referenceAuth overrides Auth and unAuth storage access policy

[ykethan]

Environment information

npx ampx info
System:
  OS: macOS 14.7.1
  CPU: (8) arm64 Apple M1
  Memory: 171.45 MB / 16.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 20.2.0 - ~/.nvm/versions/node/v20.2.0/bin/node
  Yarn: 1.22.21 - ~/.nvm/versions/node/v20.2.0/bin/yarn
  npm: 9.6.6 - ~/.nvm/versions/node/v20.2.0/bin/npm
  pnpm: 9.13.2 - ~/.nvm/versions/node/v20.2.0/bin/pnpm
NPM Packages:
  @aws-amplify/auth-construct: 1.5.0
  @aws-amplify/backend: 1.8.0
  @aws-amplify/backend-auth: 1.4.1
  @aws-amplify/backend-cli: 1.4.2
  @aws-amplify/backend-data: 1.2.1
  @aws-amplify/backend-deployer: 1.1.9
  @aws-amplify/backend-function: 1.8.0
  @aws-amplify/backend-output-schemas: 1.4.0
  @aws-amplify/backend-output-storage: 1.1.3
  @aws-amplify/backend-secret: 1.1.5
  @aws-amplify/backend-storage: 1.2.3
  @aws-amplify/cli-core: 1.2.0
  @aws-amplify/client-config: 1.5.2
  @aws-amplify/deployed-backend-client: 1.4.2
  @aws-amplify/form-generator: 1.0.3
  @aws-amplify/model-generator: 1.0.9
  @aws-amplify/platform-core: 1.2.1
  @aws-amplify/plugin-types: 1.5.0
  @aws-amplify/sandbox: 1.2.6
  @aws-amplify/schema-generator: 1.2.5
  aws-amplify: 6.8.2
  aws-cdk: 2.168.0
  aws-cdk-lib: 2.168.0
  typescript: 5.6.3
No AWS environment variables
No CDK environment variables

Describe the bug

https://discord.com/channels/705853757799399426/1308582280293515324/1308582280293515324

When using referenceAuth to reference an user pool created on a different Amplify app(containing auth and storage). Adding storage to the app will override the auth and unauth roles storage access policy

to summarize: app1 -> auth and storage app2 -> reference app1 auth and storage

Reproduction steps

simple repo steps

1. create a sandbox with auth and storage
2. verify the roles
3. use referenceAuth to use the previously created user pool and identity pool
4. add storage
5. switch to different --identifier on sandbox deploy
6. verify the roles and observe the policy was overridden