Closed bcoates closed 2 weeks ago
Hello, @bcoates 👋. I believe this might be fixed in the latest version of @aws-amplify/backend
after this fix was merged in. Can you see if upgrading resolves the issue for you?
I'll also transfer this issue to our amplify-backend
repo for further assistance (if upgrading doesn't resolve this).
Hey @bcoates :wave: thanks for raising this! The issue you are experiencing is due to how addPropertyOverride
works and how it applies changes compared to mutating the initialized constructs directly. Can you try to modify the policies instead?
https://docs.amplify.aws/react/build-a-backend/auth/modify-resources-with-cdk/#override-cognito-userpool-password-policies
Hi @josefaidt,
If I do this:
const { cfnUserPool } = backend.auth.resources.cfnResources;
// modify cfnUserPool policies directly
cfnUserPool.policies = {
passwordPolicy: {
minimumLength: 6,
requireLowercase: false,
requireNumbers: true,
requireSymbols: true,
requireUppercase: true,
},
};
it works under npx ampx sandbox
locally, but it produces this in the amplify_outputs.json
:
"password_policy": {
"min_length": 6,
"require_numbers": true,
"require_uppercase": true,
"require_symbols": true
},
the false "requireLowercase" causes it to be omitted entirely. This causes an error on deployment outside the sandbox:
2024-08-20T20:54:31.823Z [INFO]: # Completed phase: build
## Completed Backend Build
2024-08-20T20:54:31.828Z [INFO]: ## Starting Frontend Build
# Starting phase: build
# Executing command: npm run build
2024-08-20T20:54:32.116Z [INFO]: > amplify-vite-react-template@0.0.0 build
> tsc && vite build
2024-08-20T20:54:37.473Z [INFO]: src/main.tsx(8,19): error TS2345: Argument of type '{ auth: { user_pool_id: string; aws_region: string; user_pool_client_id: string; identity_pool_id: string; mfa_methods: never[]; standard_required_attributes: string[]; username_attributes: string[]; user_verification_types: string[]; mfa_configuration: string; password_policy: { ...; }; unauthenticated_identities_e...' is not assignable to parameter of type 'ResourcesConfig | LegacyConfig | AmplifyOutputs'.
Type '{ auth: { user_pool_id: string; aws_region: string; user_pool_client_id: string; identity_pool_id: string; mfa_methods: never[]; standard_required_attributes: string[]; username_attributes: string[]; user_verification_types: string[]; mfa_configuration: string; password_policy: { ...; }; unauthenticated_identities_e...' is not assignable to type 'AmplifyOutputs'.
The types of 'auth.password_policy' are incompatible between these types.
Property 'require_lowercase' is missing in type '{ min_length: number; require_numbers: boolean; require_uppercase: boolean; require_symbols: boolean; }' but required in type '{ min_length: number; require_numbers: boolean; require_lowercase: boolean; require_uppercase: boolean; require_symbols: boolean; }'.
2024-08-20T20:54:37.574Z [ERROR]: !!! Build failed
2024-08-20T20:54:37.575Z [ERROR]: !!! Error: Command failed with exit code 2
Hey @bcoates, tried reproducing this but did not observe this behavior
backend.ts
const { cfnUserPool } = backend.auth.resources.cfnResources;
cfnUserPool.policies = {
passwordPolicy: {
minimumLength: 6,
requireLowercase: false,
requireNumbers: true,
requireSymbols: true,
requireUppercase: true,
},
};
amplify_outputs.json
"password_policy": {
"min_length": 6,
"require_lowercase": false,
"require_numbers": true,
"require_symbols": true,
"require_uppercase": true
},
additionally, tried some additional modification and observed the changes were reflected on the outputs
Could you try upgrading the backend packages to the latest? as i tried reproducing this on the latest versions
"@aws-amplify/backend": "^1.1.1",
"@aws-amplify/backend-cli": "^1.2.3",
Hey @ykethan
I Upgraded the quickstart:
"devDependencies": {
- "@aws-amplify/backend": "^1.0.4",
- "@aws-amplify/backend-cli": "^1.1.1",
+ "@aws-amplify/backend": "^1.1.1",
+ "@aws-amplify/backend-cli": "^1.2.3",
when I run locally with ampx sandbox
I get the same results you do. However when I push to the AWS hosted Amplify it results in an amplity_outputs.json
that still has false values as missing -- however the deployment doesn't fail and works as expcted (with missing treated as false). Not sure how versioning on the package.json interacts with the AWS hosted version but it does seem to be working both ways with the updated version
Hi @bcoates, thanks for reporting it! We are upgrading the @aws-amplify
packages to latest for the quickstart guide via this PR: https://github.com/aws-samples/amplify-vite-react-template/pull/13.
Hey @bcoates, this behavior on amplify_outputs.json
is currently being tracked on https://github.com/aws-amplify/amplify-backend/issues/1914.
Closing this issue, do reach out of if you are still experiencing any issues.
Before opening, please confirm:
JavaScript Framework
React
Amplify APIs
Authentication
Amplify Version
v6
Amplify Categories
auth
Backend
Amplify CLI
Environment information
Describe the bug
Starting from the tutorial at https://docs.amplify.aws/react/start/quickstart/ Following the directions at https://docs.amplify.aws/react/build-a-backend/auth/modify-resources-with-cdk/ I override the default password policy:
(backend.ts)
When deployed this correctly configures Cognito with this setting. However, the produced
amplify_outputs.json
still contains the defaults:This confuses the UI components and causes them to still enforce the old rules on the client-side. If there is a way to override this behavior as well, I can't find it in the documentation anywhere.
Expected behavior
I'd expect the amplify_outputs.json to be consistent with the configuration pushed to Cognito.
Reproduction steps
Code Snippet
Log output
aws-exports.js
No response
Manual configuration
No response
Additional configuration
No response
Mobile Device
No response
Mobile Operating System
No response
Mobile Browser
No response
Mobile Browser Version
No response
Additional information and screenshots
No response