Rotate GraphQL API Key with a command

[SaileshKumar]

Before opening, please confirm:

• [X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
• [X] I have searched for duplicate or closed issues.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• [X] I have removed any sensitive information from my code snippets and submission.

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v14.18.1

Amplify CLI Version

8.0.3

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Amplify Categories

api

Amplify Commands

push

Describe the bug

I have many lambdas that have API as a dependency. Thus when I try to upgrade an API key, I can't just use the CreateAPIKey functionality in parameters.json. When I do I get tons of:

"Output 'GraphQLAPIKeyOutput' not found in stack"

in the output.

What seems to work, is manually removing the references to GraphQLAPIKeyOutput in the backend-config.json, and then pushing with CreateAPIKey 0. After that, revert the changes and push again.

There seems to be also a similar issue for lambdas with dynamodb triggers, I think I have to remove some references there as well from the cloudformation tempaltes.

Expected behavior

Should be able to use CreateAPIKey to manually update the api key.

Reproduction steps

Haven't tried in empty directory, but basically:

1) Have expired API key 2) Have lambdas with API dependency 3) Try to push with CreateAPIKey 0, see failure because APIKeyOutput doesn't exist

GraphQL schema(s)

```graphql # Put schemas below this line ```

Log output

``` # Put your logs below this line ```

Additional information

No response

[josefaidt]

Hey @SaileshKumar :wave: thanks for raising this and apologies for the delay here!! This CreateAPIKey parameter behavior has since been fixed with https://github.com/aws-amplify/amplify-category-api/issues/80, are you still experiencing this issue on the latest version of the CLI (8.5.1)?

[SaileshKumar]

I'll look to test it next time I have this issue, to be honest we started just using aws cli and bypassing amplify:

aws appsync update-api-key

[josefaidt]

Hey @SaileshKumar glad to hear you've found a suitable workaround for the time being! I was able to successfully reproduce this behavior using the provided steps. Marking as a bug 🙂

[josefaidt]

Transferring to amplify-category-api to address rotating API keys without two pushes (CreateAPIKey 0, push, CreateAPIKey 1, push) to mitigate effect where the API Key CFN output is not available for dependent resources (i.e. Lambda's)

[fly1030]

Hey I'm seeing the same error after I updated my API key expired and trying the same procedures as mentioned in the repro steps. I did also try to manually edit backend-config.json and *-cloudformation-template.json by removing the api dependencies, but I still can't work it around. @josefaidt do you have any other suggestions that might help? Been stuck on this for quite some time

[josefaidt]

Hey @fly1030 :wave: can you try the command noted in this comment to see if that mitigates the issue? https://github.com/aws-amplify/amplify-category-api/issues/598#issuecomment-1167738761

[fly1030]

@josefaidt thanks I did ran aws appsync update-api-key, it works fine, I get output { "apiKey": { "id": "da2-r5x24c5eybas5afd6cfo3ucovy", "expires": 1687381200, "deletes": 1692565200 } }

But when I run amplify push after this I'm still getting error because the old API key is missing UPDATE_FAILED GraphQLAPIDefaultApiKey215A6DD7 AWS::AppSync::ApiKey Tue Jul 12 2022 10:29:02 GMT-0700 (Pacific Daylight Time) API key not found: da2-co5n3qihhneebkye42metbz55i (Service: AWSAppSync; Status Code: 404; Error Code: NotFoundException; Request ID: 6e0f62dd-d7fd-46a3-8c5f-aea66066eff8; Proxy: null)

[fly1030]

And if I add CreateAPIKey: 0, I'm still getting the same error too, UPDATE_FAILED functionalphalioDataLoader AWS::CloudFormation::Stack Tue Jul 12 2022 10:43:05 GMT-0700 (Pacific Daylight Time) Output 'GraphQLAPIKeyOutput' not found in stack 'arn:aws:cloudformation:us-west-1:066664793077:stack/amplify-alphalious-dev-223536-apialphalious-A6NMYSS5SFDY/aa49c630-8650-11ec-a32c-02d90265b25f'

[josefaidt]

Hey @fly1030 :wave: let's continue this conversation on #636 to keep the workarounds relevant to the original issue (and I think you've captured a lot of great details in your description for the immediate issue)

[phani-srikar]

Please follow this comment for a work-around https://github.com/aws-amplify/amplify-category-api/issues/636#issuecomment-1425671171, closing this in favor of that issue.