search

aws-amplify / amplify-category-api

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development. This plugin provides functionality for the API category, allowing for the creation and management of GraphQL and REST based backends for your amplify project.
https://docs.amplify.aws/
Apache License 2.0
89 stars 76 forks source link

auth deployment in broken state #1519

Closed jmarshall9120 closed 1 year ago

jmarshall9120 commented 1 year ago

Before opening, please confirm:

JavaScript Framework

Vue

Amplify APIs

Authentication, GraphQL API

Amplify Categories

auth

Environment information

``` # Put output below this line System: OS: Windows 10 10.0.22000 CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz Memory: 13.88 GB / 31.74 GB Binaries: Node: 16.17.0 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.4 - C:\Program Files (x86)\Yarn\bin\yarn.CMD npm: 8.15.0 - C:\Program Files\nodejs\npm.CMD Browsers: Chrome: 113.0.5672.127 Edge: Spartan (44.22000.120.0), Chromium (113.0.1774.57) Internet Explorer: 11.0.22000.120 npmPackages: @aws-amplify/ui-vue: ^3.1.16 => 3.1.16 @mdi/font: ^7.2.96 => 7.2.96 @rushstack/eslint-patch: ^1.2.0 => 1.2.0 @vitejs/plugin-vue: ^4.2.1 => 4.2.1 @vue/eslint-config-prettier: ^7.1.0 => 7.1.0 aws-amplify: ^5.2.1 => 5.2.1 eslint: ^8.39.0 => 8.40.0 eslint-plugin-vue: ^9.11.0 => 9.11.0 pinia: ^2.0.35 => 2.0.35 prettier: ^2.8.8 => 2.8.8 sass: ^1.62.1 => 1.62.1 vite: ^4.3.4 => 4.3.5 vue: ^3.2.47 => 3.2.47 vue-router: ^4.1.6 => 4.1.6 vue3-easy-data-table: ^1.5.42 => 1.5.42 vuetify: ^3.2.5 => 3.2.5 npmGlobalPackages: @aws-amplify/cli: 11.1.1 @vue/cli-service-global: 4.5.17 @vue/cli: 4.5.11 browserify: 17.0.0 gulp-cli: 2.3.0 gulp-exec: 5.0.0 npm-install-all: 1.1.21 pnpm: 7.9.3 sass: 1.32.4 webpack-cli: 4.5.0 ```

Describe the bug

amplify auth is in a broken state, where amplify upgrade auth changes become "un-push-able".

Here is the result of attempting to push an update to auth that adds a user group called 'admin'

PS M:\source\AdnvancedStorageIntranet> amplify update auth
Please note that certain attributes may not be overwritten if you choose to use defaults settings.

You have configured resources that might depend on this Cognito resource.  Updating this Cognito resource could have unintended side effects.

Using service: Cognito, provided by: awscloudformation
 What do you want to do? Create or update Cognito user pool groups
? Provide a name for your user pool group: admin
? Do you want to add another User Pool Group No
√ Sort the user pool groups in order of preference · admin
✅ Successfully updated auth resource adnvancedstorageintr6938ef9f locally

✅ Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

✅ Successfully updated resource update locally

✅ Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

PS M:\source\AdnvancedStorageIntranet> amplify push
/ Fetching updates to backend environment: dev from the cloud.
⚠️  WARNING: your GraphQL API currently allows public create, read, update, and delete access to all models via an API Key. To configure PRODUCTION-READY authorization rules, review: https://docs.amplify.aws/cli/graphql/authoriization-rules

\ Fetching updates to backend environment: dev from the cloud.✅ GraphQL schema compiled successfully.

Edit your schema at M:\source\AdnvancedStorageIntranet\amplify\backend\api\adnvancedstorageintr\schema.graphql or place .graphql files in a directory at M:\source\AdnvancedStorageIntranet\amplify\backend\api\adnvancedstorageintr\schema
√ Successfully pulled backend environment dev from the cloud.

    Current Environment: dev

┌──────────┬──────────────────────────────┬───────────┬───────────────────┐
│ Category │ Resource name                │ Operation │ Provider plugin   │
├──────────┼──────────────────────────────┼───────────┼───────────────────┤
│ Auth     │ userPoolGroups               │ Create    │ awscloudformation │
├──────────┼──────────────────────────────┼───────────┼───────────────────┤
│ Auth     │ adnvancedstorageintr6938ef9f │ Update    │ awscloudformation │
├──────────┼──────────────────────────────┼───────────┼───────────────────┤
│ Api      │ adnvancedstorageintr         │ No Change │ awscloudformation │
└──────────┴──────────────────────────────┴───────────┴───────────────────┘
√ Are you sure you want to continue? (Y/n) · yes

Deployment failed.
Deploying root stack AdnvancedStorageIntr [ ==========------------------------------ ] 1/4
        apiadnvancedstorageintr        AWS::CloudFormation::Stack     UPDATE_FAILED                  Sat May 27 2023 10:42:39…
        authadnvancedstorageintr6938e… AWS::CloudFormation::Stack     UPDATE_COMPLETE                Sat May 27 2023 10:42:43…
