModule';
const backend = createBackend();
// your existing plugins here
// backend.add(somePlugin());
backend.add(scaffolderAwsModule());
backend.start();
If you need custom credentials for the S3 copy action in the new backend, pass the provider the same way shown above when creating the action.
Add templates that use the actions
Create one or more templates in your repo that call these actions. Place them in a folder that your catalog reads.
S3 copy template
# templates/upload-to-s3.yaml
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
name: upload-to-s3
title: Upload
description: Uploads the workspace context to the given S3 bucket
spec:
owner: roadie
type: service
parameters:
- title: Upload to S3
properties:
required: ['bucket']
bucket:
title: Bucket
type: string
description: The context will be uploaded into this bucket
steps:
- id: uploadToS3
name: Upload to S3
action: roadiehq:aws:s3:cp
input:
region: eu-west-1
bucket: ${{ parameters.bucket }}
ECR create template
# templates/create-ecr.yaml
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
name: create-ecr-repo-template
title: Create ECR Repository
description: Create ECR repository using scaffolder custom action
spec:
owner: roadie
type: service
parameters:
- title: Add Repository Details
required:
- RepoName
- Region
properties:
RepoName:
title: ECR Repository Name
type: string
description: The ECR repository Name
ui:autofocus: true
Region:
title: aws region
type: string
description: region for aws ECR
default: 'us-east-1'
ImageMutability:
title: Enable Image Mutability
description: set image mutability to true or false
type: boolean
default: false
ScanOnPush:
title: Enable Image Scanning
description: The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
type: boolean
default: false
Tags:
type: array
items:
type: object
description: Repository tags
title: tag
properties:
Key:
type: string
title: Key
Value:
type: string
title: Value
steps:
- id: create-ecr
name: Create ECR Rrepository
action: roadiehq:aws:ecr:create
input:
repoName: ${{ parameters.RepoName }}
tags: ${{ parameters.Tags }}
imageMutability: ${{ parameters.ImageMutability }}
scanOnPush: ${{ parameters.ScanOnPush }}
region: ${{ parameters.Region }}
Secrets Manager create template
# templates/create-secret.yaml
apiVersion: scaffolder.backstage.io/v1beta3
kind: Template
metadata:
name: create-secret-repo-template
title: Create Secret
description: Create secret in Secrets Manager using scaffolder custom action
spec:
owner: roadie
type: service
parameters:
- title: Add Secret Details
required:
- Name
- Region
properties:
Name:
title: Secret name
type: string
description: name of the secret to be created
ui:autofocus: true
Description:
title: Description
type: string
description: description of the secret
Value:
title: Value
description: secret string value
type: string
Tags:
type: array
items:
type: object
description: Secret tags
title: tag
properties:
Key:
type: string
title: Key
Value:
type: string
title: Value
Profile:
title: AWS profile
description: AWS profile
type: string
default: 'default'
Region:
title: AWS region
type: string
description: region for aws secrets manager
default: 'us-east-1'
steps:
- id: createSecret
name: create secret - prod
action: roadiehq:aws:secrets-manager:create
input:
name: ${{ parameters.Name }}
description: ${{ parameters.Description }}
value: ${{ parameters.Value }}
tags: ${{ parameters.Tags }}
profile: ${{ parameters.Profile }}
region: ${{ parameters.Region }}
Make the templates visible in the Scaffolder
Add a catalog locations entry that picks up your template files. Edit app config. Adjust the target path to match your repo layout.
# app-config.yaml
catalog:
locations:
- type: file
target: ./templates/*.yaml
rules:
- allow: [Template]
Place the template files in a templates folder at the repo root so the file location matches the target. If you keep templates in another repo or path, update the target accordingly.
Changelog
This changelog is produced from commits made to the Scaffolder AWS CLI actions plugin since a year ago, and based on the code located here. It may not contain information about all commits. Releases and version bumps are intentionally omitted. This changelog is generated by AI.
Breaking changes
- Remove dependency on Scaffolder backend. It no longer pulls Scaffolder backend into your app. Install or pin it yourself if your setup needs it. #1730 10 months ago
Maintenance
- Match plugin id in package metadata with the module id. This avoids future lint errors and warnings. #2042 3 weeks ago
- Upgrade to Backstage 1.40. Keeps the actions compatible with newer Backstage apps. #1952 2 months ago
- Remove unused dependencies. Smaller install with fewer transitive issues. #1847 7 months ago
- Revert a previous dependency bump. Restore prior versions for stability. #1825 7 months ago
- Update Backstage related packages using the Backstage CLI versions bump tool. #1821 7 months ago
- Update Scaffolder packages. Keeps the actions current with Scaffolder changes. #1794 8 months ago
- Update Backstage package versions to resolve Scaffolder compatibility. #1728 10 months ago
- Automated dependency updates. #1684 11 months ago
Set up Backstage in minutes with Roadie
Focus on using Backstage, rather than building and maintaining it.