Questions tagged with AWS Amplify

I created a React app that I want to deploy to AWS Amplify. I use automatic deployment through GitHub. The problem is that I get *access denied error* when I visit a specific URL path, other than the root path of the web app. For example, visiting `example.com/some-url` will cause an "AccessDenied" error. It seems that this is a [common issue with Amplify and SPAs](https://docs.aws.amazon.com/amplify/latest/userguide/redirects.html#redirects-for-single-page-web-apps-spa), and people set up redirects to `index.html` like so: ``` </^[^.]+$|\.(?!(css|gif|ico|jpg|js|png|txt|svg|woff|woff2|ttf|map|json|webp)$)([^.]+$)/> ``` However, this is not a solution for me, or at least is not working I want to, since I want users to access specific page paths directly. My `react-router-dom` code which handles the redirects looks something like this: return ( <React.Fragment> <BrowserRouter> <Routes> <Route path="/" element={ <React.Fragment> <Index /> </React.Fragment> } /> <Route path="some-url" element={ <React.Fragment> <SomethingElse/> </React.Fragment> } /> </Routes> </React.Fragment> </BrowserRouter> </Routes> Setting up a redirect to `index.html` as the documentation suggests causes all requests to just land to `index.html` which my React app only renders a blank page. Any help will highly be appreciated.

We have a development branch on amplify that uses the "access control" feature. Our client has requested to change the password so I have updated it and I can confirm the new password works. The issue is that the old password is still active. I was unable to find any answer in the documentation or the forum. I have tried changing the username, removing the restriction and adding it back but the old password remains active.

I am trying to provide multitenancy checks in a VTL that runs as part of a custom subscription. I am using the `@function` and `@aws_subscribe` annotations; the `@function` references an amplify function I added using `amplify add function`, naming it `perfectQueuePortalReceiveOrder` . Here are excerpts from my `schema.graphql`: ``` type ReceiveOrderResponse { brandSlug: String! @aws_iam @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin", "tablet"]) storeNumber: String! @aws_iam @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin", "tablet"]) orderDetails: String! @aws_iam @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin", "tablet"]) } type Mutation { receiveOrder(brandSlug: String!, storeNumber: String!, orderDetails: String!): ReceiveOrderResponse @function(name: "perfectQueuePortalReceiveOrder-${env}") @aws_iam @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin"]) } type Subscription { onReceiveOrder(brandSlug: String!, storeNumber: String!): ReceiveOrderResponse @aws_subscribe(mutations: ["receiveOrder"]) @aws_cognito_user_pools(cognito_groups: ["perfectCoAdmin", "tablet"]) } ``` The issue is that it does not appear that any VTL templates are generated for the Subscription. After issuing `amplify api gql-compile`, I see in the `build/resolvers` directory that VTL resolvers were generated both for the mutation, `Mutation.receiveOrder.res.vtl` as well as the lambda request/response templates: `InvokePerfectQueuePortalReceiveOrderLambdaDataSource.req.vtl` `InvokePerfectQueuePortalReceiveOrderLambdaDataSource.res.vtl`. However, _no_ `Subscription.onReceiveOrder.*` VTL template gets generated at all. My goal is simply to override the VTL template _only for the subscription_, in order to compare custom cognito user attributes against the arguments provided to the subscription, and give an unauthorized error if the arguments do not match the identity claims. But no VTL templates seem to get generated for the subscription; only for the mutation. How can I compare the arguments to a custom Subscription that is `@aws_subscribe`d to a custom Mutation, itself using `@function`, against the cognito-based identity claims provided in the $ctx during VTL processing for _the initiation of the subscription_? What is particularly confusing is that everywhere else I have used the `@aws_cognito_user_pools` and `@aws_iam` tags, the results have appeared in the build/resolvers VTL templates. _But not for subscriptions_. Why not? Strangely, these annotations _do_ seem to be honored, however, I cannot find any VTL code that implements that honoring, as I can with Queries and Mutations. Help?

We are a new startup, creating a freelancers marketplace, pretty similar to Fiverr/Upwork. It's a 2 side marketplace with all its features. We are not sure on which services we should start with (we want to start only with the most basic stuff needed). Can anyone please point us to the right info? Thank you!

Hi, my group has an ElasticSearch domain (created via Amplify) that has been stuck in the "Upgrading" state for about 3 days. I ran the "Pre-Upgrade Check from 6.2 to 6.8" tool and it has never completed. It just says "In progress (33.33%)" It seems like all of the options are disabled until the upgrade is complete so I guess we're stuck for now? Anyone know how to resolve this? * Version: Elasticsearch 6.2 * Service software version: R20211203-P2 * t2.medium.elasticsearch

I am trying to follow the tutorial for Amplify flutter but there appears to be an issue. I'm trying to follow it as closely as possible but I do not see the option for Boolean! on[https://docs.amplify.aws/start/getting-started/generate-model/q/integration/flutter/#generate-the-models-locally]() There is only the option for Boolean. I continued on with the tutorial using Boolean. I get an error A value of type 'bool?' can't be assigned to a variable of type 'bool' because 'bool?' is nullable and 'bool' isn't.* which appears to be related. I tried to change the schema.graphql file to relect the correct isComplete: Boolean! instead of isComplete: Boolean... but not success when running flutter run Not sure what is going on.... Thanks in advance

In my schema.graphql file I have the following model and mutation: ``` type Profile @model @auth(rules: [ { allow: private, operations: [read], provider: userPools }, { allow: owner, provider: userPools } ]) @aws_iam @aws_cognito_user_pools { id: ID! @primaryKey @auth(rules: [ { allow: owner, provider: userPools }, { allow: private, operations: [read], provider: userPools }, { allow: public, operations: [read], provider: iam } ]) name: String! @auth(rules: [ { allow: owner, provider: userPools }, { allow: private, operations: [read], provider: userPools }, { allow: public, operations: [read], provider: iam } ]) about: String links: [Link] @hasMany owner: String @index(name: "byOwner", queryField: "listProfileByOwner", sortKeyFields: ["name"]) } type Mutation { updateProfileLambda(profile: UpdateProfileLambdaInput): Profile @aws_cognito_user_pools @function(name: "UpdateProfile-${env}") } ``` I created the lambda function to perform custom validation before updating. The problem is that any authenticated user can update other user profiles. I thought adding `@aws_cognito_user_pools` would resolve this, but it doesn't. **Question**: What do I need to add to lock down the `updateProfileLambda` function so that it can only be successfully called by the owner of the Profile model? For some more context, I followed this tutorial to create the custom mutation lambda function: https://www.theclouddeveloper.io/use-lambda-resolvers-in-your-graph-ql-api-with-aws-amplify

Does the amplify ui components planning for any updates ? I observe multiple key components are missing like slider, multi select text field, autocomplete text box, calendar. If these components are missing in amplify ui components, how do we use the components from different library like ant/mui to design the page in figma and use it to generate code ? what is the recommendation for developing using amplify ui library in amplify studio with components from other design ? for example in the form of 6 fields, 5 components are from amplify ui components, but 1 will not be from amplify ui components. Now when i use the code generation, that one component code alone is not coming out as proper code, which leads us to go and make change inside the autogenerated code. It will be super helpful if anyone give solve for this ?

1. I have a form with few text fields, I have a button at the bottom. I want to collect all the information from the text field when the user pressed the button. I want to set the onClick handler for button in amplify studio to collect all the information in the text fields and invoke an api. Is it possible to do this ? 2. I have a drop down component in the form, how do I populate the drop down items dynamically in amplify studio ?

When i tried to sync figma file in Amplify studio, it is showing some "Unknown error occurred. Check that your Figma file link is valid." dialog box. In network tab of dev tools it is showing CORS issue. Not sure what is the fix for this ? Can someone help on this ?

After upgrading to the new Amplify GitHub app, build previews stopped working. Using Github private repo in an organization. PR branches do not appear in AWS Amplify Console. It seems that a lot of people are having the same issue: https://github.com/aws-amplify/amplify-hosting/issues/2297 In my case, it happens with apps that have backend as well as frontend. App ARNS: - arn:aws:amplify:eu-west-1:862946620411:apps/d1wf44uh7yqipj - arn:aws:amplify:eu-west-1:862946620411:apps/d2q5pw1xnsetwi I have tired reconnecting repository and updating/reinstalling the GitHub Amplify app, nothing helps. I've verified that GitHub app has all the necessary permissions.

I have an amplify app and an API gateway that is used by the app. API gateway is associated with a lambda function. I can assign domain to them as follows and it works well: * App: mydomain.com * API: api.mydomain.com (note that this is a subdomain of above) But I want to make them same origin, which means I want to assign domain like this: * App: mydomain.com * API: mydomain.com (exactly same as above) How can I achieve this? Thanks in advance.

