daniellorenzin
commented
2 years ago I'm getting this too!
Open Shomari opened 2 years ago
daniellorenzin
commented
2 years ago I'm getting this too!
johnpc
commented
2 years ago Customers in https://github.com/aws-amplify/amplify-cli/issues/9532 are reporting downgrade to CLI v7.6.8 works around this issue
johnpc
commented
2 years ago Can you please share your user pool configuration? Also your cli-inputs.json contents?
jleskovar-tyro
commented
2 years ago Just started getting this issue today. cli-inputs.json:
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "identitypool",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "tradif124df7d7",
"userPoolName": "userpool",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OPTIONAL",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"email",
"name",
"phone_number"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"email"
],
"userpoolClientReadAttributes": [
"email"
],
"userpoolClientLambdaRole": "auth124df7d7_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"sharedId": "124df7d7",
"resourceName": "auth",
"authSelections": "identityPoolAndUserPool",
"useDefault": "manual",
"thirdPartyAuth": false,
"usernameAttributes": [
"email, phone_number"
],
"userPoolGroups": false,
"adminQueries": false,
"triggers": {},
"hostedUI": false,
"userPoolGroupList": [],
"serviceName": "Cognito",
"usernameCaseSensitive": false,
"useEnabledMfas": true
}
}Can also confirm pinning CLI to 7.6.8 resolves the issue
rafaelfaria
commented
2 years ago Same... Literally just started happening now ... i am using v 7.5.0
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "snip3r2c20128c_identitypool_2c20128c",
"allowUnauthenticatedIdentities": true,
"resourceNameTruncated": "snip3r2c20128c",
"userPoolName": "snip3r2c20128c_userpool_2c20128c",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Snip3r Bot - Verification Code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"address",
"email",
"locale"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"nickname",
"address",
"email",
"locale"
],
"userpoolClientReadAttributes": [
"address",
"email",
"locale"
],
"userpoolClientLambdaRole": "snip3r2c20128c_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"sharedId": "2c20128c",
"resourceName": "snip3rAuth",
"authSelections": "identityPoolAndUserPool",
"useDefault": "manual",
"thirdPartyAuth": false,
"usernameAttributes": [
"email"
],
"userPoolGroups": false,
"adminQueries": false,
"triggers": {
"PostConfirmation": [
"add-to-group"
]
},
"hostedUI": false,
"userPoolGroupList": [],
"serviceName": "Cognito",
"usernameCaseSensitive": false,
"useEnabledMfas": true,
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"dependsOn": [
{
"category": "function",
"resourceName": "snip3rAuthPostConfirmation",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
}
],
"permissions": [
"{\n \"policyName\": \"AddToGroupCognito\",\n \"trigger\": \"PostConfirmation\",\n \"effect\": \"Allow\",\n \"actions\": [\n \"cognito-idp:AdminAddUserToGroup\",\n \"cognito-idp:GetGroup\",\n \"cognito-idp:CreateGroup\"\n ],\n \"resource\": {\n \"paramType\": \"!GetAtt\",\n \"keys\": [\n \"UserPool\",\n \"Arn\"\n ]\n }\n}"
],
"authTriggerConnections": "[\n {\n \"triggerType\": \"PostConfirmation\",\n \"lambdaFunctionName\": \"snip3rAuthPostConfirmation\"\n }\n]",
"authProviders": [],
"parentStack": {
"Ref": "AWS::StackId"
}
}
}
pratikdhody
commented
2 years ago Hi,
I'm having the same issue even after being on amplify version 7.6.8. This seemed to happen to me after adding a new api
Error when running amplify push
Resource Name: ap-southeast-2_53aQwmrr9 (AWS::Cognito::UserPool)
Event Type: update
Reason: Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 69f5a5c3-19fa-4d9f-aad4-ea98766820dc; Proxy: null)
URL: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/arn%3Aaws%3Acloudformation%3Aap-southeast-2%3A158495622644%3Astack%2Famplify-vewwebapp-dev-134339-authvewwebapp5d8cc702-CIHHXDGWYD27%2F871233c0-65f6-11ec-a198-0abe9ed47e04/eventsmy cli-inputs.json for the new api is
{
"version": 1,
"paths": {
"/payment": {
"permissions": {
"setting": "open"
},
"lambdaFunction": "createPayment"
}
}
}my cli-inputs.json for auth is
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "vewwebapp5d8cc702_identitypool_5d8cc702",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "vewweb5d8cc702",
"userPoolName": "vewwebapp5d8cc702_userpool_5d8cc702",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"email",
"family_name",
"given_name"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"email"
],
"userpoolClientReadAttributes": [
"email"
],
"userpoolClientLambdaRole": "vewweb5d8cc702_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"authSelections": "identityPoolAndUserPool",
"resourceName": "vewwebapp5d8cc702",
"serviceName": "Cognito",
"useDefault": "defaultSocial",
"sharedId": "5d8cc702",
"userPoolGroupList": [],
"usernameAttributes": [
"email"
],
"usernameCaseSensitive": false,
"hostedUI": true,
"triggers": {},
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"useEnabledMfas": true,
"dependsOn": [],
"parentStack": {
"Ref": "AWS::StackId"
},
"permissions": [],
"hostedUIDomainName": "vewwebappa599d801-a599d801",
"authProvidersUserPool": [
"Facebook",
"Google"
],
"hostedUIProviderMeta": "[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"last_name\",\"given_name\":\"first_name\",\"username\":\"id\"}},{\"ProviderName\":\"Google\",\"authorize_scopes\":\"openid email profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"family_name\",\"given_name\":\"given_name\",\"username\":\"sub\"}}]",
"oAuthMetadata": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"https://localhost:3000/signout/\"]}",
"authProviders": []
}
}
julienlaurent-migso
commented
2 years ago Hi, we are facing the exactly same issue when we try to amplify push or build. We tried to downgrade the cli version but it's not fixing the issue.
