Auth deployments failing via `amplify push auth` but succeeding via `amplify push`

[johnpc]

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v14.19.1

Amplify CLI Version

11.0.3

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Describe the bug

After pulling my amplify app and updating auth, when I run amplify push auth I get a failure from CloudFormation:

➜  authtestadd2 amplify push auth --yes         --allow-destructive-graphql-schema-updates --no-codegen

    Current Environment: dev

┌──────────┬─────────────────────┬───────────┬───────────────────┐
│ Category │ Resource name       │ Operation │ Provider plugin   │
├──────────┼─────────────────────┼───────────┼───────────────────┤
│ Auth     │ statictestf52492a5d │ Create    │ awscloudformation │
└──────────┴─────────────────────┴───────────┴───────────────────┘

Deployment failed.
Deploying root stack authtestadd [ ---------------------------------------
    amplify-authtestadd-dev-123335 AWS::CloudFormation::Stack     UPDATE_ROLL
    apistatictestf52492a5d         AWS::CloudFormation::Stack     UPDATE_FAIL
    authstatictestf52492a5d        AWS::CloudFormation::Stack     CREATE_FAIL
Deploying auth statictestf52492a5d [ ====---------------------------------
    SNSRole                        AWS::IAM::Role                 CREATE_COMP

🛑 The following resources failed to deploy:
Resource Name: apistatictestf52492a5d (AWS::CloudFormation::Stack)
Event Type: update
Reason: Parameters: [authRoleName, unauthRoleName] must have values
URL: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/arn%3Aaws%3Acloudformation%3Aus-west-2%3A520476783531%3Astack%2Famplify-authtestadd-dev-123335%2F4ae9ee30-cd86-11ed-9dbc-02213f25e761/events

🛑 Resource is not in the state stackUpdateComplete
Name: apistatictestf52492a5d (AWS::CloudFormation::Stack), Event Type: update, Reason: Parameters: [authRoleName, unauthRoleName] must have values

Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier: c252e3ad-e7a5-42ed-bc49-486e6ac20903

Expected behavior

I expect the deployment to succeed using amplify push auth after a fresh amplify pull

Reproduction steps

1. In folder A:

amplify init --yes
cat api.json | jq -c | amplify add api --headless
amplify push api --yes   --allow-destructive-graphql-schema-updates --no-codegen

2. In folder B:

amplify pull --appId [your app id] --envName dev --yes
cat auth.json | jq -c | amplify add auth --headless
amplify push auth --yes  --allow-destructive-graphql-schema-updates --no-codegen
## ERROR! Parameters: [authRoleName, unauthRoleName] must have values

Notes:

• If you run amplify add auth and amplify push auth commands in folder A (where the init and add api happened), the auth deployment is successful
• If you run amplify push instead of amplify push auth in folder B, the deployment is successful

api.json contents:

{"version":1,"serviceConfiguration":{"serviceName":"AppSync","apiName":"statictestf52492a5d","transformSchema":"type Author @model @auth(rules: [{allow: public}]) {\n  id: ID!\n  name: String\n}\n\ntype Tag @model @auth(rules: [{allow: public}]) {\n  id: ID!\n  text: String\n  comments: [Comment] @manyToMany(relationName: \"CommentTag\")\n}\n\ntype Comment @model @auth(rules: [{allow: public}]) {\n  id: ID!\n  text: String\n  blogID: ID! @index(name: \"byBlog\")\n  Tags: [Tag] @manyToMany(relationName: \"CommentTag\")\n}\n\ntype Blog @model @auth(rules: [{allow: public}]) {\n  id: ID!\n  title: String\n  Comments: [Comment] @hasMany(indexName: \"byBlog\", fields: [\"id\"])\n  Author: Author @hasOne\n}\n","defaultAuthType":{"mode":"API_KEY","keyDescription":"api key description","expirationTime":30},"additionalAuthTypes":[{"mode":"AWS_IAM"}],"conflictResolution":{"defaultResolutionStrategy":{"type":"AUTOMERGE"}}}}

auth.json contents:

{"version":2,"resourceName":"statictestf52492a5d","serviceConfiguration":{"serviceName":"Cognito","includeIdentityPool":true,"identityPoolConfiguration":{"identityPoolName":"integtestIdentityPool","unauthenticatedLogin":false},"userPoolConfiguration":{"userPoolName":"integtest","signinMethod":"EMAIL","requiredSignupAttributes":["EMAIL"],"userPoolGroups":[],"mfa":{"mode":"OFF"},"passwordPolicy":{"minimumLength":8,"additionalConstraints":["REQUIRE_LOWERCASE","REQUIRE_DIGIT","REQUIRE_SYMBOL","REQUIRE_UPPERCASE"]},"autoVerifiedAttributes":[{"type":"PHONE_NUMBER","verificationMessage":"Verification code: {####}"}]}}}

Project Identifier

Project Identifier: e9da6d45a5c4a520f270411850dae76e

Log output

``` # Put your logs below this line ```

Additional information

No response

Before submitting, please confirm:

• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• [X] I have removed any sensitive information from my code snippets and submission.

[josefaidt]

related https://github.com/aws-amplify/amplify-cli/issues/9484

[ykethan]

was able to reproduce the issue, marking as bug.

[CodySwannGT]

FYI - get the same thing if I try to export amplify to cdk. cdk deploy tosses the same error. Amplify version 11.1.0