I have a NextJS application with continuous deploys set up on Amplify. This application requires forwarding the Host header to the origin, so I use the "Amplify" managed cache policy as the Cloudfront's distribution default behaviour. This cache policy is reset to legacy cache settings on each deploy. Is there a way to persist the cache policy between deployments? Or to always forward the Host header to the origin?

I got an email. > Your AWS account 5********* has exceeded 85% of the usage limit for one or more AWS Free Tier-eligible services for the month of June. > Product AWS Free Tier Usage as of 06/02/2022 Usage Limit AWS Free Tier Usage Limit > AWSAmplify 4.74107138 GigaBytes 5 GigaBytes Free tier - storage However, my amplify hosting size is less than 50MB. I don't know where the storage usage came. I found a same question, https://repost.aws/questions/QUWRU08gzgRP6vNwFJPCXJDA/how-to-reduce-aws-amplify-data-storage How can I solve this problem? Thank you

Hello, I am new to AWS, and I am using Amplify to build my application (React + Node). I am trying to make a very simple storage interface for user documents, and I don't want these documents to be accessible by those who do not sign in through the Cognito user pool. However, I do want these documents to be accessible to all users who have signed in through my application. I followed all of the directions specified in [the official documentation page regarding setup](https://docs.amplify.aws/lib/storage/getting-started/q/platform/js/#storage-with-amplify), and didn't configure any special options. I then went into the web interface for my S3 bucket, found the newly created storage bucket, and added a folder called "templates" with a couple sub folders, and then some user document templates. The problems started to occur upon calling the `Storage.list(...)` function within my application. The promise would resolve successfully, but the list would be empty. I understand now that's because my application was attempting to index the S3 bucket through a `public` scope prefix. When I create a folder named public, and add the files in there, everything works nicely. I was under the opinion though that using this public folder would allow my privileged content to be indexed to users who were not credentialed (i.e. guests from outside my application who didn't pass through the Cognito login portal). Is that the case? There are no groups configured from within my Cognito user pool. Right now, calling Amplify storage API functions work, but only in the `public` scope. I had thought what I wanted to do was only allow such functionality within the `private` scope; but I'm beginning to think based on the docs pages regarding user access that what I would be fine using the `public` scope, as it doesn't allow access to internal files by guests, who would not be signed in. This hunch is furthered by information regarding `protected` and `private` scopes being user-specific. Should I delve deeper into the permissions associated with these bucket objects, and configure some sort of user group system and then configure ACLs based on the groups, or would using files within the public scope be fine for my use case? I just don't want users who aren't signed in through Cognito to be able to access files. Thank you for your time, and I hope this question finds you well.

There are some issues with the createDomainAssociation API that is provided by the AWS SDK amplify. I am not able to associate the subdomain to amplify the app using createDomainAssociation API. I Found another API to associate subdomain updateDomainAssociation. For using updateDomainAssociation API, there are concerns that this may negatively affect the already associated subdomains if the request fails. **Question**: If there is an API that we can use to add the subdomain to the amplify app. **Question**: When using updateDomainAssociation, if we add already associated subdomains along with a new subdomain in the updateDomainAssociation API request, does this API re-associate all subdomains, or does this only update/add/remove whatever is there in the request.

I have created a custom domain for appsync api and now I want to disable the default endpoint. Is there any work around to disable it?

Hi I'm currently setting up an Amplify services and I'm worried about spiralling egress costs due to bot traffic and other bad actors. I know I can set up a quota using AWS Budget, but I can't find any information on how to mitigate billing getting out of hand in the first place (before my budget quotas are breached and the Amplify service is put on hold). It seems like AWS Shield standard gives some protection against DDOS, but I can't determine if one needs to add products such as Shield WAF on top of Amplify to ward off all that unwanted traffic in the first place. There's plenty of documentation for Cloudfront on this matter, but there seems to be a gap for Amplify - hoping some kind soul could advise.

I try to log in to Cognito by doing this: `Amplify.Auth.signIn( "prueba", "prueba1234aB", result -> Log.i("AuthQuickstart", result.isSignInComplete() ? "Sign in succeeded" : "Sign in not complete"), error -> Log.e("AuthQuickstart", error.toString()) );` and get this error: **AuthException{message=Sign in failed, cause=com.amazonaws.services.cognitoidentityprovider.model.InvalidLambdaResponseException: Unrecognizable lambda output (Service: AmazonCognitoIdentityProvider; Status Code: 400; Error Code: InvalidLambdaResponseException; Request ID: \[...\]** My goal is to get the user credentials, so I can work with them when it comes to using other AWS services. I tried logging in from the web interface Amazon provides to test users and it did work, so it should not be the user fields' fault. What am I doing wrong exactly? Is it something about the code? Or maybe something about the pre-authentication triggered Lambda? If so, how should I deal with the response I'm returning from that Lambda? Thanks in advance!

Hi, i have users table, user have many posts (post table) and post has many images (Image table). How to get response with 3 nested levels. If in qraphql/queries put images {id, src} i get error this field dont have validation.

Hi, I use amplify auth, Cognito authentication. For signup, I have confirmed SMS code and for signing I have MFA. I got 10 messages in the beginning and everything worked well. I later stopped receiving messages and I sent a request to increase the limit. Limit is increased and was implemented in Europe (Frankfurt) region. Also, account are moved out of the Amazon SNS sandbox. I use Europe (Frankfurt) region. but my Cognito auth still uses SNS sandbox. When I try to move to production redirect me to Ireland region and support center. How to connect my project, Cognito auth with Amazon SNS mode in production?

I have an Amplify Hosting frontend that uses a rewrite redirect (200) to redirect to an S3 bucket. That worked out fine but then I created a CloudFront distribution and since then, the rewrite gives a timeout after 30 seconds serving a 504 error. That is why I disabled and then deleted the CloudFront distribution. However the timeout and 504 error (coming from CloudFront) is still there. Any ideas how to fully remove this CloudFront forwarding or do I have to delete the bucket/frontend?

I have set up a domain in route53(domain.com). I have attached it to my amplify. After this, my requirements are when a user registers on a platform, the users can get their personalized portal URL— something like user1.domain.com and user2.domain.com. All these domains must point to my amplify domain. Is there a way to achieve this without adding subdomains manually? How many subdomains can I attach to the amplify as well?

I created a project yesterday. When it was creating, it ran into an issue. I am now unable to delete it from the UI. A red error bar shows up with this text Delete app d3k3wcfvqsohdn failed with reason: ValidationException - An error occurred while processing your request: null Please could you take a look and let me know how to delete this. Thanks

How can I register as a certifying partner of the programs?

We are trying to create a webapp for project. We chose react as library for building the front end. We came across amplify studio to create UI React code from Figma file. This looks like a game changer and reduces lot of effort for engineers. While evaluating UI libraries Amplify UI library provides less components compared to others ui component libraries. We found ant design and material ui as alternate choice. We found ant design figma file is not working well with amplify studio. Can some one provide guidance on which ui component figma file is compatible with amplify studio to generate the react code ?

Hello AWSome folks! I am trying to do the "Build a serverless web application" workshop and I'm on the User Management part. I am on to initialize Amplify CLI by executing the command "`amplify init`" and it is supposed to initialize the project but I am getting this error: `RangeError: Array buffer allocation failed at new ArrayBuffer (<anonymous>) at new Uint8Array (<anonymous>) at new FastBuffer (node:internal/buffer:959:5) at createUnsafeBuffer (node:internal/buffer:1062:12) at allocate (node:buffer:410:10) at Function.allocUnsafe (node:buffer:375:10) at Function.concat (node:buffer:553:25) at Extract.<anonymous> (/home/ec2- user/.nvm/versions/node/v16.15.0/lib/node_modules/@aws-amplify/cli/lib/binary.js:127:37) at Extract.emit (node:events:539:35) at finishMaybe (/home/ec2-user/.nvm/versions/node/v16.15.0/lib/node_modules/@aws-amplify/cli/node_modules/readable-stream/lib/_stream_writable.js:624:14)` What could be causing this?

I am export a NextJS static web and host it by CloudFormation distribution. However, I always need to type cloudformation-domain.net/index.html. I want to access **without index.html ** ``` https://www.cloudformation-domain-net/ ``` When I host the NextJS with Amplify, it also use CloudFront and working without the "index.html"

For cognito user - Using Amplify I was able to login using ``` await Auth.signIn(this.email, this.password); ``` And logout using: ``` Auth.signOut(); ``` For federated user - Using Amplify I was able to login using ``` await Auth.federatedSignIn({ customProvider: 'customProviderName' }); ``` But logout doesnt support using: ``` Auth.signOut(); ``` How can I signout federated user, so that when I try to login again, it ask my permission to login ?