See below the push issue :
UPDATE_FAILED
UserPool
AWS::Cognito::UserPool Mon Jan 17 2022 08:54:31 GMT+0100 (heure normale d’Europe centrale) Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 4c47012b-d2b9-487b-969d-511499ef33d8; Proxy: null)Our cli-inputs.json for auth is :
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "xxxxxxx",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "xxxxxx",
"userPoolName": "xxxxx",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"email",
"name"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"email"
],
"userpoolClientReadAttributes": [
"email"
],
"userpoolClientLambdaRole": "xxxxxx",
"userpoolClientSetAttributes": false,
"sharedId": "xxxx",
"resourceName": "xxxxx",
"authSelections": "identityPoolAndUserPool",
"useDefault": "default",
"usernameAttributes": [
"email"
],
"triggers": {
"PostConfirmation": [
"add-to-group"
],
"PreSignup": [
"email-filter-denylist"
]
},
"userPoolGroupList": [],
"serviceName": "Cognito",
"usernameCaseSensitive": false,
"useEnabledMfas": true,
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"dependsOn": [
{
"category": "function",
"resourceName": "xxxxx",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
},
{
"category": "function",
"resourceName": "xxxx",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
}
],
"permissions": [
"{\n \"policyName\": \"AddToGroupCognito\",\n \"trigger\": \"PostConfirmation\",\n \"effect\": \"Allow\",\n \"actions\": [\n \"cognito-idp:AdminAddUserToGroup\",\n \"cognito-idp:GetGroup\",\n \"cognito-idp:CreateGroup\"\n ],\n \"resource\": {\n \"paramType\": \"!GetAtt\",\n \"keys\": [\n \"UserPool\",\n \"Arn\"\n ]\n }\n}"
],
"authTriggerConnections": "[\n {\n \"triggerType\": \"PostConfirmation\",\n \"lambdaFunctionName\": \"xxxxxx\"\n },\n {\n \"triggerType\": \"PreSignUp\",\n \"lambdaFunctionName\": \"xxxxxxx\"\n }\n]",
"adminQueryGroup": "adminQueries",
"parentStack": {
"Ref": "AWS::StackId"
}
}
}The issue is bloking us for deploying our new version.. Did you identify which is the invalid attributeDataType ? thanks for your help
pratikdhody
commented
2 years ago is there an update @johnpc ?
julienlaurent-migso
commented
2 years ago Hi, I have fixed my issue => Pushing only my auth again have fixed the issue my steps:
samputer
commented
2 years ago +1. I was experiencing this in the Amplify build console. Locking the version to 7.6.8 has resolved it temporarily.
pratikdhody
commented
2 years ago @julienlaurent-migso 's suggestion worked for me also.
dbeck121
commented
2 years ago same here but @julienlaurent-migsos solutlion did not work
I changed order of attributes in cli-inputs file amplify push recogniced a change but same error
anyone with another solution?
johnpc
commented
2 years ago We are having a lot of trouble reproducing this internally. We have tried creating various configurations on various previous versions of the cli, then upgrading and trying to push something in hopes we can recreate the issue and track down the root cause. So far, nothing has worked (meaning, all of our pushes have been successful).
Please continue to share any information you may have that could help us debug this issue.
Shomari
commented
2 years ago Here is my CLI-inputs: { "version": "1", "cognitoConfig": { "identityPoolName": "recommendednext75871224_identitypool_75871224", "allowUnauthenticatedIdentities": true, "resourceNameTruncated": "recomm75871224", "userPoolName": "recommendedPool", "autoVerifiedAttributes": [ "email" ], "mfaConfiguration": "OFF", "mfaTypes": [ "SMS Text Message" ], "smsAuthenticationMessage": "Your authentication code is {####}", "smsVerificationMessage": "Your verification code is {####}", "emailVerificationSubject": "Your verification code", "emailVerificationMessage": "Your verification code is {####}", "defaultPasswordPolicy": false, "passwordPolicyMinLength": 8, "passwordPolicyCharacters": [], "requiredAttributes": [ "email", "family_name", "given_name", "picture" ], "aliasAttributes": [], "userpoolClientGenerateSecret": false, "userpoolClientRefreshTokenValidity": 30, "userpoolClientWriteAttributes": [ "email" ], "userpoolClientReadAttributes": [ "email" ], "userpoolClientLambdaRole": "recomm75871224_userpoolclient_lambda_role", "userpoolClientSetAttributes": false, "sharedId": "75871224", "resourceName": "recommended", "authSelections": "identityPoolAndUserPool", "useDefault": "manual", "thirdPartyAuth": true, "authProviders": [ "graph.facebook.com", "accounts.google.com" ], "usernameAttributes": [ "email" ], "userPoolGroups": false, "adminQueries": false, "triggers": {}, "hostedUI": true, "hostedUIDomainName": "recommended", "authProvidersUserPool": [ "Facebook", "Google" ], "hostedUIProviderMeta": "[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"last_name\",\"given_name\":\"first_name\",\"picture\":\"picture\",\"username\":\"id\"}},{\"ProviderName\":\"Google\",\"authorize_scopes\":\"openid email profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"family_name\",\"given_name\":\"given_name\",\"picture\":\"picture\",\"username\":\"sub\"}}]", "oAuthMetadata": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"https://www.gorecommended.com/\"],\"LogoutURLs\":[\"https://www.gorecommended.com/\"]}", "userPoolGroupList": [], "serviceName": "Cognito", "usernameCaseSensitive": false, "useEnabledMfas": true, "authRoleArn": { "Fn::GetAtt": [ "AuthRole", "Arn" ] }, "unauthRoleArn": { "Fn::GetAtt": [ "UnauthRole", "Arn" ] }, "breakCircularDependency": true, "dependsOn": [] } }
johnpc
commented
2 years ago I am particularly interested in the requiredAttributes of your generated cloudformation - especially if there are discrepancies between those and what's in cli-inputs.json. https://github.com/aws-amplify/amplify-cli/pull/9251 changed the behavior around that and was released in 9.7.9 which is when this issue seems to have arisen. I also wonder whether most of you are doing automated deployments via amplify console.
