search

aws-amplify / amplify-backend

Home to all tools related to Amplify's code-first DX (Gen 2) for building fullstack apps on AWS
Apache License 2.0
166 stars 55 forks source link

The role with name undefined cannot be found when using existing Cognito and existing data source. #1670

Closed marcomilon closed 1 month ago

marcomilon commented 3 months ago

Environment information

System:
  OS: macOS 14.5
  CPU: (16) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
  Memory: 44.37 MB / 16.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 20.13.1 - /usr/local/bin/node
  Yarn: 1.22.19 - /usr/local/bin/yarn
  npm: 10.5.2 - /usr/local/bin/npm
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/backend: 1.0.3
  @aws-amplify/backend-cli: 1.0.4
  aws-amplify: Not Found
  aws-cdk: Not Found
  aws-cdk-lib: Not Found
  typescript: 5.4.5
AWS environment variables:
  AWS_STS_REGIONAL_ENDPOINTS = regional
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables

Description

How to reproduce

  1. Manually install AWS Amplify following this instructions https://docs.amplify.aws/react/start/manual-installation/
  2. Connect to existing AWS cognito following this instructions https://docs.amplify.aws/react/build-a-backend/auth/use-existing-cognito-resources/#use-auth-resources-with-an-amplify-backend
  3. Connect to an existing Mysql Database inside RDS following this instructions https://docs.amplify.aws/react/build-a-backend/data/connect-to-existing-data-sources/connect-postgres-mysql-database/
  4. run npx ampx sandbox

The Sandbox failed to build with this error. See Your CloudFormation for details.

data/amplifyData/AuthRolePolicy01 (amplifyDataAuthRolePolicy01567A5654) Resource handler returned message: "The role with name undefined cannot be found. (Service: Iam, Status Code: 404, Request ID: xxxx" (RequestToken: xxxxxxx, HandlerErrorCode: NotFound)

and

data/amplifyData/UnauthRolePolicy01 (amplifyDataUnauthRolePolicy01355B9DCF) Resource handler returned message: "The role with name undefined cannot be found. (Service: Iam, Status Code: 404, Request ID: xxx)" (RequestToken:xxxx, HandlerErrorCode: NotFound)

and more...

Expected result Sandbox builds successfully and uses existing datasource and existing Cognito.

Note If a define a new Cognito resource with defineAuth( inside amplify/auth/resources.ts everything works as expected.

marcomilon commented 3 months ago

Update

If i use a custom authorization rule with a Lambda function. see https://docs.amplify.aws/react/build-a-backend/data/customize-authz/custom-data-access-patterns/

Everything works as expected.

ykethan commented 3 months ago

Hey @marcomilon, thank you for reaching out. Connecting an existing auth resource to the backend is currently not yet supported and is being tracked on https://github.com/aws-amplify/amplify-backend/issues/1548 RFC(request for comment) But i do think we could add a callout on the documentation on this behavior. Marking this as documentation.

ykethan commented 1 month ago

Closing this as a callout had been adding to the documentation referencing the RFC: https://docs.amplify.aws/react/build-a-backend/auth/use-existing-cognito-resources/#use-auth-resources-with-an-amplify-backend