When I try to run amplify configure --appId d10mb56cnqd9cv --envName staging I get this error message. Failed to communicate with the Amplify CLI. You can try again by running: Earlier I noticed that it does not work when using brave browser. But now I am using chrome browser. Even with this browser I got this error. I am using ubuntu 22.04 linux on my laptop. Please help me.

Is it possible to have auth rules requiring authenticated users to belong to multiple groups? For example "allow users who are in 'Tenant N' AND who are 'Editors'". Our models are currently similar to this: ```graphql type MyModel @model @auth(rules: [ { allow: owner }, { allow: groups, groupsField: "tenantID" }, ]) { id: ID! tenantID: String! } ``` So using static group auth doesn't work for us: ```graphql type MyModel @model @auth(rules: [ { allow: groups, groups: ["DynamicTenantId", "Editor"] } ]) { id: ID! tenantID: String! } ``` Because tenantID is a dynamic value, we need to use dynamic group auth instead: ```graphql type MyModel @model @auth(rules: [ { allow: owner }, { allow: groups, groupsField: "tenantID" }, { allow: groups, group: "Editor" }, ]) { id: ID! tenantID: String! } ``` But this doesn't work because it's an "OR", saying "allow anyone in the tenant OR anyone with the 'Editor' group". Updating our models to use single dynamic group auth field doesn't work either: ```graphql type MyModel @model @auth(rules: [ { allow: owner }, { allow: groups, groupsField: "allowGroups" }, ]) { id: ID! allowGroups: [String] # ['DynamicTenantId', 'Editor'] } ``` Because this an "OR" too, saying "allow anyone in the tenant OR anyone with the 'Editor' group". Are there any other options, aside from a custom authenticator, to require multiple group membership?

I'm using AWS Amplify to host a next SSR application. My environment is configured to use node 16.13.0. This is working at build time. At the moment of the deploying, the lambda@edge generated for the cloudfront remains with node 14 version. Is there any way to config node version for the lambda@edge generated in deploy step? Thanks!

I have a NextJS app that uses SSR. Therefore manual deployment is not an option. I have setup Amplify hosting for the app. Deployment (initiated by GitHub push) fails due: ``` Must use import to load ES Module: /codebuild/output/.../src/aws-exports.js require() of ES modules is not supported. require() of /codebuild/output/src531993483/src/myidtoken/src/aws-exports.js from /snapshot/repo/build/node_modules/amplify-frontend-javascript/lib/frontend-config-creator.js is an ES module file as it is a .js file whose nearest parent package.json contains "type": "module" which defines all .js files in that package scope as ES modules. Instead rename aws-exports.js to end in .cjs, change the requiring code to use import(), or remove "type": "module" from /codebuild/output/src531993483/src/myidtoken/package.json. 2022-05-10T13:24:35.567Z [INFO]: Error [ERR_REQUIRE_ESM]: Must use import to load ES Module: /codebuild/output/src531993483/src/myidtoken/src/aws-exports.js require() of ES modules is not supported. require() of /codebuild/output/src531993483/src/myidtoken/src/aws-exports.js from /snapshot/repo/build/node_modules/amplify-frontend-javascript/lib/frontend-config-creator.js is an ES module file as it is a .js file whose nearest parent package.json contains "type": "module" which defines all .js files in that package scope as ES modules. Instead rename aws-exports.js to end in .cjs, change the requiring code to use import(), or remove "type": "module" from /codebuild/output/src531993483/src/myidtoken/package.json. ``` I do not have aws-exports.js committed to GitHub. So aws-exports.js is generated during the build/deploy. Therefore I cannot rename it to `.csj`. I have tried though creating `my-aws-exports.js` and include that from my code. However, the error is still the same. This also sounds to me that the error is in generated code. Repository is not unfortunately public so I cannot share it. I'm using - react 17 - next 12 - aws-amplify 4.3.21 - aws-sdk 2.1131.0 `package.json` states ` "type": "module",`.

Hi , I am trying to follow below steps to build Set up fullstack project in Amplify -I can see in AWS console, the user “maha-amplify” that I created it using (amplify configure) in prerequisite step -but whenever I run (amplify init) then select AWS profile in initialize a new backend step , I can not see that created user/Profile “maha-amplify” in the terminal but old one.. Check attachment https://paste.pics/GWCHL -Another question how can I delete the old one from the terminal like “Maha"? https://docs.amplify.aws/start/getting-started/setup/q/integration/react/#initialize-a-new-backend

Hi, we are using Amplify in our mobile apps and we have run into an issue in Flutter Android that the Amplify.DataStore.observe is not triggered. I have created an issue ([https://github.com/aws-amplify/amplify-flutter/issues/1563](https://github.com/aws-amplify/amplify-flutter/issues/1563)) to Amplify team but haven't received any answer nor solution yet.

How to enable AWS WAF for CDN generated in Amplify ?

I’ve been struggling to create a form that can be filled out to create a tracker at a given location. I have maps set up but haven't been able to create the tracker to be able to pin it; I found the parameters from the AWS SDK but am having trouble implementing it. Here is a snippet of my code: ``` import {AWS} from 'aws-sdk'; export default function Setup() { var location = new AWS.Location({apiVersion: '2020-11-19'}); var params = { TrackerName: 'STRING_VALUE', /* required */ Description: 'STRING_VALUE', KmsKeyId: 'STRING_VALUE', PricingPlanDataSource: 'STRING_VALUE', Tags: { '<TagKey>': 'STRING_VALUE', /* '<TagKey>': ... */ } }; location.createTracker(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); return( <form> <div class="form-group"> <label for="truckName">Tracker Name</label> <input type="text" class="form-control" id="truckName" placeholder="Enter Truck Name" /> <small id="trackerHelp" class="form-text text-muted">Please enter the name of your tracker.</small> </div> <button type="submit" class="btn btn-primary" onclick="Setup">Submit</button> </form> ); } ```

On May 4, I created an Amplify app just to try it out, because I decided I didn't need it so deleted it. Soon after, when I checked the biling dashboard, I noticed I have 5 active services. I did my research and I discovered how to get rid of a service. In most services I didn't find a trace of anything created in there, except Lambda, so I deleted my Lambda functions. Later, I went back to the billing dashboard and I found and it still says I found 5 active services. The next day, it went up to 6 but I didn't do anything except double check my services, and today it went up to 7. What I'm really wondering is what does an active service mean? Is anyone else experiencing the activation of services without doing anything?

On May 4, I created an Amplify app just to try it out, because I decided I didn't need it so deleted it. Soon after, when I checked the biling dashboard, I noticed I have 5 active services. I did my research and I discovered how to get rid of a service. In most services I didn't find a trace of anything created in there, except Lambda, so I deleted my Lambda functions. Later, I went back to the billing dashboard and I found and it still says I found 5 active services. The next day, it went up to 6 but I didn't do anything except double check my services, and today it went up to 7. What I'm really wondering is what does an active service mean? Is anyone else experiencing the activation of services without doing anything?

I host my web app with AWS Amplify Hosting, my question is can i change the first part(root) of my website url? I want to makeit friendlier, for example this is my website url: https://test.b12test3.amplifyapp.com. I would like to overwrite this part: test.b12test3 how can I do it? is this possible?

As my understanding, there are two required steps. I think only 1) is ok. **Is this redundancy? ** 1) From AWS IoT core policies, grant access to cognito_identity_id ```shell aws iot attach-policy --policy-name 'myIoTPolicy' --target '<YOUR_COGNITO_IDENTITY_ID>' ``` 2) From Cognito side, attach AWSIoTDataAccess and AWSIoTConfigAccess to Cognito Authenticated Role

I'd like to request to S3 as a cognito certification qualification. S3 is using sdk Cognito is using amplify. Use an angular typescript. I would like to replace the secret key with the cognito authentication information when creating S3. I want to access s3 with the user I received from Auth.signIn, but the credentials are missing. I need your help. ``` public signIn(user: IUser): Promise<any> { return Auth.signIn(user.email, user.password).then((user) => { AWS.config.region = 'ap-northeast-2'; AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'ap-northeast-2:aaaaaaaa-bbbb-dddd-eeee-ffffffff', }); const userSession = Auth.userSession(user); const idToken = userSession['__zone_symbol__value']['idToken']['jwtToken']; AWS.config.region = 'ap-northeast-2'; AWS.config.credentials = new AWS.CognitoIdentityCredentials({ IdentityPoolId: 'ap-northeast-2:aaaaaaaa-bbbb-dddd-eeee-ffffffff', RoleArn: 'arn:aws:iam::111111111111:role/Cognito_role', Logins: { CognitoIdentityPool: 'ap-northeast-2:aaaaaaaa-bbbb-dddd-eeee-ffffffff', idToken: idToken, }, })); const s3 = new AWS.S3({ apiVersion: '2012-10-17', region: 'ap-northeast-2', params: { Bucket: 'Bucketname', }, }); s3.config.credentials.sessionToken = user.signInUserSession['accessToken']['jwtToken']; s3.listObjects(function (err, data) { if (err) { return alert( 'There was an error: ' + err.message ); } else { console.log('***********s3List***********', data); } }); } ``` bucket policy ``` { "Version": "2012-10-17", "Id": "Policy", "Statement": [ { "Sid": "AllowIPmix", "Effect": "Allow", "Principal": "*", "Action": "*", "Resource": "arn:aws:s3:::s3name/*", } ] } ``` cognito Role Policies - AmazonS3FullAccess ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:*", ], "Resource": "*" } ] } ```

