Open nazarcybulskij opened 2 years ago
josefaidt
commented
2 years ago Hey @nazarcybulskij :wave: thanks for raising this! Can you check the CloudFormation console to see what resource encountered an error during push? Typically when we see this error in our terminal there is another error above it that is outputted from CloudFormation, which will help us gather context as to what failed to create/update.
nazarcybulskij
commented
2 years ago I see this error
Embedded stack arn:aws:cloudformation:eu-central-1:300520539124:stack/amplify-bugreproduse-dev-135015-authbugreprodusef823e5ec-ABY9GRI7LEL4/4a5be9f0-5366-11ec-addc-0648f60ecf94 was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [HostedUIProvidersCustomResourceInputs].
josefaidt
commented
2 years ago Hey @nazarcybulskij :wave: I was able to reproduce this issue by stepping through the following reproduction steps:
amplify init -yamplify pullamplify add function), we're wanting to get a resource change locally to pushamplify push -yUPDATE_FAILED auth9183 AWS::CloudFormation::Stack Fri Dec 03 2021 13:04:47 GMT-0600 (Central Standard Time) Embedded stack arn:aws:cloudformation:us-east-1:814763596509:stack/amplify-9183-dev-123512-auth9183-1OBDCGA0APN5G/9313d5e0-546a-11ec-b4e0-0a3d19c6190b was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [HostedUIProvidersCustomResourceInputs]. and if we look in CloudWatch to see why this Lambda Callout failed we see the following log:
Fyb3roptik
commented
2 years ago Running amplify auth update does not fix this issue for me
benjeater
commented
2 years ago For me, running amplify auth update and going through the Update OAuth social providers process allows the current env to be pushed, but changing env and making any modifications to amplify auth seems to cause this issue.
My current workaround is to update the OAuth settings whenever I encounter this error.
The client_secret is available in the #current-cloud-backend folder (amplify/#current-cloud-backend/awscloudformation/build/awscloudformation/build/root-cloudformation-stack.json) but isn't available anywhere in the backend folder.
I would have assumed that the client secret would be stored in the same config file as the cliendId (amplify/backend/auth/[project-name]/cli-inputs.json), or at least a reference to the location of the client ID in a secret management location.
paulsson
commented
1 year ago @nazarcybulskij @josefaidt IdP client_id and client_secret should never be in any file that gets checked into source control since those are "sensitive" secrets.
If you are deploying locally by running amplify push then Amplify CLI should have done a migration of these secrets for you from team-provider-info.json to ~/.aws/amplify/deployment-secrets.json
https://github.com/aws-amplify/amplify-cli/issues/5942
Or if deploying via Amplify Console then you need to set these values as ENV variables within Amplify Console: https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html#amplify-console-environment-variables See: AMPLIFY_FACEBOOK_CLIENT_ID AMPLIFY_FACEBOOK_CLIENT_SECRET AMPLIFY_GOOGLE_CLIENT_ID AMPLIFY_GOOGLE_CLIENT_SECRET
kimfucious
commented
1 year ago HI there,
I was going to raise a new issue, but I came across this one, and it's pretty much what my problem is. I can create a new issue, but I'm not sure that's needed.
This project has:
Things have been working with the following workflow:
I've come back to this project after some time (since Nov 2022).
Now, when I get to step 8 (above), the build errors out consistently.
In the build log (Amplify UI), I see:
UPDATE_FAILED authmyappt02605eb4 AWS::CloudFormation::Stack Sat Feb 18 2023 11:30:10 GMT+0000 (Coordinated Universal Time) Embedded stack arn:aws:cloudformation:us-west-2:047459191568:stack/amplify-myapp-staging-155151-authmyapp02605eb4-1PZNM6J4EPPJC/847d8750-9103-11ea-bdb7-06184e4e65e6 was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [HostedUIProvidersCustomResourceInputs].When I find the log stream in CloudWatch, I can see:
InvalidParameterException: client_id, client_secret and authorize_scopes are all required idp details.When I last touched this app, in the process of updating Amplify CLI, a ~/.aws/amplify/deployment-secrets.json file was created, so as to obviate the need to check team-provider-info.json into the repo, for good reason (thank you!).
I have created environment variables for both AMPLIFY_GOOGLE_CLIENT_ID, AMPLIFY_GOOGLE_CLIENT_SECRET in the Amplify UI, as the team-provider-info.json file is not long in the repo. I'm not using other providers, except SignInWithApple, which never worked the same as Google (not sure that's changed, if so that could be the problem).
What's interesting is that amplify push does work; however, commiting the side-effects of that procedure and pushing those to the repo still results in the same error in the Amplify UI.
So the current status is that I cannot deploy with continuous integration as the backend fails.
From what I gather, looking at that CloudWatch error, assuming the env vars are working, is that I'm missing authorize_scopes, but that's really just a guess, based on what I've got to work with.
Any advice toward helping me resolve this would be most appreciated.
Thanks 🌮 !
kimfucious
commented
1 year ago Hi @josefaidt,
For clarity. As mentioned, here, this issue doesn't happen when doing an amplify push via the CLI.
It only happens, for me and @ivan-georgiev-zetta at least, when the build kicks off in the Amplify Console (UI) after doing a git push to a connected repository.
kimfucious
commented
1 year ago Hi @josefaidt,
Per your advice, I performed an amplify update auth, following the Oath changes path and re-entering the required data for Google and Apple.
Aside from issues that aren't relevant to this thread, this worked and got me to the point where CI builds stopped failing.
Thanks for your guidance on that.
One thing that is relevant is an issue that I've raised in another ticket, here.
Before opening, please confirm:
How did you install the Amplify CLI?
curl
If applicable, what version of Node.js are you using?
v17.0.1
Amplify CLI Version
7.5.6
What operating system are you using?
Mac os Big sur
Amplify Categories
auth, function, api, notifications
Amplify Commands
push
Describe the bug
Amplify-CLI can not add modules (analytics, function and etc.) We get an error message -- 🛑 An error occurred during the push operation: Resource is not in the state stackUpdateComplete after "amplify push"
Expected behavior
Command "amplify push" should work or maybe we made mistake in setup for aws project We need help
Reproduction steps
Create project -- "amplify init" Add Auth module -- "amplify add auth" add login mechanism Google from AdminUI turn on Enable access to unauthenticated identities add a new Date model from admin UI
GraphQL schema(s)
No response
Log output
Additional information
We think.
maybe, we have a conflict between different authorization modes (Api key mode and Cognito user pool mode)