Unable to deploy new environment with a CDK override modifying a slotted resolver's datasource

[jerocosio]

How did you install the Amplify CLI?

yarn

If applicable, what version of Node.js are you using?

v18.13.0

Amplify CLI Version

10.7.2

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

Added some HTML templates for sending out messages/verifications through Cognit, and also on Cognito I defined a couple of Cognito triggers.

Describe the bug

I'm trying to remove and re-create my Cognito 'add' by removing it and adding it again on my Amplify project as I want to add some fields and make 2FA optional.

What I want to do is create a test environment to make this changes and test that it works, but whenever I'm trying to create a new environment and then push it to the cloud I'm gettin this error without any other data:

🛑 The following resources failed to deploy:
🛑 Resource is not in the state stackUpdateComplete

Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier: a0dd76bb-4b4e-42e0-af8c-e79c6a246d15

On the terminal there's a ton of text, but I can see this deployment failures:

.
.
myApi                AWS::CloudFormation::Stack     CREATE_FAILED                  Tue Feb 14 2023
User                           AWS::CloudFormation::Stack     CREATE_FAILED                  Tue Feb 14
.
.

I can see that the environment gets created with no issues, but when I try to push it there, that's where I see all these issues. I've also tried doing the cloning of the project using the web UI in the console, but it has the same effect, the environment gets created, but when it tries to start creating the resources the deployment fails.

Expected behavior

To be able to create a new environment to test out new features or changes.