Hi, I was trying to write a React code for enabling TOTP based MFA for an user in cognito userpool. but i am not able to enable it. as i tried different code these is the error i am getting . **Reason: { message: "Code mismatch", code: "EnableSoftwareTokenMFAException", time: "2022-05-04T12:53:02.136Z",… } error: "EnableSoftwareTokenMFAException: Code mismatch" success: false ** i tried google authenticator and microsoft authenticator but still the same error message. sometimes code works but most of the time i am getting this error. how to resolve this ? what may be the reason for this error ? here's the link to my codebase i been refering : [https://github.com/AlexzanderFlores/Worn-Off-Keys-Cognito-Tutorials/blob/master/10-TOTP-MFA/lambda/get-qr-code/index.js]()

esteemed, I am facing a problem and would like some support from cloudfront, my internet provider asn 265463 with block of 168.197.12.0/22 cannot access the following domains that are hosted on cloudfront, https://www.kabum.com.br/ and https://www.tse.jus.br/ And I get the following response: Request blocked. What can I do to get unlocked?

Hi, **TL;DR: Can anyone give a recommend approach to storing customisable n-level hierarchy trees for grouping and navigating results via a frontend Amplify-powered web app (using DynamoDB or any other database solution that can be mapped to AppSync ideally)?** **Some background** I'm building an multi-tenant IoT analytics solution that takes data from some sensors out in the field, uploads to AWS, processes this data and stores in a DynamoDB table (i.e. a very "standard" setup). I'm planning on adding a web frontend (built using Amplify and an AppSync GraphQL layer) that will allow users to navigate a **customisable, n-level** hierarchy tree of assets, in order to view the sensor data we've collected. Examples of valid hierarchies include: Country -> Site -> Building -> Floor -> Room -> Sensor (6-level) or Site -> Building -> Room -> Sensor (4-level) etc. The important thing here, is that this hierarchy tree can differ per customer, and needs to be customisable on a tenant-by-tenant basis, but we don't need to do any complex analysis or navigation of relationships between hierarchy levels (so, to me, something like Amazon Neptune or another graph database feels a bit overkill, but perhaps I’m wrong). My first thought was to try and build a hierarchical relationship inside of a DynamoDB table, possibly making use of a GSI to provide this, but in all of the examples I’ve seen online, the focus is very much on quick retrieval, but not so quick updating of hierarchy trees – now, whilst it’s unlikely that these tree structures would be updated on a regular basis, it is something we need to be able to support, so the idea of possibly updating ‘000s of rows in DynamoDB every time we want to make a change to the hierarchy tree for a given control area doesn’t seem quite right to me. Hence, my question above. I'm ideally looking for guidance on how to structure a DDB table to best support BOTH optimal retrieval of, and updates to, hierarchy trees in our application, but if DDB isn't the right answer here, then suggestions of alternatives would also be greatly appreciated. Many thanks in advance.

In AWS Amplify UI React after Login how to redirect to dashboard path login button in home page in react in different page

I am deploying next.js application with auth0 authentication onto AWS Amplify. This is working on localhost as expected. I created "Environment variables" with AUTH0_SECRET and others in the amplify App Settings, and I am able to authenticate and it is working fine. Suddenly after one of the deployment, I keep getting this error. I redeployed older version, error did not disappear. I believe it is not the app issue, it is something to do with Amplify settings as previous deployment also stopped working. Browser Error ``` 503 ERROR The request could not be satisfied. The Lambda function associated with the CloudFront distribution is invalid or doesn't have the required permissions. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. ``` Logs: ``` ERROR Invoke Error { "errorType": "TypeError", "errorMessage": "\"secret\" is required", "stack": [ "TypeError: \"secret\" is required", " at Object.get (/var/task/node_modules/@auth0/nextjs-auth0/dist/auth0-session/get-config.js:147:15)", " at Object.getConfig (/var/task/node_modules/@auth0/nextjs-auth0/dist/config.js:66:38)", " at Object.initAuth0 (/var/task/node_modules/@auth0/nextjs-auth0/dist/index.js:22:23)", " at getInstance (/var/task/node_modules/@auth0/nextjs-auth0/dist/index.js:18:24)", " at handleAuth (/var/task/node_modules/@auth0/nextjs-auth0/dist/index.js:124:18)", " at Object.5862 (/var/task/pages/api/auth/[...auth0].js:214:129)", " at __webpack_require__ (/var/task/webpack-api-runtime.js:25:42)", " at Object.7416 (/var/task/pages/api/auth/[...auth0].js:189:23)", " at __webpack_require__ (/var/task/webpack-api-runtime.js:25:42)", " at __webpack_exec__ (/var/task/pages/api/auth/[...auth0].js:325:39)" ] } ``` for debugging, I printed the secret using console.log and I am able to see it. Reproduction my [...auth0].js ``` import { handleAuth } from '@auth0/nextjs-auth0'; console.log('the AUTH0_SECRET env var is set: ', !!process.env.AUTH0_SECRET); export default handleAuth(); ``` Environment Please provide the following: Version of this library used: "@auth0/auth0-react": "^1.9.0", "@auth0/nextjs-auth0": "^1.7.0", "axios": "^0.26.1", "jsonwebtoken": "^8.5.1", "next": "latest", "react": "17.0.2", "react-dom": "17.0.2", "react-is": "^18.0.0", "swr": "^1.3.0",

## Background Amplify apps are easily extensible with Lambda functions, using `amplify add function`. Great! ## Problem How can I access the Amplify app ID from the Lambda function code? There are a lot of scenarios where I need that string in order to locate resources or access secrets in SSM. ## More generally How can my function do introspection on the app? How can I get the app ID from the Lambda function? Is there a service? Am I supposed to pass the information (somehow) through the CloudFormation template for the function? ## Due diligence I've spent days trying to figure this out, and I have at least learned the secret, undocumented way to get anything in a nested CloudFormation stack's outputs into the parameters for my CloudFormation stack, so that I can create environment variables that my Lambda function can see. That does not solve my original problem of finding the top-level app ID. Or any information about the top-level app. If I could find the stack name for the top-level CloudFormation for the stack then I could learn a lot of things. I can't. #### How to pass stack outputs from app resources into function stack parameters I've spent days trying to figure this out, and I have at least learned the secret, undocumented way to use `dependsOn` in the backend-config.json to get the outputs from the CloudFormation stacks for other resources in the Amplify app and feed those into the parameters for my stack for my function: ``` "function": { "MyFunctionName": { "build": true, "providerPlugin": "awscloudformation", "service": "Lambda", "dependsOn": [ { "category": "api", "resourceName": "Data", "attributes": [ "GraphQLAPIIdOutput" ] } ], } } } ``` That creates a new parameter for your function that's named using a pattern that's not documented anywhere, from what I can tell: `[category][resource name][CloudFormation stack output name]`. You can reference that in your CloudFormation stack for your function to create an environment variable that your function code can access: ``` { "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { ... "secretsPathAmplifyAppId": { "Type": "String" } ... "Resources": { ... "Environment": { "Variables": { "AMPLIFY_APP_ID": { "Ref": "secretsPathAmplifyAppId" }, ``` #### Using the `AmplifyAppId` in `amplify-meta.json` doesn't work If I could access the `provider` / `cloudformation` data from a `dependsOn` then I could get the app ID into my function's stack. But that doesn't work. I spent some time eliminating that possibility. #### Using `secretsPathAmplifyAppId` There is a side effect of using amplify update function to add secrets. If you add any secret to the function then you will get a new parameter as an input to your function's CloudFormation stack: `secretsPathAmplifyAppId` I did that and added a dummy secret that I don't really need, in order to get that CloudFormation stack parameter containing the Amplify App ID that I do need. And then I referenced that in my CloudFormation template for my function: ``` { "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { ... "env": { "Type": "String" }, "s3Key": { "Type": "String" }, ... "secretsPathAmplifyAppId": { "Type": "String" } ``` That works, right? **No!** If I create a new app in Amplify, perhaps deploying it to a staging or production account for the first time, then I'll get the error `Parameters: [secretsPathAmplifyAppId] must have values` from the initial build when I press "Save and Deploy" on the "Host your web app" form. This is because using `secretsPathAmplifyAppId` relies on the Amplify CLI adding the value to the `team-provider-info.json` file. For a new app's first deployment, "the `team-provider-info.json` file is not available in the Admin UI deployment job", as described in https://github.com/aws-amplify/amplify-cli/issues/8513 . And there is apparently no solution. ## WHY IS THIS SO HARD?!? The Amplify documentation implies that it's not difficult to add a Lambda function and do whatever. I'm a Lambda pro and a code pro, and I can do whatever. But only if I can pass context information to my code. How can an Amplify app's Lambda functions do introspection on the app?

