IAM Role name generated by `amplify export` is over the 64 character limit

[anacunha]

Before opening, please confirm:

• [X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
• [X] I have searched for duplicate or closed issues.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• [X] I have removed any sensitive information from my code snippets and submission.

How did you install the Amplify CLI?

npm install -g @aws-amplify/cli

If applicable, what version of Node.js are you using?

v16.14.2

Amplify CLI Version

10.5.1

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No changes were made.

Amplify Categories

auth, api

Amplify Commands

export

Describe the bug

An exported Amplify app fails deployment with CDK due to IAM role names with more than 64 characters.

1. Create the Amplify app with the Amplify CLI on one AWS account
2. Add Auth
3. Add API (GraphQL) with two data models and Cognito as the authorization type
4. Export the backend using amplify export
5. Deploy the backend using CDK to a different AWS account (using region + accountId as the amplifyEnvironment following the Amplify documentation for cross-account deployments)

CloudFormation stack fails due to the following errors:

1 validation error detected: Value 'AmplifyDataStoreIAMRb752cd-47fjl5efbrcl7nqvratjod2dwy-us-west-2558501674497' at 'roleName' failed to satisfy constraint: Member must have length less than or equal to 64 (Service: AmazonIdentityManagement; Status Code: 400; Error Code: ValidationError; Request ID: a7cdeb23-c484-4932-8a24-035f09803c51; Proxy: null)

1 validation error detected: Value 'CardIAMRole189df4-47fjl5efbrcl7nqvratjod2dwy-us-west-2558501674497' at 'roleName' failed to satisfy constraint: Member must have length less than or equal to 64 (Service: AmazonIdentityManagement; Status Code: 400; Error Code: ValidationError; Request ID: e789091f-c5ef-4b26-a138-0f711b7b458c; Proxy: null)

Expected behavior

Expected the exported version of the Amplify app backend to be successfully deployed with CDK.

Reproduction steps

Amplify App

1. npx create-react-app@latest flashcards
2. amplify init
3. npm install aws-amplify
4. amplify add auth
   • Default configuration
   • Login mechanism: Username
5. amplify push
6. amplify add api
   • Authorization type: Amazon Cognito User Pool
   • Additional auth types: No
   • Conflict detection: Enabled/Auto Merge
7. Edit amplify/backend/api/flashcards/schema.graphql to reflect schema below
8. amplify push
9. amplify export --out ../<cdk-project>/lib

CDK Project

1. npx cdk@1 init app --language=typescript
2. npm i @aws-amplify/cdk-exported-backend@0.0.5

3. /bin/flashcards-infra-v1.ts file:

   #!/usr/bin/env node
   import 'source-map-support/register';
   import * as cdk from '@aws-cdk/core';
   import { FlashcardsInfraV1Stack } from '../lib/flashcards-infra-v1-stack';
   
   const app = new cdk.App();
   new FlashcardsInfraV1Stack(app, 'FlashcardsInfraV1Stack', {
   env: { account: process.env.CDK_DEFAULT_ACCOUNT, region: process.env.CDK_DEFAULT_REGION },
   });

4. /lib/flashcards-infra-v1-stack.ts file:

   import * as cdk from '@aws-cdk/core';
   import * as path from 'path';
   import { AmplifyExportedBackend } from '@aws-amplify/cdk-exported-backend';
   
   export class FlashcardsInfraV1Stack extends cdk.Stack {
   constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
     super(scope, id, props);
   
     const amplifyBackend = new AmplifyExportedBackend(this, 'AmplifyBackend', {
       amplifyEnvironment: cdk.Stack.of(this).region + cdk.Stack.of(this).account,
       path: path.resolve(__dirname, 'amplify-export-flashcards'),
     });
   }
   }

5. cdk deploy --all

GraphQL schema(s)

```graphql type Card @model @auth(rules: [{ allow: owner }]) { id: ID! front: String! back: String! deckID: ID! @index(name: "byDeck") owner: String @auth(rules: [{ allow: owner, operations: [read, delete] }]) } type Deck @model @auth(rules: [{ allow: owner }]) { id: ID! name: String! cards: [Card!] @hasMany(indexName: "byDeck", fields: ["id"]) owner: String @auth(rules: [{ allow: owner, operations: [read, delete] }]) } ```

Project Identifier

1976cbf2edefcf064c89a92d41898045

Log output

``` # Put your logs below this line ```

Additional information

• Problem persists with any combination of:

  • aws-cdk: version 1.177.0 / @aws-amplify/cdk-exported-backend: version 0.0.5
  • aws-cdk: version 2.51.1 / @aws-amplify/cdk-exported-backend: version 0.0.6

• Changing the AmplifyExportedBackend amplifyEnvironment prop to something shorter (e.g. prod) allows deployment of the Amplify backend to succeed

[josefaidt]

Hey @anacunha :wave: thanks for raising this and apologies for the delay! I will mark this as a feature request for the CDK construct to enforce the same constraints as the CLI

? Enter a name for the environment reallylongenvironmentname
>> Environment name must be between 2 and 10 characters, and lowercase only.

[josefaidt]

Note for fix, use constraints from Amplify CLI here https://github.com/aws-amplify/amplify-cli-export-construct/blob/main/src/export-backend.ts#L50

• if possible, create a type
• throw an error if amplifyEnvironment does not adhere to constraints