Reproduction steps

1. Create a new environment using: amplify env add qa
2. Trying to push to the cloud with: amplify push

Project Identifier

No response

Log output

``` Deploying root stack appname [ ====================-------------------- ] 8/16 amplify-appname-qa-142556 AWS::CloudFormation::Stack UPDATE_ROLLBACK_COMPLETE Tue Feb 14 2023 14:40:17… functionpreAuthenticationAppName AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:37:48… functionappsyncOperations AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:37:37… functionsendAnexNineEmail AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:37:48… functionsendUnusualActivityMa… AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:37:48… authappnameAuth AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:40:17… apiappnameApi AWS::CloudFormation::Stack CREATE_FAILED Tue Feb 14 2023 14:36:51… authuserPoolGroups AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:37:59… storageappnameStorage AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:37:37… Deploying api apiHookMati [ ---------------------------------------- ] 0/5 Deploying api appnameApi [ =========================--------------- ] 10/16 GraphQLAPI AWS::AppSync::GraphQLApi DELETE_IN_PROGRESS Tue Feb 14 2023 14:39:22… GraphQLAPITransformerSchema3C… AWS::AppSync::GraphQLSchema DELETE_COMPLETE Tue Feb 14 2023 14:39:20… GraphQLAPIDefaultApiKey215A6D… AWS::AppSync::ApiKey DELETE_COMPLETE Tue Feb 14 2023 14:37:30… GraphQLAPINONEDS95A13CF0 AWS::AppSync::DataSource DELETE_COMPLETE Tue Feb 14 2023 14:39:21… FunctionDirectiveStack AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:37:50… Company AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:39:18… User AWS::CloudFormation::Stack CREATE_FAILED Tue Feb 14 2023 14:36:15… Category AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:38:30… FinancialStatements AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:38:16… ProjectUpdate AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:38:16… Project AWS::CloudFormation::Stack DELETE_COMPLETE Tue Feb 14 2023 14:38:16… 🛑 The following resources failed to deploy: 🛑 Resource is not in the state stackUpdateComplete Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/ Session Identifier: a0dd76bb-4b4e-42e0-af8c-e79c6a246d15 ```

Additional information

No response

Before submitting, please confirm:

• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• [X] I have removed any sensitive information from my code snippets and submission.

[josefaidt]

Hey @jerocosio :wave: thanks for raising this! While we begin to look at this issue in more depth can you describe the CloudFormation errors you're seeing? If you visit the AWS CloudFormation console and navigate to the "Events" tab, do you see any additional information in the stack events that shed some insight?

[jerocosio]

Hey @josefaidt thank you for taking a look at this. I didn't knew about that console, but it looks like this is the error that started:

apiappAPI	CREATE_FAILED	Embedded stack arn:aws:cloudformation:us-east-2:060252099651:stack/amplify-appAPI-qa-142556-apiappAPI-145RB624HJ56I/bf1052a0-aca6-11ed-b9bb-02a4b2d59540 was not successfully created: The following resource(s) failed to create: [User].

Is there anyway to learn more about why this was not created succesfully?

[josefaidt]

Hey @jerocosio thanks for clarifying and for posting those details! Yes, you are able to drill into the API's nested stack and view the events for that User model. Would you also mind sharing a snippet of the User model and its relationships, indexes, etc.?

[luisreyes]

Same/similar error and can't deploy after updating to 10.7.2

🛑 The following resources failed to deploy:
Resource Name: authlivapp (AWS::CloudFormation::Stack)
Event Type: update
Reason: Parameters: [allowUnauthenticatedIdentities, identityPoolName] must have values

🛑 Resource is not in the state stackUpdateComplete
Name: authlivapp (AWS::CloudFormation::Stack), Event Type: update, Reason: Parameters: [allowUnauthenticatedIdentities, identityPoolName] must have values

I have no local pending changes and there are no changes to pull.

[jerocosio]

Hey @josefaidt here's the user model and others that are part of the relations, I deleted a lot of the 'normal' fields as well as auth rules and try to only leave the relationships/indexes:

type User
  @model
  @auth(
    rules: [ ...]
  ) {
  id: ID!
  email: AWSEmail!
    @auth(
      rules: [ ...]
    )
    @index(name: "usersByEmail", queryField: "usersByEmail")
  owner: String!
    @auth(
      rules: [ ...]
    )
    @index(name: "userByOwner", queryField: "userByOwner")
}

I'm also getting permission to a couple of functions both to the table and to the model for GraphQL and using this code to add access to the User table on some custom VLT functions I have:

import { AmplifyApiGraphQlResourceStackTemplate } from "@aws-amplify/cli-extensibility-helper";

//This function is so that the generated AppSync resolvers have access to the correct table

export function override(resources: AmplifyApiGraphQlResourceStackTemplate) {
  resources.models["User"].appsyncFunctions[
    "MutationupdateUserpostAuth1FunctionMutationupdateUserpostAuth1Function.AppSyncFunction"
  ].dataSourceName = "UserTable";
}

[josefaidt]

Hey @luisreyes while the error is similar it appears the root cause for your issue is different. Would you mind filing a separate bug report for this occurrence?

@jerocosio thanks for sending that over! I suspect the override may be the culprit here but I will attempt to reproduce this and narrow it down 🙂

[josefaidt]

Hey @jerocosio I was able to reproduce this using the following steps:

1. amplify init -y
2. amplify add api > GraphQL
3. add API Key, Cognito auth
4. use the following schema

   type Todo
     @model
     @auth(rules: [{ allow: public, operations: [read] }, { allow: owner }]) {
     id: ID!
     name: String!
     description: String
   }

5. amplify override api > copy/paste the following override

   import { AmplifyApiGraphQlResourceStackTemplate } from '@aws-amplify/cli-extensibility-helper'
   
   export function override(resources: AmplifyApiGraphQlResourceStackTemplate) {
     resources.models['Todo'].appsyncFunctions[
       'MutationupdateTodoauth1FunctionMutationupdateTodoauth1Function.AppSyncFunction'
     ].dataSourceName = 'TodoTable'
   }

6. amplify push -y
7. observe successful
8. amplify add env qa
9. amplify push -y
10. observe error

As a workaround we can comment out the override code, run amplify push -y, then uncomment and re-push.

It's important to note I was not able to reproduce then when attempting to override the datasource for the generated auth0 resolver, but if I add another resolver Mutation.updateTodo.auth.2.req.vtl and apply the override I am able to reproduce this consistently. Marking as a bug 🙂

[jerocosio]

Hey @josefaidt, thank you so much for looking into this, I followed the workaround and it worked great. I think it would be even better if there was an easier way to add specific resources or Tables into a resolver, as you can see right now the process sin't really straight forward and it's hard to get the right appsync function name.

I also edited my models to remove information, but just left enough in case someone's having the same issue and googling it.

[ayush987goyal]

Facing the same issue where we have added a CDK override to create an API gateway WAF and hence a dependency on REST API like so

// Access other Amplify Resources
    const dependencies: AmplifyDependentResourcesAttributes =
      AmplifyHelpers.addResourceDependency(
        this,
        amplifyResourceProps.category,
        amplifyResourceProps.resourceName,
        [{ category: 'api', resourceName: MyApi' }]
      );
    const apiId = cdk.Fn.ref(dependencies.api.MyApi.ApiId);

But it fails with an error where it cannot find the apiId ref.