I have react application which i integrated into amplify. The amplify created one amplifyapp domain, which is using the production configuration (some of the debug settings are not visible). How do we make the front end CI/CD pipeline for react application using amplify with dev (with dev settings), pre-prod and prod stages ?

I need I have two cognito pools One is for uber rider One is for uber driver now when I query from my rider side I need rider authentication from his pool on rides table and when I need to query from drivers side I need driver credentials for authentication from his pool to get data from rides table. like this one https://aws.amazon.com/blogs/mobile/graphql-security-appsync-amplify/ but with code gen amplify it self generate the VTL. but my problem is to write it by myself as I am not using amplify.

Whilst new to the AWS environment, Amplify, and Cloud9, I didn't think I'd be running into issues this early on. I'm trying to install amplify in a new Cloud 9 environment, but for some reason, get this error off the bat. Any guidance or direction pointing would be highly appreciated: ``` Downloading release from https://d2bkhsss993doa.cloudfront.net/8.0.2/amplify-pkg-linux-x64.tgz node:internal/buffer:959 super(bufferOrLength, byteOffset, length); ^ RangeError: Array buffer allocation failed at new ArrayBuffer (<anonymous>) at new Uint8Array (<anonymous>) at new FastBuffer (node:internal/buffer:959:5) at createUnsafeBuffer (node:internal/buffer:1062:12) at allocate (node:buffer:410:10) at Function.allocUnsafe (node:buffer:375:10) at Function.concat (node:buffer:553:25) at Extract.<anonymous> (/home/ec2-user/.nvm/versions/node/v16.14.2/lib/node_modules/@aws-amplify/cli/lib/binary.js:124:37) at Extract.emit (node:events:538:35) at finishMaybe (/home/ec2-user/.nvm/versions/node/v16.14.2/lib/node_modules/@aws-amplify/cli/node_modules/readable-stream/lib/_stream_writable.js:624:14) ```

I'm trying to implement an custom challenge using Amplify -> Cognito, the issue is that when I call: ```Auth.signIn({... , validationData: {foo: 'bar'}, {foo: 'bar'}})```, the `validationData` or `clientMetadata` are present in Define Auth Challenge or Create Auth Challenge triggers as described in the documentation https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.html It's extremely important to be able to send context to Define and Create Auth Challenge from the client so we could define what challenge was chosen on the client-side, e.g Email, or Sms, or even sending the users language so during sending the challenge the language could be defined to send messages through SNS, and it seems people are managing that in a hacky way by answering a "dummy" challenge just be able to send context to the lambda, [here's](https://github.com/aws-amplify/amplify-js/issues/6731) the discussion in Amplify repo. I'd like to know if someone else went through this issue and figured out another solution and if Cognito team has plan to fix it? Thanks.

Hi, I have a appsync Schema which has composite key @key(name: "FinderJobbyDateWithCompositKey", fields: [ "finder_id", "date", "job_status" ], queryField: "JobsFinderWithCompositKey") I did amplify push and it successfully created GSI with the respective table. the table has the data but when I run query query MyQuery { JobsFinderWithCompositKey(finder_id: "+929898989898", dateJob_status: {eq: {date: "2022-04-06T09:00:00.000Z", job_status: "15"}}) { items { cod_charge createdAt } } } it give me Null in response. Please specify what is the issue and how to solve and get result. I followed this link: https://docs.amplify.aws/cli-legacy/graphql-transformer/key/#example-get-orders-by-customer-email-by-createdat

I'm hoping to leverage a GraphQL model managed by Amplify / AppSync and build on that, using the DynamoDB table for storage but then adding my own custom business logic. In the current example, I want a model that represents a session for an external API, and I want to override the `create` mutation with a Lambda function that will call the external API to get an access token, and then add that token to the newly-created `@model` instance. I'm trying to do that by disabling the default `create` resolver and then adding my own in my GraphQL schema: ``` type ExternalAPISession @model(mutations: { create: null }) @auth(rules: [{allow: public}]) { id: ID! username: String! @index(name: "byUsername", queryField: "getExternalAPISessionByUsername") access_token: String! refresh_token: String! } type Mutation { createExternalAPISession(username: String, password: String): ExternalAPISession @function(name: "CreateExternalAPISession-${env}") } ``` But, even though I tried to disable the default `create` resolver, I still get this error when I try to `amplify push` this schema: ``` ⠹ Updating resources in the cloud. This may take a few minutes... Following resources failed Resource Name: MutationcreatePaytronixSessionResolver (AWS::AppSync::Resolver) Event Type: create Reason: Only one resolver is allowed per field. (Service: AWSAppSync; Status Code: 400; Error Code: BadRequestException; Request ID: 08399b17-1e38-46f6-bf9f-06f68356c21a; Proxy: null) ``` Is it even possible to do what I'm trying to do? I can't seem to find any explicit confirmation in the documentation that you can override a default CRUD action with your own Lambda function resolver. I see that you can override the default CRUD VTL templates with your own VTL. But can you override them with Lambda functions?

Hi, We're leveraging Appsync's real-time subscription/mutation capabilities in our app. Just wanted to check and confirm if there's any message delivery guarantee built-in in Appsync? What if the message is sent via WebSocket but not received by a web client (due to the nature of TCP)? is there some kind of Ack/retry mechanism? couldn't find much info related to message delivery guarantee (real-time WebSockets) in the Appsync docs

I am following [an example from the official document](https://ui.docs.amplify.aws/theming/dark-mode) to setup dark mode. But it only apply dark mode to the ToggleButtonGroup, and does not apply to entire page. Does anyone has used dark mode in Amplify UI?

I am using the aws4-axios package for authentication on a React App. I am using this package in order to authenticate an API call with AWS credentials. When I attempt to start the app, I receive an error about the crypto module. I have attempted to remediate this issue by setting crypto to false in my package.json but the error still occurs. If anyone could help, I would deeply appreciate it. I am inserting the error below. ``` ERROR in ./node_modules/aws4/aws4.js 4:13-30 Module not found: Error: Can't resolve 'crypto' in '/mnt/c/Users/dalade/code/repos/prism/prism-dashboard/node_modules/aws4' BREAKING CHANGE: webpack < 5 used to include polyfills for node.js core modules by default. This is no longer the case. Verify if you need this module and configure a polyfill for it. If you want to include a polyfill, you need to: - add a fallback 'resolve.fallback: { "crypto": require.resolve("crypto-browserify") }' - install 'crypto-browserify' If you don't want to include a polyfill, you can use an empty module like this: resolve.fallback: { "crypto": false } webpack compiled with 1 error ```

I am using amplify-cli with angular front-end. I have the following schema (schema.graphql): ``` type CardDeck @model @key(name: "byBoard", fields: ["boardId"], queryField: "cardDeckByBoardId") { id: ID! type: String! properties: [PropertyOrderTwo] boardId: ID! } type Subscription { onUpdateCardDeckByBoardId(boardId: ID!): CardDeck @aws_subscribe(mutations: "updateCardDeck") } ``` I added the following response mapping template to the subscription in the appSync console. ``` ## Response Mapping Template - onUpdateCardDeckByBoardId subscription $extensions.setSubscriptionFilter({ "filterGroup": [ { "filters" : [ { "fieldName" : "boardId", "operator" : "eq", "value" : "**** -> a valid board id" } ] } ] }) $util.toJson($context.result) ``` This results in the following connection error when subscribing to the listener in my app: ``` Connection failed: {"errors":[{"message":"Cannot return null for non-nullable type: 'ID' within parent 'CardDeck' (/onUpdateCardDeckByBoardId/id)"},{"message":"Cannot return null for non-nullable type: 'String' within parent 'CardDeck' (/onUpdateCardDeckByBoardId/type)"},{"message":"Cannot return null for non-nullable type: 'ID' within parent 'CardDeck' (/onUpdateCardDeckByBoardId/boardId)"},{"message":"Cannot return null for non-nullable type: 'AWSDateTime' within parent 'CardDeck' (/onUpdateCardDeckByBoardId/createdAt)"},{"message":"Cannot return null for non-nullable type: 'AWSDateTime' within parent 'CardDeck' (/onUpdateCardDeckByBoardId/updatedAt)"}]} ``` What am I doing wrong?

