By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS amplify update auth attempts to create a new auth instead of updating an existing one ( amplify cli version 12.10.1)

0

I recently updated to 12.10.1 (probably from 12.10 but possible from 12.9.0, not sure)

And now my amplify push failed with some errors about analytics and pinpoint although I didn't touch them since last successful build and they are not mentioned in updated resources amplify output on amplify push

But that's aside I don't understand why could amplify update auth start to ignore an existing auth resource and try to create a new one?

Here are some of my attempt interaction logs:

 amplify update auth
Please note that certain attributes may not be overwritten if you choose to use defaults settings.

You have configured resources that might depend on this Cognito resource.  Updating this Cognito resource could have unintended side effects.

Using service: Cognito, provided by: awscloudformation
 
 The current configured provider is Amazon Cognito. 
 
 Do you want to use the default authentication and security configuration? Manual configuration
 What do you want to do? Walkthrough all the auth configurations
 Select the authentication/authorization services that you want to use: User Sign-Up, Sign-In, connected with AWS IAM controls (Enables per-user Storage features for images or other content, Analytics, and more)
 Provide a friendly name for your resource that will be used to label this category in the project: xxxx
 Enter a name for your identity pool. xxxx
 Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM) No
 Do you want to enable 3rd party authentication providers in your identity pool? No
 Provide a name for your user pool: xxxx
 Warning: you will not be able to edit these selections. 
 How do you want users to be able to sign in? Email
 Do you want to add User Pool Groups? No
 Do you want to add an admin queries API? No
 Multifactor authentication (MFA) user login options: OFF
 Email based user registration/forgot password: Enabled (Requires per-user email entry at registration)
 Specify an email verification subject: Your verification code
 Specify an email verification message: Your verification code is {####}
 Do you want to override the default password policy for this User Pool? No
 Warning: you will not be able to edit these selections. 
 What attributes are required for signing up? Email
 Specify the app's refresh token expiration period (in days): 30
 Do you want to specify the user attributes this app can read and write? Yes
 Specify read attributes: Email
 Specify write attributes: Name, Phone Number, Picture, Profile
 Do you want to enable any of the following capabilities? 
 Do you want to use an OAuth flow? No
? Do you want to configure Lambda Triggers for Cognito? Yes
? Which triggers do you want to enable for Cognito Post Confirmation, Pre Sign-up
? What functionality do you want to use for Post Confirmation 
? What functionality do you want to use for Pre Sign-up 
Error: Data did not validate against the supplied schema. Underlying errors were [
  {
    "keyword": "type",
    "dataPath": ".cognitoConfig.usernameAttributes",
    "schemaPath": "#/definitions/ServiceQuestionsBaseResult/properties/usernameAttributes/type",
    "params": {
      "type": "array"
    },
    "message": "should be array"
  }
]
    at CLIInputSchemaValidator.validateInput (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-cli-core/lib/category-interfaces/category-base-schema-generator.js:121:19)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async AuthInputState.saveCLIInputPayload (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/auth-inputs-manager/auth-input-state.js:79:13)
    at async /snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/handlers/resource-handlers.js:116:9
    at async Object.run (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/commands/auth/update.js:94:40)
    at async Object.executeAmplifyCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:347:5)
    at async executePluginModuleCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:139:5)
    at async executeCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:37:9)
    at async Object.run (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/index.js:121:5)
🛑 There was an error updating the auth resource
✅ Successfully updated resource update locally

✅ Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

 amplify update auth
Please note that certain attributes may not be overwritten if you choose to use defaults settings.

You have configured resources that might depend on this Cognito resource.  Updating this Cognito resource could have unintended side effects.

Using service: Cognito, provided by: awscloudformation
 
 The current configured provider is Amazon Cognito. 
 