Shomari
commented
2 years ago @johnpc I am doing automated deployments based on pushes to a github branch if that is what you mean
johnpc
commented
2 years ago Thank you that is helpful.
I am able to reproduce your error when I manually edit my requiredAttributes in cli-inputs.json (in my case, I manually added "locale" to the list of required attributes).
I assume pushes with this error would succeed if the requiredAttributes field is set so that it matches your deployed Cognito configuration in the cloud. Would you mind trying that and seeing if it fixes your issue? Or at least checking to see whether there is a difference between the two?
I am still not sure what has caused this drift for so many customers.
Shomari
commented
2 years ago So everything was fine when I was just using auth and api. The issue appeared when I added analytics. After running add analytics, there were a few options in which I kind of mindlessly choose the first option and should have paid more attention into what was actually happening. I didn't think these changes would alter my userpool to make it unuseable. I know for a fact this made changes to my cognito user pool as I hadn't touched it for a while.
My required attributes appear different than what is listed in the cli-inputs where as before they were the same. The ones in the cli-inputs are correct.
johnpc
commented
2 years ago So only "picture" is required in your deployed Cognito environment, but your desired configuration is:
"requiredAttributes": [
"email",
"family_name",
"given_name",
"picture"
],The way this looks is, your deployment was bitten by the bug that https://github.com/aws-amplify/amplify-cli/pull/9251 attempted to fix - only one of your required attributes was set in reality. However, since requiredAttributes cannot be edited after the Cognito resource is deployed (a Cognito limitation), it is causing an error where your deployments are failing.
I think this makes sense why downgrading is working for so many people. They're re-pushing with missing requiredAttributes when they downgrade, so the push matches what's in the cloud. Another "fix" to unblock deploying new changes would be to update requiredAttributes in your cli-inputs.json to match what's in the cloud (aka, change it so only "picture" is required")
The real long term fix would be to remove your Cognito configuration and replace it with a new one. Of course, you do not want to lose existing user data, so you'd have to migrate your users to a new, properly configured Cognito resource and then import the new auth resource to your app.
dbeck121
commented
2 years ago Hi @johnpc
I had a look in my configuration:
I have in cli-inputs.json
"requiredAttributes": [ "email", "website", "given_name", "family_name" ],
but in Cognito I see:
So all the values are there. But I have the same problem.
Did I miss something here?
BR
usakorn-tsq
commented
2 years ago I have fixed my issue by following these steps:
check the Required attributes in User Pools
look into cli-inputs.json file "requiredAttributes": [ "email", "family_name", "given_name" ]
remove both "email" and "family_name"
run "amplify push"
redeploy in the console again
done!
dbeck121
commented
2 years ago anyone of you with this problem even when the required attributes are in sync? I have a custom attribute added but it worked for months without problems.
sandeep-pracbee
commented
2 years ago anyone of you with this problem even when the required attributes are in sync? I have a custom attribute added but it worked for months without problems.
I am having the same issue
dbeck121
commented
2 years ago anyone of you with this problem even when the required attributes are in sync? I have a custom attribute added but it worked for months without problems.
I am having the same issue
Glad that I am not the only one. Anyone with a solution here?
johnpc
commented
2 years ago @dbeck121 I've created #9590 to address what I believe to be the root cause of this issue for most users (required attributes are out of sync).
If you are still experiencing the same error message when required attributes are in sync, then it must be some other parameter that has drifted. Can you notice any other differences between your cli-inputs configuration and your Cognito user pool?
johnpc
commented
2 years ago For customers impacted by this, I recommend adding a PreSignUp lambda trigger (documentation here: https://docs.amplify.aws/cli/usage/lambda-triggers/#set-up-lambda-triggers) for your Cognito user pool. This allows you to run validation during user sign up to ensure all required properties are included.
For example, @Shomari desired these required attributes:
"requiredAttributes": [
"email",
"family_name",
"given_name",
"picture"
],but the UserPool is stuck in state where only picture is required.
Since this property on the UserPool is immutable, the best way to ensure all required attributes are present for new sign ups is to add validation logic in a PreSignUp lambda trigger.
dbeck121
commented
2 years ago Hi @johnpc,
might it be that it is the custom attribute custom:company that I added in Cognito? I tried to add it to requiredAttributes but still the same error.