I am developing an iOS & Android application to be used for Account Creation, Product Registration, and File Distribution. The project has a requirement to be able to serve Mainland China and North America from a single application. I hope to migrate my application from Firebase to AWS to support these needs and comply with American and Chinese legislation on the storage of user data within their respected countries. Is there a feasible solution to this problem? I assume I would need to have an AWS and an AWS China account, but would I be able to make the application decide which Server Regions to use depending on if the user is inside or outside of the China. FYI I am a Sole Developer on this project for my employer, Junior at that with little database experience, an ideal solution wouldn't be too complicated to implement and maintain but all suggestions are welcome.

I am working on AWS project by freecodecamp (link: https://www.youtube.com/watch?v=JgwI22y_eFA). This project is an online book store website which focuses on Amplify, AppSync, DynamoDB, S3 and Lambda. At about 28:00, the mentor uses amplify push to push resources to cloud, but I'm getting incompatibility errors regarding Node JS. Screenshot URL: https://drive.google.com/file/d/18gdCOudpop9SUTtbYj7VcEfkQctIm8Qw/view?usp=sharing Github link for code: https://github.com/FossWithKc/BookStore-AWS Please Help me.

Hi, I have successfully deployed a react app on amplify. When I add a custom domain i get this error. Create domain association failed One or more domains requested are already associated with another Amplify app: bakeone.in, www.bakeone.in But i haven't used this domain on amplify. May be the previous domain owner have linked this to an amplify app. I request aws to unlink the domain because i am the domain owner and i want to link it to my app.

I'm using Cognito user pool created with Amplify. It requires e-mail sign-in and sign-up. Username parameter is automatically filled with sub value. I'm using this username value as a unique id for Dynamo DB user table. I've selected username value as a unique id since sub values were assigned by Cognito system, we could not provide them. It's also explained in Cognito docs: *"If your application doesn't require a user name, you don't need to ask users to provide one. Your app can create a unique username for users in the background. This can be useful if you want users to register and sign in with an email address and password."* [https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html]() While importing users to new Cognito pool (same configuration with Amplify), I was hoping to copy the username values to cognito:username attributes of newly created users. But it didn't work like that, import job failed with "Username should be an email". Even when I provide email for username attribute, it's set as a random UUID. I do not understand, how these users were created with usernames keeping sub (UUID) values, if it's not allowed? If they could be created with these values, why they can't be imported to a new user pool having exactly the same config, any idea?

I have the following Graphql schema with relationship: ``` type Product @model{ id: ID! @primaryKey name: String! img: String! components: [Component]! @hasMany categories: [Category]! @hasMany } type Component @model{ id: ID! @primaryKey name: String! } type Category @model{ id: ID! @primaryKey name: String! } ``` A product can have multiple components and multiple categories. I would like to have a mutations that can allow me to create a Product and also the components and categories associated. Amplify codegen already created the mutation "CreateProduct" but it don't allow me to specify the component and category data in order to create them and link to the product. It seems that i must create the product first and then the component and category separately. I need to write a custom mutation in order to do what i want or it's impossible? If it's possible with a custom mutation, how can I write it? Thank you!

As a root user, I created an environment in Cloud9, then created IAMS users and gave them RW access to the environment, which I can see has worked when I click the Share button on the upper left corner of the environment, but when they log in and go to Cloud9 they can see the card for the environment but 'Open IDE' is grayed out and they can't access it. Sigh.

Hi, I am new to AWS Amplify and would like guidance on how to send a query to an ***existing*** GraphQL API on AWS AppSync. I am unsure how to start as a lot of Amplify coverage creates a *new* AppSync API using the Amplify CLI. ## Objectives * Set up a Node.js project to work with an existing AWS AppSync API, using AWS Amplify as the GraphQL client. * Send a single query to an existing AWS AppSync API. The query lists game results from a DynamoDB table and is called `listGames` in my GraphQL schema. * I need to repeat the query in order to fetch all available database records that satisfy the query. This would mean adding results to an array/object until the `nextToken` is `null` (i.e. no more records can be found for the query). ## Context * This application is deployed in an Amazon ECS container using AWS Fargate. * The ECS service is fronted by an Application Load Balancer (ALB). * A leader board web page fetches game results through a `POST` request to the ALB's DNS name / URL and adds them to a HTML table. ## Notes * For now, API key is my authentication method. I would soon like to switch to a task IAM role in ECS. * The ECS deployment described in 'Context' is working but it sends `POST` requests without AWS libraries. It is my understanding that I would need to use an AWS library in order to use an IAM role for AppSync authentication (used as a [task IAM role in ECS](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html)). Please correct me if I am mistaken. I would greatly appreciate any help you can give me. Thank you for your time!

I've created a new function using the latest version of the CLI and granted access to the API resources as stated in the docs. The generated function resources seem to miss Authorization to access AppSync schema, since any type of access attempt ends up in the following response: ``` { "data":{ "getUsers":null }, "errors":[ { "path":[ "getUsers" ], "data":null, "errorType":"Unauthorized", "errorInfo":null, "locations":[ { "line":2, "column":9, "sourceName":null } ], "message":"Not Authorized to access getUsers on type Query" } ] } ``` I've double-checked and the CLI recognizes/shows that the generated function has the required Resource access permissions. Existing functions created following the same exact steps (with previous CLI versions) are working correctly. Expected behavior The function should have access to the resources we specified during the creation process. Reproduction steps 1. amplify add function 2. follow all required steps & grant access to the AppSync API 3. try to retrieve data by accessing Appsync Here is the link to the github repo issue created with further details: https://github.com/aws-amplify/amplify-cli/issues/10141

Hi, we have a appsync setup with dynamodb which was setup using Amplify GRAPHQL API over a year ago. It's in the us-east-1 region and I access the endpoints from the Philippines (Southeast Asia). We've always had fairly slow response times (around 1sec or more) ever since but I thought it was pretty normal. We're trying to now optimize our app and I read that normal response times should never exceed 500ms. Can someone help us here? Maybe take a look at how we setup our code and speed queries up Thank you very much.

Hello, I am using Amplify to created AWS Pinpoint endpoints which I use further for segments, campaigns, journeys etc. Creating the endpoint works fine for me by doing something like this: ``` let endpoint = { address: this.email, attributes: { eventStatusUpdate: [true], wantsToUnsubscribe : [false], }, channelType: 'EMAIL', optOut: 'NONE', userId: this.email, userAttributes: { email: [this.email] } } Analytics.updateEndpoint(endpoint).then((event) => { console.log("ENDPOINT EVENT", event) }); ``` To delete the endpoint, in an email that users receive I have a button that redirects them to a Unsubscribe Page where I have another endpoint that gets the email of the user but I am not sure what to do from that point. I have multiple endpoints for the same user with the same email but apparently all those endpoints get different ID's. I have no idea how to delete the specific endpoint I want so that the user can be unsubscribed and not receive emails anymore. I hope you can help me with that?

According to [Amplify documentation](https://docs.amplify.aws/cli/usage/export-to-cdk/) and [this official blog post](https://aws.amazon.com/blogs/mobile/export-amplify-backends-to-cdk-and-use-with-existing-deployment-pipelines/), it is possible to export infrastructures from Amplify then import into CDK. However, I try with CDK V2 and it does not work. I got error when installing **npm i @aws-amplify/cdk-exported-backend@latest**. CDK V2 **Construct** is not compatible with the **Construct** in aws-amplify/cdk-exported-backend, I think. So how to export Amplify infrastructure to CDK V2? Thank you! 1. Here is my package.json of CDK ``` { "name": "amplify-export-cdk", "version": "0.1.0", "bin": { "amplify-export-cdk": "bin/amplify-export-cdk.js" }, "scripts": { "build": "tsc", "watch": "tsc -w", "test": "jest", "cdk": "cdk" }, "devDependencies": { "@types/jest": "^26.0.10", "@types/node": "10.17.27", "jest": "^26.4.2", "ts-jest": "^26.2.0", "aws-cdk": "2.18.0", "ts-node": "^9.0.0", "typescript": "~3.9.7" }, "dependencies": { "aws-cdk-lib": "2.18.0", "constructs": "^10.0.0", "source-map-support": "^0.5.16" } } ``` 2. Here is errors when installing ``` npm ERR! code ERESOLVE npm ERR! ERESOLVE unable to resolve dependency tree npm ERR! npm ERR! While resolving: amplify-export-cdk@0.1.0 npm ERR! Found: constructs@10.0.108 npm ERR! node_modules/constructs npm ERR! constructs@"^10.0.0" from the root project npm ERR! npm ERR! Could not resolve dependency: npm ERR! peer constructs@"^3.2.27" from @aws-amplify/cdk-exported-backend@0.0.5 npm ERR! node_modules/@aws-amplify/cdk-exported-backend npm ERR! @aws-amplify/cdk-exported-backend@"0.0.5" from the root project npm ERR! npm ERR! Fix the upstream dependency conflict, or retry npm ERR! this command with --force, or --legacy-peer-deps npm ERR! to accept an incorrect (and potentially broken) dependency resolution. ```

My current website was built and managed via AWS Amplify from one AWS account (Developer) and now I wanted to attached that domain under my AWS Account with same infrastructure under AWS Amplify. But while I'm Addind a custom domain (managed under Route53) under AWS Amplify tab, and trying to save, its giving error : > One or more domains requested are already associated with another Amplify app I have full access of my Domain DNS and I had update the NS too which is generated und Route53 but still I could not get released it from the previous AWS account where from hosted by Amplify as development Environment. Kindly please assist how to release that so I can go live with my domain mapped to my AWS accont and get full control of it.

