Open nazarcybulskij opened 2 years ago
Hey @nazarcybulskij :wave: thanks for raising this! Can you check the CloudFormation console to see what resource encountered an error during push? Typically when we see this error in our terminal there is another error above it that is outputted from CloudFormation, which will help us gather context as to what failed to create/update.
I see this error
Embedded stack arn:aws:cloudformation:eu-central-1:300520539124:stack/amplify-bugreproduse-dev-135015-authbugreprodusef823e5ec-ABY9GRI7LEL4/4a5be9f0-5366-11ec-addc-0648f60ecf94 was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [HostedUIProvidersCustomResourceInputs].
Hey @nazarcybulskij :wave: I was able to reproduce this issue by stepping through the following reproduction steps:
amplify init -y
amplify pull
amplify add function
), we're wanting to get a resource change locally to pushamplify push -y
UPDATE_FAILED auth9183 AWS::CloudFormation::Stack Fri Dec 03 2021 13:04:47 GMT-0600 (Central Standard Time) Embedded stack arn:aws:cloudformation:us-east-1:814763596509:stack/amplify-9183-dev-123512-auth9183-1OBDCGA0APN5G/9313d5e0-546a-11ec-b4e0-0a3d19c6190b was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [HostedUIProvidersCustomResourceInputs].
and if we look in CloudWatch to see why this Lambda Callout failed we see the following log:
Running amplify auth update
does not fix this issue for me
For me, running amplify auth update
and going through the Update OAuth social providers
process allows the current env
to be pushed, but changing env
and making any modifications to amplify auth
seems to cause this issue.
My current workaround is to update the OAuth settings whenever I encounter this error.
The client_secret
is available in the #current-cloud-backend
folder (amplify/#current-cloud-backend/awscloudformation/build/awscloudformation/build/root-cloudformation-stack.json
) but isn't available anywhere in the backend
folder.
I would have assumed that the client secret would be stored in the same config file as the cliendId
(amplify/backend/auth/[project-name]/cli-inputs.json
), or at least a reference to the location of the client ID in a secret management location.
@nazarcybulskij @josefaidt IdP client_id
and client_secret
should never be in any file that gets checked into source control since those are "sensitive" secrets.
If you are deploying locally by running amplify push
then Amplify CLI should have done a migration of these secrets for you from team-provider-info.json
to ~/.aws/amplify/deployment-secrets.json
https://github.com/aws-amplify/amplify-cli/issues/5942
Or if deploying via Amplify Console then you need to set these values as ENV variables within Amplify Console: https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html#amplify-console-environment-variables See: AMPLIFY_FACEBOOK_CLIENT_ID AMPLIFY_FACEBOOK_CLIENT_SECRET AMPLIFY_GOOGLE_CLIENT_ID AMPLIFY_GOOGLE_CLIENT_SECRET
HI there,
I was going to raise a new issue, but I came across this one, and it's pretty much what my problem is. I can create a new issue, but I'm not sure that's needed.
This project has:
Things have been working with the following workflow:
I've come back to this project after some time (since Nov 2022).
Now, when I get to step 8 (above), the build errors out consistently.
In the build log (Amplify UI), I see:
UPDATE_FAILED authmyappt02605eb4 AWS::CloudFormation::Stack Sat Feb 18 2023 11:30:10 GMT+0000 (Coordinated Universal Time) Embedded stack arn:aws:cloudformation:us-west-2:047459191568:stack/amplify-myapp-staging-155151-authmyapp02605eb4-1PZNM6J4EPPJC/847d8750-9103-11ea-bdb7-06184e4e65e6 was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [HostedUIProvidersCustomResourceInputs].
When I find the log stream in CloudWatch, I can see:
InvalidParameterException: client_id, client_secret and authorize_scopes are all required idp details.
When I last touched this app, in the process of updating Amplify CLI, a ~/.aws/amplify/deployment-secrets.json
file was created, so as to obviate the need to check team-provider-info.json
into the repo, for good reason (thank you!).
I have created environment variables for both AMPLIFY_GOOGLE_CLIENT_ID, AMPLIFY_GOOGLE_CLIENT_SECRET in the Amplify UI, as the team-provider-info.json
file is not long in the repo. I'm not using other providers, except SignInWithApple
, which never worked the same as Google (not sure that's changed, if so that could be the problem).
What's interesting is that amplify push
does work; however, commiting the side-effects of that procedure and pushing those to the repo still results in the same error in the Amplify UI.
So the current status is that I cannot deploy with continuous integration as the backend fails.
From what I gather, looking at that CloudWatch error, assuming the env vars are working, is that I'm missing authorize_scopes
, but that's really just a guess, based on what I've got to work with.
Any advice toward helping me resolve this would be most appreciated.
Thanks 🌮 !
Hi @josefaidt,
For clarity. As mentioned, here, this issue doesn't happen when doing an amplify push
via the CLI.
It only happens, for me and @ivan-georgiev-zetta at least, when the build kicks off in the Amplify Console (UI) after doing a git push
to a connected repository.
Hi @josefaidt,
Per your advice, I performed an amplify update auth
, following the Oath changes path and re-entering the required data for Google and Apple.
Aside from issues that aren't relevant to this thread, this worked and got me to the point where CI builds stopped failing.
Thanks for your guidance on that.
One thing that is relevant is an issue that I've raised in another ticket, here.
Before opening, please confirm:
How did you install the Amplify CLI?
curl
If applicable, what version of Node.js are you using?
v17.0.1
Amplify CLI Version
7.5.6
What operating system are you using?
Mac os Big sur
Amplify Categories
auth, function, api, notifications
Amplify Commands
push
Describe the bug
Amplify-CLI can not add modules (analytics, function and etc.) We get an error message -- 🛑 An error occurred during the push operation: Resource is not in the state stackUpdateComplete after "amplify push"
Expected behavior
Command "amplify push" should work or maybe we made mistake in setup for aws project We need help
Reproduction steps
Create project -- "amplify init" Add Auth module -- "amplify add auth" add login mechanism Google from AdminUI turn on Enable access to unauthenticated identities add a new Date model from admin UI
GraphQL schema(s)
No response
Log output
Additional information
We think.
maybe, we have a conflict between different authorization modes (Api key mode and Cognito user pool mode)