 Do you want to use the default authentication and security configuration? Default configuration
 What do you want to do? Walkthrough all the auth configurations
 Select the authentication/authorization services that you want to use: User Sign-Up, Sign-In, connected with AWS IAM controls (Enables per-user Storage features for images or other content, Analytics, and more)
 Provide a friendly name for your resource that will be used to label this category in the project: xxxx
 Enter a name for your identity pool. xxxx
 Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM) No
 Do you want to enable 3rd party authentication providers in your identity pool? No
 Provide a name for your user pool: xxxx
 Warning: you will not be able to edit these selections. 
 How do you want users to be able to sign in? Email
 Do you want to add User Pool Groups? No
 Do you want to add an admin queries API? No
 Multifactor authentication (MFA) user login options: OFF
 Email based user registration/forgot password: Enabled (Requires per-user email entry at registration)
 Specify an email verification subject: Your verification code
 Specify an email verification message: Your verification code is {####}
 Do you want to override the default password policy for this User Pool? No
 Warning: you will not be able to edit these selections. 
 What attributes are required for signing up? Email
 Specify the app's refresh token expiration period (in days): 30
 Do you want to specify the user attributes this app can read and write? No
 Do you want to enable any of the following capabilities? 
 Do you want to use an OAuth flow? No
? Do you want to configure Lambda Triggers for Cognito? Yes
? Which triggers do you want to enable for Cognito Post Confirmation, Pre Sign-up
? What functionality do you want to use for Post Confirmation 
? What functionality do you want to use for Pre Sign-up Create your own module
Error: jsmtext07f0aa1aPreSignup is present in amplify-meta.json
    at AmplifyToolkit.updateamplifyMetaAfterResourceAdd (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/extensions/amplify-helpers/update-amplify-meta.js:131:15)
    at createFunctionResources (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/utils/storeResources.js:47:21)
    at addFunctionResource (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/index.js:88:56)
    at Object.addResource (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/index.js:51:20)
    at add (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-function/lib/index.js:85:31)
    at AmplifyToolkit.invokePluginMethod (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/extensions/amplify-helpers/invoke-plugin-method.js:44:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async AmplifyToolkit.addTrigger (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/extensions/amplify-helpers/trigger-flow.js:59:5)
    at async handleTriggers (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/utils/trigger-flow-auth-helper.js:64:35)
    at async lambdaTriggers (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/utils/synthesize-resources.js:119:32)
    at async getResourceUpdater (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/utils/synthesize-resources.js:57:5)
    at async /snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/handlers/resource-handlers.js:105:5
    at async Object.run (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/commands/auth/update.js:94:40)
    at async Object.executeAmplifyCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:347:5)
    at async executePluginModuleCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:139:5)
    at async executeCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:37:9)
    at async Object.run (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/index.js:121:5)
🛑 There was an error adding the auth resource
  • Arsen
    4 months ago

    It may not be obvious from the logs, but the interactive cli didn't highlight already bound cognito triggers and suggested a new auth resource names and new cognito pool and identity provider names

Topics
Front-End Web & Mobile
Tags
AWS Amplify
Language
English
Arsen
asked 4 months ago249 views
2 Answers
0
Accepted Answer

I finally figured it out, my issue was that I renamed my project folder... Apparently aws amplify relays on hard coded full path saved in generated in amplify/.config/local-env-info.json.

I didn't expect that, so if you rename the folder with the project you need to fix path in this file as well. It is just a coincidence that I recently upgraded the version. So the issue is not related to the cli version 12.10.1.

Arsen
answered 3 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
0

This behavior of amplify update auth trying to create a new auth resource instead of updating the existing one is likely being caused by some mismatch between the local Amplify project configuration and the deployed backend resources.

A few things to check:

  • Make sure you are in the correct Amplify project directory that matches the deployed backend resources you want to update.

  • Run amplify status and verify the auth resource name shown matches what is deployed.

  • If you made changes directly to the Cognito resources in the AWS console, they will not be reflected locally. Pull down the latest using amplify pull.

  • Delete the amplify/backend/auth directory and pull again to get a fresh sync.

  • Check the amplify-meta.json file for any incorrect auth resource names or mismatches from what is deployed.

  • Try amplify push to redeploy the latest local changes first before updating.

Essentially the CLI thinks the local auth resource is different from what's deployed, so tries creating a new one on update. Getting them back in sync by pulling, deleting stale config, and pushing local changes first should resolve it.

Let me know if that helps get amplify update auth working correctly!

AWS
Saad
answered 3 months ago
  • Arsen
    3 months ago

    Hi Saad, thank you for the help it is much appreciated. I thing the title of the question turned out a bit misleading, It seems that amplify-cli sees an existing auth resource otherwise it would have raised an error. I tried to debug a bit, and noticed that amplify update auth suggests me a new cognito user pool and cognito identity pool names because it generated a random sharedid instead of reading it from the meta context. Is that expected? My statement that it attempts to create a new auth is based on the fact that it used to catch things like bound triggers and etc, but since I updated to 12.10.1 it doesn't notice existing bounds and attempts to recreate the triggers.

    amplify status shows the right name of the auth category resource. (although the update auth command each time generated a new name as default value for the resource)

    I can't perform amplify push because again, since I upgraded to 12.10.1 the push fails with some errors regarding deleting pinpoint cognito call or something. (although amplify status on analytic section shows no changes, but that is a separate issue (here are the details https://discord.com/channels/705853757799399426/1195025614097350687))

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content