BR
Shomari
commented
2 years ago @johnpc have you all figured out how or why this happened and addressed that. To be clear, my userpool DID have all of the same attributes. After adding analytics, amplify somehow made changes to my userpool and overwrote the required attributes there (which I thought was impossible but I guess not), which caused this out of sync issue. The overall fix would be to prevent this from happening to begin with. The purpose of using amplify and congito is to simplify this process. Having to create a validation lambda for something that cognito can and should handle already because amplify might mess it up later isn't a great experience IMO
sandeep-pracbee
commented
2 years ago +1 to what Shomari added.
I have been banging my head to find the differences b/w cli-inputs & cognito but can't find anything.
@johnpc Couple of asks:
johnpc
commented
2 years ago @Shomari I believe the root cause of this issue was fixed by https://github.com/aws-amplify/amplify-cli/pull/9251. I believe your Cognito user pool was sadly created with desired required attributes missing, as that field is not modifiable after creation. When you added analytics, that requires updates to modifiable fields on your user pool. So when you tried to push those additive changes, your pushes started to fail because Amplify also tried to fix requiredAttributes which is not modifiable.
Unfortunately, during the time before https://github.com/aws-amplify/amplify-cli/pull/9251 was released (between v7.3.0 and v7.6.9) amplify spun up these Cognito user pools with unexpected requiredAttributes parameter, and there is nothing that can be done about that now.
Adding a presignup lambda trigger or migrating your users off that Cognito user pool and into a new one are the only paths available, and we cannot do those for you from the CLI. Since migration would be a painful process, the presignup lambda is what I would recommend.
sandeep-pracbee
commented
2 years ago @johnpc I am finding it hard to understand why that presignup lambda will fix the error I see on the deploy time. Would the deploy script bypass the error if it sees a presignup lambda function set?
dbeck121
commented
2 years ago @Shomari: I agree a with you. I have spend way more time with error fixing (not only this one) than expected. Nevertheless let's help to kill these bugs. Good software needs some time.
@johnpc: I added a few screenshots and files.
I also added cli.json because I wanted to use amplify on a second pc with the same project for convenience reasons and there I do not have the possibility to amplify push the project because of
Invalid feature flag configuration. These feature flags are defined in the amplify/cli.json configuration file and are unknown to the currently running amplify cli:
No idea if that gets together with this error.
Additionally I try to summarize my differences between Cognito and Amplify
sandeep-pracbee
commented
2 years ago I am having very similar experience as @dbeck121. I didn't change much or added Analytics.
this is my cli-inputs:
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "practiceplatformidentitypool",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "practi0dfe6ad1",
"userPoolName": "practiceplatformuserpool",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "PracBee Practice Platform | Confirm Your Registration",
"emailVerificationMessage": "You're almost there! Activate your account now by entering the following code: '{####}'.",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": "8",
"passwordPolicyCharacters": [
"Requires Lowercase",
"Requires Uppercase",
"Requires Numbers"
],
"requiredAttributes": [
"email",
"name"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [],
"userpoolClientReadAttributes": [],
"userpoolClientLambdaRole": "practi0dfe6ad1_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"authSelections": "identityPoolAndUserPool",
"resourceName": "practiceplatformauth",
"serviceName": "Cognito",
"useDefault": "manual",
"sharedId": "0dfe6ad1",
"userPoolGroupList": [
"practiceplatformadmins",
"practiceplatformstudents",
"practiceplatformreviewers",
"practiceplatformcreators",
"practiceplatforteachers"
],
"userPoolGroups": false,
"usernameCaseSensitive": false,
"verificationBucketName": "practiceplatformauthverificationbucket",
"adminQueries": true,
"adminQueryGroup": "practiceplatformadmins",
"hostedUI": false,
"thirdPartyAuth": false,
"authProviders": [],
"triggers": {
"PostConfirmation": [
"add-to-group"
]
},
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"useEnabledMfas": false,
"dependsOn": [
{
"category": "function",
"resourceName": "practiceplatformauthPostConfirmation",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
}
],
"parentStack": {
"Ref": "AWS::StackId"
},
"permissions": [
"{\n \"policyName\": \"AddToGroupCognito\",\n \"trigger\": \"PostConfirmation\",\n \"effect\": \"Allow\",\n \"actions\": [\n \"cognito-idp:AdminAddUserToGroup\",\n \"cognito-idp:GetGroup\",\n \"cognito-idp:CreateGroup\"\n ],\n \"resource\": {\n \"paramType\": \"!GetAtt\",\n \"keys\": [\n \"UserPool\",\n \"Arn\"\n ]\n }\n}"
],
"authTriggerConnections": "[\n {\n \"triggerType\": \"PostConfirmation\",\n \"lambdaFunctionName\": \"practiceplatformauthPostConfirmation\"\n }\n]"
}
}and the screenshot of of user pool :
dbeck121
commented
2 years ago @sandeep-pracbee I see that you also have a trigger in your file. Did you experience that this is not in Cognito anymore or sth like this?
Thats the only thing that is suspicious in my cli
@johnpc
@Shomari I believe the root cause of this issue was fixed by #9251. I believe your Cognito user pool was sadly created with desired required attributes missing, as that field is not modifiable after creation. When you added analytics, that requires updates to modifiable fields on your user pool. So when you tried to push those additive changes, your pushes started to fail because Amplify also tried to fix
requiredAttributeswhich is not modifiable.Unfortunately, during the time before #9251 was released (between v7.3.0 and v7.6.9) amplify spun up these Cognito user pools with unexpected
requiredAttributesparameter, and there is nothing that can be done about that now.Adding a presignup lambda trigger or migrating your users off that Cognito user pool and into a new one are the only paths available, and we cannot do those for you from the CLI. Since migration would be a painful process, the presignup lambda is what I would recommend.
