Questions tagged with AWS Amplify
Content language: English
Sort by most recent
Been working on custom auth challenge the last couple of hours.
Made some minor changes to the lambdas in amplify/backend/function/{create_define_verify_auth} and ran `amplify push` before testing on simulator.
The custom challenge involves a passwordless, phone-number & OTP only signUp and signIn procedure.
Making changes the same way as above worked fine until about 10pm JST, but when I last pushed local changes, the lambdas stopped firing.
No changes to front-end, nothing in simulator debug, nothing in cloudwatch.
The only minor change I made to the lambda was around logging.
What are some approaches I can take to fix this?
Getting the captioned error message onTap signUpButton() within AuthenticatorForm(). Seems like a very straightforward error message, but can't seem to identify what's wrong.
Here is my createAuthChallenge.js
```
const digitGenerator = require('crypto-secure-random-digit');
function sendSMS(phone, code) {
const params = {
Message: code,
PhoneNumber: phone,
};
return new AWS.SNS({apiVersion: '2010-03-31'}).publish(params).promise();
}
async function createAuthChallenge(event) {
if (event.request.challengeName === 'CUSTOM_CHALLENGE') {
const randomDigits = digitGenerator.randomDigits(6).join('');
const challengeCode = String(randomDigits).join('');
await sendSMS(event.request.userAttributes.phone_number, challengeCode);
event.response.privateChallengeParameters = {};
event.response.privateChallengeParameters.answer = challengeCode;
}
}
exports.handler = async (event) => {
createAuthChallenge(event);
};
```
And my package.json for the same
```
{
"name": "XYZ",
"version": "2.0.0",
"description": "Lambda function generated by Amplify",
"main": "index.js",
"license": "Apache-2.0",
"devDependencies": {
"@types/aws-lambda": "^8.10.92"
},
"dependencies": {
"crypto-secure-random-digit": "^1.0.9"
}
}
```
I can't seem to find the right solution for this, can anyone help please?
Is there a safety reason as to why Amplify Studio is turned off by default?
Assuming it's because of Amplify CLI, but just got curious.
```
Underlying error message: Could not cast incoming configuration to JSONValue, recoverySuggestion: Remove amplify plugins from your pubspec.yaml that you are not using in your app.,
```
What does this error suggest? My guess so far was the custom auth configs that I set up using amplify add auth > manual config, but nothing seems to solve this issue.
Made a mistake on my original manual configuration setup for amplify add auth.
So, decided to amplify auth delete and re-run commands.
However, I noticed that the original functions I set up, physically located in amplify/backend/function were not deleted along with the auth delete command.
Is it safe to go to Lambda dashboard and delete these from the console and pushing/pulling?
Been following up on the following post.
https://aws.amazon.com/blogs/mobile/how-to-create-a-one-time-password-authentication-flow-using-amplify-flutter/
What I am trying to achieve is auth using just the phone number, no password or email.
Article points me in the right direction, but wanted to know if there was already another resource for phone number & SMS otp? If not, two more questions please;
1. I'm assuming what I need to look at is replacing SES with SNS, is that correct?
2. Is there a reason, maybe security related, that email otp is supported, while phone number is not?
I've got an API configured to connect using MTLS using this documentation: https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/
As a human, I can make an API call using my client cert and private key.
As an Amplify site, my client cert needs to be in the API's configured truststore and I need to use my private key to make the API call.
How do I get access to the Amplify/Route53 auto configured certs PEM file and its key? It does not show up in ACM for me and it doesnt appear to be availble through the amplify console. Alternatively, can this be leveraged through the SDK somehow?
Thanks!
I have an application deployed using Amplify Studio with custom domain, cloudfront distribution and a TLS certificate. Everything works well. I do not know why the cloudfront page does not list the distribution. I can see being configured in the hosted zone A record. Any clues?
Thank you.
Hello, ive gone through these AWS docs regarding securing API gatways using MTLS which have you create your own CA, cert, key, etc, sign it and then create the PEM that is used alongside the truststore for MTLS - https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/
That all works great... between my development laptop and my api gateway... Now im trying to get Amplify involved in the scenario.
I've read elsewhere in the AWS docs on a deep hunt one night Amplify is a service that MTLS can be used with. The end goal is to protect a critical API that absolutely cannot withstand abuse. MTLS seems like a good way to do this.
How excatly do I go about replicating the development machine steps that worked to lock down the gateway with Amplify instead of just my local machine?
Is the path through using this pem/key I created with my Amplify sites code(this is self signed isnt it?) or do I need to gather the Amplify sites truststore/key and use that? Not really clear on how to proceed. Thanks!
We are moving our application from Next11 to Next13 and deploying to Amplify. Before this we were using a customized cloudfront and Serverless to take care of all our redirects as we need some path to go to different application behind an ALB. We want to keep that behavior with Amplify Next13 application seems fine but the redirects just show:
```
502 ERROR
The request could not be satisfied.
CloudFront wasn't able to connect to the origin. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
```
We cannot find a way to customize that Cloudfront distribution as amplify is deploying a managed one that we are not able to access through our console or cli to edit.
Is there a way to modify the behaviors for the rewrites and redirects or at least to be able to use a custom Cloudfront distribution for our amplify deployment so we can change the cache policy on the behaviors to make the redirect work as with our previous environment?
Hi everyone,
I'm trying to deploy in amplify and I got this error.
> **CloudFormation::Stack Template error: instance of Fn::GetAtt references undefined resource LambdaExecutionRole**
I tried to redeploy the last working version, but still, I encounter the same error. Here is the code for the outputs of my CloudFormation template.
```
"Outputs": {
"Name": {
"Value": {
"Ref": "LambdaFunction"
}
},
"Arn": {
"Value": {"Fn::GetAtt": ["LambdaFunction", "Arn"]}
},
"Region": {
"Value": {
"Ref": "AWS::Region"
}
},
"LambdaExecutionRole": {
"Value": "arn:aws:iam::xxxxxxxx:role/xxx"
}
}
```
I appreciate in advance if anyone could help me with this matter.
Hello,
customer is building an app that uses Cognito User Pools federated with on-prem Central Authentication Service (CAS) via SAML. This provides JWT tokens.
With this token they are calling GraphQL API from AppSync implemented via Amplify with DynamoDB. They are using "aws-amplify" library for this.
There are no errors when the call is a query or mutations. For example:
API.graphql(graphqlOperation(<some query here>, {}, <token>)).then(
(res) => (....)
But there is an exception if the call is of type "subscribe", example:
API.graphql(graphqlOperation(<some subscription name here>, {}, <token>)).subscribe({
next: (data) => (....)
message: "Connection failed: UnauthorizedException"
I can provide more details or arrange a customer call if anyone is eager to help out with this issue.
asked 9 days ago