I wanted to change the colour of "Forgot your password?" link and possibly edit the link text as "Forgot password ?" . Is it possible in user pool UI customisation option or is there any other alternative ways to do it. Please let me know!

I am getting a huge amount of warnings when I import AmplifyProvider. ``` WARNING in ./node_modules/@aws-amplify/ui/dist/esm/types/authenticator/user.js Module Warning (from ./node_modules/source-map-loader/dist/cjs.js): Failed to parse source map from 'D:\reactjs\amplify-work\node_modules\@aws-amplify\src\types\authenticator\user.ts' file: Error: ENOENT: no such file or directory, open 'D:\reactjs\amplify-work\node_modules\@aws-amplify\src\types\authenticator\user.ts' @ ./node_modules/@aws-amplify/ui/dist/esm/index.js 14:0-95 14:0-95 14:0-95 @ ./node_modules/@aws-amplify/ui-react/dist/esm/index.js 8:0-74 8:0-74 8:0-74 8:0-74 @ ./src/index.js 10:0-56 WARNING in ./node_modules/@aws-amplify/ui/dist/esm/validators/index.js Module Warning (from ./node_modules/source-map-loader/dist/cjs.js): Failed to parse source map from 'D:\reactjs\amplify-work\node_modules\@aws-amplify\src\validators\index.ts' file: Error: ENOENT: no such file or directory, open 'D:\reactjs\amplify-work\node_modules\@aws-amplify\src\validators\index.ts' @ ./node_modules/@aws-amplify/ui/dist/esm/machines/authenticator/actors/signIn.js 8:0-66 528:23-24 @ ./node_modules/@aws-amplify/ui/dist/esm/machines/authenticator/index.js 4:0-54 275:18-19 @ ./node_modules/@aws-amplify/ui/dist/esm/index.js 12:0-79 12:0-79 @ ./node_modules/@aws-amplify/ui-react/dist/esm/index.js 8:0-74 8:0-74 8:0-74 8:0-74 @ ./src/index.js 10:0-56 WARNING in src\index.js Line 5:8: 'Amplify' is defined but never used no-unused-vars Line 7:10: 'AmplifyProvider' is defined but never used no-unused-vars 1548 warnings have detailed information that is not shown. Use 'stats.errorDetails: true' resp. '--stats-error-details' to show it. webpack 5.71.0 compiled with 1549 warnings in 513 ms ``` =============================================== Create standard: create-react-app Import: npm i @aws-amplify/ui-react aws-amplify File index.js ``` import React from "react"; import ReactDOM from "react-dom"; import "./index.css"; import App from "./App"; import Amplify from "aws-amplify"; import "@aws-amplify/ui-react/styles.css"; import { AmplifyProvider } from "@aws-amplify/ui-react"; ReactDOM.render( <React.StrictMode> <App /> </React.StrictMode>, document.getElementById("root") ); ``` File App.js ``` import "./App.css"; function App() { return ( <div className="App"> <header className="App-header"> <h1>Hello world</h1> </header> </div> ); } export default App; ``` package.json ``` { "name": "amplify-work", "version": "0.1.0", "private": true, "dependencies": { "@aws-amplify/ui-react": "^2.13.0", "@testing-library/jest-dom": "^5.16.3", "@testing-library/react": "^12.1.4", "@testing-library/user-event": "^13.5.0", "aws-amplify": "^4.3.18", "react": "^18.0.0", "react-dom": "^18.0.0", "react-scripts": "5.0.0", "web-vitals": "^2.1.4" }, "scripts": { "start": "react-scripts start", "build": "react-scripts build", "test": "react-scripts test", "eject": "react-scripts eject" }, "eslintConfig": { "extends": [ "react-app", "react-app/jest" ] }, "browserslist": { "production": [ ">0.2%", "not dead", "not op_mini all" ], "development": [ "last 1 chrome version", "last 1 firefox version", "last 1 safari version" ] } } ```

Hello AWS Team, I am building an application in the AWS Amplify studio. But now the Amplify Studio is not opening in the AWS console. I tried everything from clearing the cache to browser change but nothing else. Whatever I have done is not coming. I am not able to work anymore. Here is the error from browser console. I am not sure if it relevant. But seems like because of this error, I am not able to open the studio. ``` Uncaught TypeError: Cannot read properties of undefined (reading 'githubToken') at F.render (main.js:1:4215133) at zo (vendors~main.js:59:71428) at Uo (vendors~main.js:59:71227) at zs (vendors~main.js:59:112369) at ku (vendors~main.js:59:98325) at Cu (vendors~main.js:59:98253) at Su (vendors~main.js:59:98116) at mu (vendors~main.js:59:95103) at vendors~main.js:59:44772 at t.unstable_runWithPriority (vendors~main.js:67:3768) ``` Image/Screenshot: https://ibb.co/k1h7nnV

https://repost.aws/questions/QUpKWtY6URTxCGZmh3j0tbtA/amplify-console-problem I'm experiencing the same issue as explained in above. I've never used amplify... I wanted to for the first time today, but I was blocked with this. It loads in us-east-1 , but the issue is in us-west-2 Help please! I'm not going to buy a tech support plan just so that AWS can make their own service barely function. ``` vendors~main.js:59 TypeError: Cannot read properties of undefined (reading 'githubToken') at F.render (main.js:1:4215133) at zo (vendors~main.js:59:71428) at Uo (vendors~main.js:59:71227) at zs (vendors~main.js:59:112369) at ku (vendors~main.js:59:98325) at Cu (vendors~main.js:59:98253) at Su (vendors~main.js:59:98116) at mu (vendors~main.js:59:95103) at vendors~main.js:59:44772 at t.unstable_runWithPriority (vendors~main.js:67:3768) as @ vendors~main.js:59 vendors~main.js:59 Uncaught TypeError: Cannot read properties of undefined (reading 'githubToken') at F.render (main.js:1:4215133) at zo (vendors~main.js:59:71428) at Uo (vendors~main.js:59:71227) at zs (vendors~main.js:59:112369) at ku (vendors~main.js:59:98325) at Cu (vendors~main.js:59:98253) at Su (vendors~main.js:59:98116) at mu (vendors~main.js:59:95103) at vendors~main.js:59:44772 at t.unstable_runWithPriority (vendors~main.js:67:3768) ```

App Id dqbbd1fflds4t Region us-east-1 **Amplify Hosting feature: **Redirects Hitting https://localizalia.dqbbd1fflds4t.amplifyapp.com/api/session from Portugal or Spain doesn't work. From Brazil it works. rewrite entry not working: `{ "source": "/api/<*>", "target": "https://xxxxx-my-alb/api/<*>", "status": "200", "condition": null }` --- I suspect this has to do with tls1.3 because I see it in access logs and it is not supported by ALB.

Hello there, I've Cognito configured to authorize my users. The sign in and sign up is working fine. Now I want my users to be able to create data via an AppSync API. I've configured to use Cognito User Pool. But somehow if I want to create data via a mutation I get the error that I'm not authorized. The schema is described like this: type Advert @model @auth(rules: [{ allow: owner }, { allow: public, operations: [read] }]) { ... } But somehow this is not working. I just get following error: errorType: "Unauthorized", message: "Not Authorized to access createAdvert on type Advert" However, if I try it via the AppSync Webconsole it is working. Must I configure something in the Amplify API Client? Best regards Alex

AWS Amplify BitBucket has been successfully applied. React is fine. but the image doesn't come out In local, the image is normally output. However, it is not output in the Amplify domain. What settings should I check?

Does anyone have any documentation on what the various Amplify domain statuses mean? The javascript API only gives the status names themselves, but no meaning: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-amplify/enums/domainstatus.html I can't find any documentation on this. Thanks.