Is there a guideline how to migrate users? This could be plan B :)
I guess sth lik:
Backup users, Amplify delete auth amplify add auth Restore users?
BR
And btw: Thanks a lot for your help and fix that bug together with us 👍
johnpc
commented
2 years ago @sandeep-pracbee - the presignup lambda does not fix the error you see on push. The push error is caused by drift between the Cognito resource Amplify is trying to push and the existing Cognito resource in the cloud. The presignup lambda is useful to do in addition but should not be confused as the resolution to this push issue - which is fixing the drift.
@dbeck121 the Invalid feature flag configuration error is usually fixed by updating your cli version npm i -g @aws-amplify/cli. I assume when you run amplify status it shows the auth resource as having changed - would be interesting to know why it was changed if not adding something like analytics. There should have been changes to your git status as well when this happened.
As for the "Plan B", I really do not recommend migrating your user pool unless you know exactly what you're doing and what the tradeoffs are. There are a lot of risks with that approach. For example, you may need to shut down your service between the export of the current users and reimport to new user pool and cut your app over to the new one. Otherwise users will be signing up into the pool you're about to delete. Another risk is that a changing user pool id could impact client apps that are storing that locally.
sandeep-pracbee
commented
2 years ago @dbeck121 I added that lambda trigger via cli and not sure why it doesn't appear on the cognito, it is little confusing to me. I want that trigger to auto-assign a group to a user post signup.
@johnpc I understand better now. So, how do I rectify this now? All I see is this:
UPDATE_FAILED UserPool AWS::Cognito::UserPool Mon Jan 24 2022 09:40:55 GMT-0800 (Pacific Standard Time) Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 80718713-0da6-4e47-adc4-88eec48eeb04; Proxy: null)I don't even know what is missing and what to fix?
johnpc
commented
2 years ago This ticket was primarily caused by drift introduced by https://github.com/aws-amplify/amplify-cli/pull/9251. It appears @sandeep-pracbee and @dbeck121 are experiencing a different issue though, since those bitten by https://github.com/aws-amplify/amplify-cli/pull/9251 will only have 1 requiredAttribute in their deployed Cognito user pool, and you both have all of your desired requiredAttribute deployed.
Since requiredAttributes is not your issue, it must be some other Cognito field.
I'd want to make sure you're both on the latest CLI. I would also want to compare what's in your cli-inputs.json to the response from running aws cognito-idp describe-user-pool --user-pool-id {YOUR_USERPOOL_ID}. You can find your user pool id in aws-exports.json the key is called aws_user_pools_id
sandeep-pracbee
commented
2 years ago I am on 7.6.12
❯ amplify --version
7.6.12This is the output of the describe pool command:
{
"UserPool": {
"Id": "ap-south-1_SpA2UnkG1",
"Name": "practiceplatformuserpool-live",
"Policies": {
"PasswordPolicy": {
"MinimumLength": 8,
"RequireUppercase": true,
"RequireLowercase": true,
"RequireNumbers": true,
"RequireSymbols": false,
"TemporaryPasswordValidityDays": 7
}
},
"LambdaConfig": {},
"LastModifiedDate": "2022-01-24T10:10:41.283000-08:00",
"CreationDate": "2021-09-15T17:23:27.019000-07:00",
"SchemaAttributes": [
{
"Name": "sub",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": false,
"Required": true,
"StringAttributeConstraints": {
"MinLength": "1",
"MaxLength": "2048"
}
},
{
"Name": "name",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": true,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "given_name",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "family_name",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "middle_name",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "nickname",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "preferred_username",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "profile",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "picture",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "website",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "email",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": true,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "email_verified",
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false
},
{
"Name": "gender",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "birthdate",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "10",
"MaxLength": "10"
}
},
{
"Name": "zoneinfo",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "locale",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "phone_number",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "phone_number_verified",
"AttributeDataType": "Boolean",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false
},
{
"Name": "address",
"AttributeDataType": "String",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"StringAttributeConstraints": {
"MinLength": "0",
"MaxLength": "2048"
}
},
{
"Name": "updated_at",
"AttributeDataType": "Number",
"DeveloperOnlyAttribute": false,
"Mutable": true,
"Required": false,
"NumberAttributeConstraints": {
"MinValue": "0"