        authuserPoolGroups             AWS::CloudFormation::Stack     CREATE_FAILED                  Sat May 27 2023 10:42:39…
        amplify-adnvancedstorageintr-… AWS::CloudFormation::Stack     UPDATE_ROLLBACK_COMPLETE_CLEA… Sat May 27 2023 10:42:56…
Deployed auth adnvancedstorageintr6938ef9f [ ======================================== ] 10/10
Deploying auth userPoolGroups [ ====================-------------------- ] 3/6
        LambdaExecutionRole            AWS::IAM::Role                 CREATE_COMPLETE                Sat May 27 2023 10:42:52…
        adminGroupRole                 AWS::IAM::Role                 DELETE_COMPLETE                Sat May 27 2023 10:43:04…
        adminGroup                     AWS::Cognito::UserPoolGroup    DELETE_COMPLETE                Sat May 27 2023 10:43:02…
        RoleMapFunction                AWS::Lambda::Function          CREATE_FAILED                  Sat May 27 2023 10:42:58…

🛑 The following resources failed to deploy:
Resource Name: GraphQLAPITransformerSchema3CB2AE18 (AWS::AppSync::GraphQLSchema)
Event Type: update
Reason: The specified key does not exist. (Service: Amazon S3; Status Code: 404; Error Code: NoSuchKey; Request ID: 70C7YZ8A2FRAB3WS; S3 Extended Request ID: HexInCJJf+zbIt8zBSBFqJyHpmYrRhAxGQuzW71o35YUZmUWuzTDiApst6+fBZajHnMqBatOPIUK2vWh2S6Q9g==; Proxy: null)
URL: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/arn%3Aaws%3Acloudformation%3Aus-west-2%3A004321586807%3Astack%2Famplify-adnvancedstorageintr-dev-143209-apiadnvancedstorageintr-132NMDGALHET%2F823ca410-f4df-11ed-9aa7-06cc7ea40649/events

🛑 Resource is not in the state stackUpdateComplete
Name: GraphQLAPITransformerSchema3CB2AE18 (AWS::AppSync::GraphQLSchema), Event Type: update, Reason: The specified key does not exist. (Service: Amazon S3; Status Code: 404; Error Code: NoSuchKey; Request ID: 70C7YZ8A2FRAB3WS; S3 Extended Request ID: HexInCJJf+zbIt8zBSBFqJyHpmYrRhAxGQuzW71o35YUZmUWuzTDiApst6+fBZajHnMqBatOPIUK2vWh2S6Q9g==; Proxy: null), IsCustomResource: false

Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier: c47ff984-f141-4588-8471-b30fe0d7fb5a

✅ Report saved: C:\Users\JMARSH~1\AppData\Local\Temp\AdnvancedStorageIntr\report-1685209412152.zip

√ Done

Project Identifier: ad2dd1b08e804490a296f3694b56f322

Here's the report. I leafed through it, it looks safe to post. report-1685209412152.zip

Expected behavior

Should deploy changes successfully

Reproduction steps

Too many numerous changes to reproduce.
1). The app/stack was not yet in production, so I simply rebuilt the stack and it works fine. 2). I'm just hoping that by reporting the broken state it may be of interest to the amplify team and the included information above will be enough to identify the issue. 3). If this is not enough to interest the team, just close the ticket. Once the ticket is closed I'll blow away the stack

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

aws-exports.js

/* eslint-disable */
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.

const awsmobile = {
    "aws_project_region": "us-west-2",
    "aws_cognito_identity_pool_id": "us-west-2:85c6818a-7cf1-4813-8941-889f8d58ac00",
    "aws_cognito_region": "us-west-2",
    "aws_user_pools_id": "us-west-2_7wmxtOk31",
    "aws_user_pools_web_client_id": "24g3iknsu0p538gi7lfp0qlcg9",
    "oauth": {},
    "aws_cognito_username_attributes": [
        "EMAIL"
    ],
    "aws_cognito_social_providers": [],
    "aws_cognito_signup_attributes": [
        "EMAIL"
    ],
    "aws_cognito_mfa_configuration": "OFF",
    "aws_cognito_mfa_types": [
        "SMS"
    ],
    "aws_cognito_password_protection_settings": {
        "passwordPolicyMinLength": 8,
        "passwordPolicyCharacters": []
    },
    "aws_cognito_verification_mechanisms": [
        "EMAIL"
    ],
    "aws_appsync_graphqlEndpoint": "https://k4vujs6zpneoxg3vxelfxipeie.appsync-api.us-west-2.amazonaws.com/graphql",
    "aws_appsync_region": "us-west-2",
    "aws_appsync_authenticationType": "API_KEY",
    "aws_appsync_apiKey": "XXXXXXXXXXXXXXXXXXXXXXXXX"
};

export default awsmobile;

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response

ykethan commented 1 year ago

hey @jmarshall9120, 👋 thanks for raising this! I'm going to transfer this over to our API repo for better assistance 🙂

dpilch commented 1 year ago

@jmarshall9120 thank you for the report. Since this is not easily reproducible and others have not run into this issue, we will probably not be able to investigate anytime soon.

I'll leave the issue open in case others run into the same issue. Feel free to destroy the stack.

AnilMaktala commented 1 year ago

Hey @jmarshall9120,This issue is a duplicate of an active bug #1519. Kindly subscribe to #1519 to receive future updates regarding this matter.