In Amplify console, I connected one branch that contained experiments on adding Next.js and it seems like the whole app switched to SSR mode. Even though all the branches now are SSG (using create-react-app), it's still fails "deploy" stage with following message: ``` 2022-03-28T10:29:07 [INFO]: Beginning deployment for application ..., branch:..., buildId ... 2022-03-28T10:29:08 [INFO]: Cannot find any generated SSR resources to deploy. If you intend for your app to be SSR, please check your app Service Role permissions. Otherwise, please check out our docs on how to setup your app to be detected as SSG (https://docs.aws.amazon.com/amplify/latest/userguide/server-side-rendering-amplify.html#deploy-nextjs-app) 2022-03-28T10:29:08 [ERROR]: {"code":"7","message":"No ssrResources.json file"} ``` And this happens while `package.json` contains following commands: ``` "scripts": { "start": "gatsby develop", "serve": "gatsby serve", "build": "gatsby build", } ``` And `amplify.yml` is this: ``` version: 0.2 frontend: phases: preBuild: commands: - yarn install build: commands: - yarn run build artifacts: baseDirectory: build files: - '**/*' customHeaders: - pattern: '/apple-app-site-association.js' headers: - key: 'Content-Type' value: 'application/json' - pattern: '/*.xml' headers: - key: 'Content-Type' value: 'application/xml' ``` What do I do?

Update mutation fails in appsync request from flutter application because _version is not passed along with it. I am not interested in using datastore yet, Kindly let me know how I can get the latest _version using my fetch query and pass it in my update mutation. *Note: I am able to get the _version in my fetch query on appsync console. But the query does not return _version in my flutter application. I have tried below request methods, both does not return _version --- 1) ```final request = ModelQueries.get(VariableList.classType, "c80d6fb2-97ed-4194-8d80-d9cfe6125321");``` --- 2) ``` <code>String someId = "c80d6fb2-97ed-4194-8d80-d9cfe6125321"; const getVariableList = "getVariableList"; String graphQLDocument = ''' {getVariableList(id: "c80d6fb2-97ed-4194-8d80-d9cfe6125321") { CropType OrderStatus PaymentStatus _version id PaymentType StableVersion }} '''; final request = GraphQLRequest<VariableList>( document: graphQLDocument, modelType: VariableList.classType, variables: <String, String>{'id': someId}, decodePath: getVariableList); final response = await Amplify.API.query(request: request).response; ```

I am facing an error with cloudformation in which my nested stack got stuck in UPDATE_ROLLBACK_FAILED state causing my parent stack to failed. The reason I found out is S3 key missing for my appsync resolvers, although these files are there in S3 deployment bucket. The specified key does not exist. (Service: Amazon S3; Status Code: 404; Error Code: NoSuchKey; Request ID: M2X7368PMNF1G; S3 Extended Request ID: WCIc1YLjxOR9KZRxkPb1AGI4xoM6KPofiohiP9ywyps8tSfP6ehHJl8gWk7o=; Proxy: null)

Environment: Using t3.small with resized EBS to 20GB; Connecting from: Mac OS (Safari or Chrome - current versions) Repro: ``` nvm install stable npm install -g @aws-amplify/cli # optional (unless testing `amplify run`) npm install vue npm install -g @vue/cli vue create testsite # use babel, router, lint; vue3 cd testsite npm run serve ``` At this point server is running normally with following message: App running at: - Local: http://localhost:8080/ - Network: http://xxx.xxx.xxx.xxx:8080/ However Cloud9 reports following error: Cloud9 Help You may be using the wrong PORT & IP for your server application. Try passing port 8080 to properly launch your application. We can continue installing Amplify to show it also fails with amplify run: ``` amplify configure # create or use existing amplify user passing appropriate key/secret ids amplify init # use defaults npm install aws-amplify @aws-amplify/ui-components amplify add auth # optional - I was trying to test drive Cognito; some code changes required, but not relevant for this test amplify push amplify run ``` Same result as with npm run serve. Reviewed following references, but did not find any working solutions: * https://docs.aws.amazon.com/cloud9/latest/user-guide/app-preview.html#app-preview-run-app * https://docs.aws.amazon.com/cloud9/latest/user-guide/troubleshooting.html#troubleshooting-app-preview * https://repost.aws/questions/QUyfyfFI92TO6lN6s6Ti-7Ig/can-no-longer-preview-running-applications-vfs-connection-does-not-exist * Note: In Chrome this seems to now be "SameParty cookies to be first-party" and in Safari disabling prevent cross-site tracking and block all cookies - neither worked for me When I had first started while following the initial Cloud 9 guide I was able to get the preview application to work while using the default t3.micro instance on Safari. After upgrading to t3.small it did not work any longer, though the t3.micro instance was failing in numerous other ways due to low memory, so this was not a viable setup. Following through the Cloud 9 instructions to create new environment instances I was unable to get any working Preview scenarios in any of the environments following various variations on the setup and sequencing of the vue3 and vue/cli installation. Any additional suggestions are appreciated.

### Setup I am using AWS Amplify to host my NextJS app. My backend is a headless CMS called Craft CMS (PHP). The NextJS app is using the GraphQL endpoint from Craft CMS for data fetching. The CMS is in EC2 server. It is connected to an Application Load Balancer. ### Requirement I want to be the only one who can access the CMS since I'm the only one using it. So the EC2 security group's source for HTTP and HTTPs is the ELB security group ID. The ELB security group has my IP for the HTTP and HTTPS traffic. This configuration works. I'm the only one who can access the site. ### The issue The problem is that when Amplify tries to build my frontend app, it's always build error. It seems that the Amplify can not reach the GraphQL endpoint when it tries to build the app. ### Action taken I tried adding `AmazonEC2FullAccess` to the Amplify Service role and it didn't work. ### Temporary workaround I turned on the access logs of the CMS and found the AWS IP of the Amplify app. I then added the IP to the ELB security group to allow access. This works but I don't know how often AWS changes the IP address and I know at point some point it'll break down. ### Question How do we allow Amplify to access the GraphQL endpoint for npm builds? Any ideas is greatly appreciated. Thank you.

I want to delete the application from amplify, but an error appears : "Invoking remove all backends execution failed" How delete application if a backend compartment S3 is empty ? there is nothing compartments.

Hello there, I have a function with permissions to another resource. This resource permission is no longer needed. But I cannot delete the permissions from the lambda function. The CLI always says that At least on category must be selected. ? Which setting do you want to update? Resource access permissions ? Select the categories you want this function to have access to. ◯ auth ◯ function ❯◯ storage ◯ api ◯ hosting >> You must select at least one category The version of the CLI is 7.6.2 Is there a way to remove all permissions from a lambda via the Amplify CLI?

I am deploying my GraphQL API via Amplify. I added another function to one of the pipeline resolvers and added it to the appropriate slot. This all works. But now this function has to be assigned to another data source. How can I do that via the configuration files in the console to push the changes via Amplify?

The Authentication section in https://docs.amplify.aws gives examples that end up creating a React app that hosts its own authentication form. Instead of doing that, I want to create an SPA using React that: - Authenticates against Cognito using OIDC - Authenticates using the Cognito hosted UI - Uses the Implicit grant type (preferably with PKCE) Is the above achievable with Amplify? If so, is there a guide or any other documentation?

We have app where user can sign up using phone number which is implemented with Amplify SDK and AWS Cognito. Once user as signed up, we are not allowing user to update their phone number by themselves For Sign Up Flow we are using Amplify(Auth.signUp and Auth.confirmSignUp) In one of the pen test findings, security team has informed that users are able to update phone number from Cognito API(cognito-idp.amazonaws.com-> AWSCognitoIdentityProviderService.UpdateUserAttributes) if they have access token . We have tried 1)By removing phone number as writable attribute from the app client setting in Cognito. but when we did it, User Sign up was failing. 2)By Custom message Lambda trigger on UpdateUserAttributes and send Error response if updating on phone_number, but even there is error response from lambda phone_number is updated and only message is not sent. Is there any way to block/disable updating the phone number attribute from user/API once the sign up as completed?

We have an AppSync API in which one of queries is timing out after 30s. The data source is a lambda which is taking approximately 70s to complete the execution. The execution of lambda is perfectly fine but we are not able to optimize it under 30seconds. Is there a way to configure this timeout to a minute in AppSync from the backend or the amplify(angular) client from front-end ?

Hi there, I want to save data in a User Table via AppSync, after the user has registered. So this should be done in a PostConstruct Lambda. But now I get a Circular Dependency Error when I want to push via amplify cli between the AppSync API, the Cognito Auth Module and the Post Construct Lambda. I guess that this is a common use case, so there must be solution to this problem. Best regards, Alexander