}
}
],
"AutoVerifiedAttributes": [
"email"
],
"SmsVerificationMessage": "Your verification code is {####}",
"EmailVerificationMessage": "You're almost there! Activate your account now by entering the following code: '{####}'.",
"EmailVerificationSubject": "PracBee Practice Platform | Confirm Your Registration",
"VerificationMessageTemplate": {
"SmsMessage": "Your verification code is {####}",
"EmailMessage": "You're almost there! Activate your account now by entering the following code: '{####}'.",
"EmailSubject": "PracBee Practice Platform | Confirm Your Registration",
"EmailMessageByLink": "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional //EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html xmlns=\"http://www.w3.org/1999/xhtml\" xmlns:v=\"urn:schemas-microsoft-com:vml\" xmlns:o=\"urn:schemas-microsoft-com:office:office\">\n<head>\n<!--[if gte mso 9]>\n<xml>\n <o:OfficeDocumentSettings>\n <o:AllowPNG/>\n <o:PixelsPerInch>96</o:PixelsPerInch>\n </o:OfficeDocumentSettings>\n</xml>\n<![endif]-->\n <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <meta name=\"x-apple-disable-message-reformatting\">\n <!--[if !mso]><!--><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\"><!--<![endif]-->\n <title></title>\n \n <style type=\"text/css\">\n table, td { color: #000000; } a { color: #0000ee; text-decoration: underline; } @media (max-width: 480px) { #u_content_image_2 .v-container-padding-padding { padding: 15px 20px 0px !important; } #u_content_image_2 .v-src-width { width: 407px !important; } #u_content_image_2 .v-src-max-width { max-width: 41% !important; } #u_content_image_2 .v-text-align { text-align: left !important; } #u_content_text_23 .v-container-padding-padding { padding: 10px 10px 5px !important; } #u_content_text_23 .v-line-height { line-height: 170% !important; } }\n@media only screen and (min-width: 620px) {\n .u-row {\n width: 600px !important;\n }\n .u-row .u-col {\n vertical-align: top;\n }\n\n .u-row .u-col-100 {\n width: 600px !important;\n }\n\n}\n\n@media (max-width: 620px) {\n .u-row-container {\n max-width: 100% !important;\n padding-left: 0px !important;\n padding-right: 0px !important;\n }\n .u-row .u-col {\n min-width: 320px !important;\n max-width: 100% !important;\n display: block !important;\n }\n .u-row {\n width: calc(100% - 40px) !important;\n }\n .u-col {\n width: 100% !important;\n }\n .u-col > div {\n margin: 0 auto;\n }\n}\nbody {\n margin: 0;\n padding: 0;\n}\n\ntable,\ntr,\ntd {\n vertical-align: top;\n border-collapse: collapse;\n}\n\np {\n margin: 0;\n}\n\n.ie-container table,\n.mso-container table {\n table-layout: fixed;\n}\n\n* {\n line-height: inherit;\n}\n\na[x-apple-data-detectors='true'] {\n color: inherit !important;\n text-decoration: none !important;\n}\n\n</style>\n \n \n\n</head>\n\n<body class=\"clean-body u_body\" style=\"margin: 0;padding: 0;-webkit-text-size-adjust: 100%;background-color: #ffffff;color: #000000\">\n <!--[if IE]><div class=\"ie-container\"><![endif]-->\n <!--[if mso]><div class=\"mso-container\"><![endif]-->\n <table style=\"border-collapse: collapse;table-layout: fixed;border-spacing: 0;mso-table-lspace: 0pt;mso-table-rspace: 0pt;vertical-align: top;min-width: 320px;Margin: 0 auto;background-color: #ffffff;width:100%\" cellpadding=\"0\" cellspacing=\"0\">\n <tbody>\n <tr style=\"vertical-align: top\">\n <td style=\"word-break: break-word;border-collapse: collapse !important;vertical-align: top\">\n <!--[if (mso)|(IE)]><table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td align=\"center\" style=\"background-color: #ffffff;\"><![endif]-->\n \n\n<div class=\"u-row-container\" style=\"padding: 0px;background-color: transparent\">\n <div class=\"u-row\" style=\"Margin: 0 auto;min-width: 320px;max-width: 600px;overflow-wrap: break-word;word-wrap: break-word;word-break: break-word;background-color: transparent;\">\n <div style=\"border-collapse: collapse;display: table;width: 100%;background-color: transparent;\">\n <!--[if (mso)|(IE)]><table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td style=\"padding: 0px;background-color: transparent;\" align=\"center\"><table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"width:600px;\"><tr style=\"background-color: transparent;\"><![endif]-->\n \n<!--[if (mso)|(IE)]><td align=\"center\" width=\"600\" style=\"background-color: #f2503b;width: 600px;padding: 0px;border-top: 0px solid transparent;border-left: 0px solid transparent;border-right: 0px solid transparent;border-bottom: 0px solid transparent;\" valign=\"top\"><![endif]-->\n<div class=\"u-col u-col-100\" style=\"max-width: 320px;min-width: 600px;display: table-cell;vertical-align: top;\">\n <div style=\"background-color: #f2503b;width: 100% !important;\">\n <!--[if (!mso)&(!IE)]><!--><div style=\"padding: 0px;border-top: 0px solid transparent;border-left: 0px solid transparent;border-right: 0px solid transparent;border-bottom: 0px solid transparent;\"><!