How to secure front end using aws amplify and node js express server?

Greetings,

I have issues understanding how to secure the front-end deployed on Amplify web application using the Cognito service. and i tried the following: https://docs.amplify.aws/lib/auth/getting-started/q/platform/js/#enable-sign-up-sign-in-and-sign-out

Web application background:

The framework used is SAPUI5 tooling where the web application is built into a distribution folder. SAPUI5 tooling is based on node js application.

Locally the framework runs on express server and if i follow the guide for manual authentication https://docs.amplify.aws/lib/auth/emailpassword/q/platform/js/ it works just fine locally.

Deploying it to amplify it no longer works, and as far as i understood this is because it not supported.

Expected behavior / end-result

What i am expecting is that when you do amplify auth add and provide a user the front end UI portion would be protected no matter the URL used. And a login screen is provided before moving on to the main application

Questions:

1. is amplify auth add only used to secure the back-end API resources? (looks like to be the case) 1-1 If amplify auth is only used for back-end then does this mean the web application itself needs to contain the login flow somehow without a server to prevent access and redirects?