--<![endif]-->\n \n<table id=\"u_content_image_2\" style=\"font-family:arial,helvetica,sans-serif;\" role=\"presentation\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" border=\"0\">\n <tbody>\n <tr>\n <td class=\"v-container-padding-padding\" style=\"overflow-wrap:break-word;word-break:break-word;padding:10px;font-family:arial,helvetica,sans-serif;\" align=\"left\">\n \n<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\">\n <tr>\n <td class=\"v-text-align\" style=\"padding-right: 0px;padding-left: 0px;\" align=\"center\">\n <a href=\"https://unlayer.com/\" target=\"_blank\">\n <img align=\"center\" border=\"0\" src=\"https://abhyas.pracbee.com/static/media/logo.72b1c3f9.png\" alt=\"Student\" title=\"Student\" style=\"outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;clear: both;display: inline-block !important;border: none;height: auto;float: none;width: 36%;max-width: 208.8px;\" width=\"208.8\" class=\"v-src-width v-src-max-width\"/>\n </a>\n </td>\n </tr>\n</table>\n\n </td>\n </tr>\n </tbody>\n</table>\n\n <!--[if (!mso)&(!IE)]><!--></div><!--<![endif]-->\n </div>\n</div>\n<!--[if (mso)|(IE)]></td><![endif]-->\n <!--[if (mso)|(IE)]></tr></table></td></tr></table><![endif]-->\n </div>\n </div>\n</div>\n\n\n\n<div class=\"u-row-container\" style=\"padding: 10px 0px 0px;background-color: transparent\">\n <div class=\"u-row\" style=\"Margin: 0 auto;min-width: 320px;max-width: 600px;overflow-wrap: break-word;word-wrap: break-word;word-break: break-word;background-color: transparent;\">\n <div style=\"border-collapse: collapse;display: table;width: 100%;background-color: transparent;\">\n <!--[if (mso)|(IE)]><table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td style=\"padding: 10px 0px 0px;background-color: transparent;\" align=\"center\"><table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"width:600px;\"><tr style=\"background-color: transparent;\"><![endif]-->\n \n<!--[if (mso)|(IE)]><td align=\"center\" width=\"600\" style=\"width: 600px;padding: 0px;border-top: 0px solid transparent;border-left: 0px solid transparent;border-right: 0px solid transparent;border-bottom: 0px solid transparent;\" valign=\"top\"><![endif]-->\n<div class=\"u-col u-col-100\" style=\"max-width: 320px;min-width: 600px;display: table-cell;vertical-align: top;\">\n <div style=\"width: 100% !important;\">\n <!--[if (!mso)&(!IE)]><!--><div style=\"padding: 0px;border-top: 0px solid transparent;border-left: 0px solid transparent;border-right: 0px solid transparent;border-bottom: 0px solid transparent;\"><!--<![endif]-->\n \n<table style=\"font-family:arial,helvetica,sans-serif;\" role=\"presentation\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" border=\"0\">\n <tbody>\n <tr>\n <td class=\"v-container-padding-padding\" style=\"overflow-wrap:break-word;word-break:break-word;padding:10px 10px 10px 20px;font-family:arial,helvetica,sans-serif;\" align=\"left\">\n \n <div class=\"v-text-align v-line-height\" style=\"color: #549284; line-height: 140%; text-align: left; word-wrap: break-word;\">\n <p style=\"font-size: 14px; line-height: 140%;\"><span style=\"font-size: 16px; line-height: 22.4px;\"><strong>Dear Student,</strong></span></p>\n </div>\n\n </td>\n </tr>\n </tbody>\n</table>\n\n<table style=\"font-family:arial,helvetica,sans-serif;\" role=\"presentation\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" border=\"0\">\n <tbody>\n <tr>\n <td class=\"v-container-padding-padding\" style=\"overflow-wrap:break-word;word-break:break-word;padding:0px 10px 20px 20px;font-family:arial,helvetica,sans-serif;\" align=\"left\">\n \n <div class=\"v-text-align v-line-height\" style=\"color: #8a8a8a; line-height: 140%; text-align: left; word-wrap: break-word;\">\n <p style=\"font-size: 14px; line-height: 140%;\">Welcome to PracBee, India’s most personalized Test Prep Platform offering- One-on-One Classes, Mentoring and Extensive Practice and Testing.</p>\n<p style=\"font-size: 14px; line-height: 140%;\"> </p>\n<p style=\"font-size: 14px; line-height: 140%;\"><a rel=\"noopener\" href=\"{##Verify Email##}\" target=\"_blank\">Click here to Activate your account now</a></p>\n<p style=\"font-size: 14px; line-height: 140%;\"> </p>\n<p style=\"font-size: 14px; line-height: 140%;\">Complete Link:</p>\n<p style=\"font-size: 14px; line-height: 140%;\">{##Verify Email##}</p>\n<p style=\"font-size: 14px; line-height: 140%;\"> </p>\n<p style=\"font-size: 14px; line-height: 140%;\">Keep Practicing, Keep Learning!</p>\n<p style=\"font-size: 14px; line-height: 140%;\"> </p>\n<p style=\"font-size: 14px; line-height: 140%;\">Regards</p>\n<p style=\"font-size: 14px; line-height: 140%;\">Team PracBee</p>\n<p style=\"font-size: 14px; line-height: 140%;\"> </p>\n<p style=\"font-size: 14px; line-height: 140%;\">In case of any query/error write to contact@pracbee.com or WhatsApp on 9650647200</p>\n </div>\n\n </td>\n </tr>\n </tbody>\n</table>\n\n <!--[if (!mso)&(!IE)]><!--></div><!--<![endif]-->\n </div>\n</div>\n<!--[if (mso)|(IE)]></td><![endif]-->\n <!--[if (mso)|(IE)]></tr></table></td></tr></table><![endif]-->\n </div>\n </div>\n</div>\n\n\n\n<div class=\"u-row-container\" style=\"padding: 0px;background-color: transparent\">\n <div class=\"u-row\" style=\"Margin: 0 auto;min-width: 320px;max-width: 600px;overflow-wrap: break-word;word-wrap: break-word;word-break: break-word;background-color: #ffbb17;\">\n <div style=\"border-collapse: collapse;display: table;width: 100%;background-color: transparent;\">\n <!--[if (mso)|(IE)]><table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td style=\"padding: 0px;background-color: transparent;\" align=\"center\"><table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"width:600px;\"><tr style=\"background-color: #ffbb17;\"><![endif]-->\n \n<!--[if (mso)|(IE)]><td align=\"center\" width=\"600\" style=\"width: 600px;padding: 10px;border-top: 0px solid transparent;border-left: 0px solid transparent;border-right: 0px solid transparent;border-bottom: 0px solid transparent;\" valign=\"top\"><![endif]-->\n<div class=\"u-col u-col-100\" style=\"max-width: 320px;min-width: 600px;display: table-cell;vertical-align: top;\">\n <div style=\"width: 100% !important;\">\n <!--[if (!mso)&(!IE)]><!--><div style=\"padding: 10px;border-top: 0px solid transparent;border-left: 0px solid transparent;border-right: 0px solid transparent;border-bottom: 0px solid transparent;\"><!--<![endif]-->\n \n<table style=\"font-family:arial,helvetica,sans-serif;\" role=\"presentation\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" border=\"0\">\n <tbody>\n <tr>\n <td class=\"v-container-padding-padding\" style=\"overflow-wrap:break-word;word-break:break-word;padding:10px;font-family:arial,helvetica,sans-serif;\" align=\"left\">\n \n<div align=\"center\">\n <div style=\"display: table; max-width:119px;\">\n <!--[if (mso)|(IE)]><table width=\"119\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td style=\"border-collapse:collapse;\" align=\"center\"><table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"border-collapse:collapse; mso-table-lspace: 0pt;mso-table-rspace: 0pt; width:119px;\"><tr><![endif]-->\n \n \n <!--[if (mso)|(IE)]><td width=\"32\" style=\"width:32px; padding-right: 8px;\" valign=\"top\"><![endif]-->\n <table align=\"left\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"32\" height=\"32\" style=\"border-collapse: collapse;table-layout: fixed;border-spacing: 0;mso-table-lspace: 0pt;mso-table-rspace: 0pt;vertical-align: top;margin-right: 8px\">\n <tbody><tr style=\"vertical-align: top\"><td align=\"left\" valign=\"middle\" style=\"word-break: break-word;border-collapse: collapse !important;vertical-align: top\">\n <a href=\"https://www.youtube.com/channel/UCCjr8-WYeHN0SCoMIMcO8KQ\" title=\"YouTube\" target=\"_blank\">\n <img src=\"https://cdn.tools.unlayer.com/social/icons/circle/youtube.png\" alt=\"YouTube\" title=\"YouTube\" width=\"32\" style=\"outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;clear: both;display: block !important;border: none;height: auto;float: none;max-width: 32px !important\">\n </a>\n </td></tr>\n </tbody></table>\n <!--[if (mso)|(IE)]></td><![endif]-->\n \n <!--[if (mso)|(IE)]><td width=\"32\" style=\"width:32px; padding-right: 8px;\" valign=\"top\"><![endif]-->\n <table align=\"left\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"32\" height=\"32\" style=\"border-collapse: collapse;table-layout: fixed;border-spacing: 0;mso-table-lspace: 0pt;mso-table-rspace: 0pt;vertical-align: top;margin-right: 8px\">\n <tbody><tr style=\"vertical-align: top\"><td align=\"left\" valign=\"middle\" style=\"word-break: break-word;border-collapse: collapse !important;vertical-align: top\">\n <a href=\"https://www.linkedin.com/company/pracbee-educations-pvt-ltd/\" title=\"LinkedIn\" target=\"_blank\">\n <img src=\"https://cdn.tools.unlayer.com/social/icons/circle/linkedin.png\" alt=\"LinkedIn\" title=\"LinkedIn\" width=\"32\" style=\"outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;clear: both;display: block !important;border: none;height: auto;float: none;max-width: 32px !important\">\n </a>\n </td></tr>\n </tbody></table>\n <!--[if (mso)|(IE)]></td><![endif]-->\n \n <!--[if (mso)|(IE)]><td width=\"32\" style=\"width:32px; padding-right: 0px;\" valign=\"top\"><![endif]-->\n <table align=\"left\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" width=\"32\" height=\"32\" style=\"border-collapse: collapse;table-layout: fixed;border-spacing: 0;mso-table-lspace: 0pt;mso-table-rspace: 0pt;vertical-align: top;margin-right: 0px\">\n <tbody><tr style=\"vertical-align: top\"><td align=\"left\" valign=\"middle\" style=\"word-break: break-word;border-collapse: collapse !important;vertical-align: top\">\n <a href=\"https://wa.me/919650647200\" title=\"WhatsApp\" target=\"_blank\">\n <img src=\"https://cdn.tools.unlayer.com/social/icons/circle/whatsapp.png\" alt=\"WhatsApp\" title=\"WhatsApp\" width=\"32\" style=\"outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;clear: both;display: block !important;border: none;height: auto;float: none;max-width: 32px !important\">\n </a>\n </td></tr>\n </tbody></table>\n <!--[if (mso)|(IE)]></td><![endif]-->\n \n \n <!--[if (mso)|(IE)]></tr></table></td></tr></table><![endif]-->\n </div>\n</div>\n\n </td>\n </tr>\n </tbody>\n</table>\n\n<table id=\"u_content_text_23\" style=\"font-family:arial,helvetica,sans-serif;\" role=\"presentation\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" border=\"0\">\n <tbody>\n <tr>\n <td class=\"v-container-padding-padding\" style=\"overflow-wrap:break-word;word-break:break-word;padding:10px 10px 0px;font-family:arial,helvetica,sans-serif;\" align=\"left\">\n \n <div class=\"v-text-align v-line-height\" style=\"color: #a5a5a5; line-height: 140%; text-align: center; word-wrap: break-word;\">\n <p style=\"font-size: 14px; line-height: 140%;\"><strong><span style=\"color: #000000; font-size: 14px; line-height: 19.6px;\">Copy right 2022 PracBee. All rights reserved.</span></strong></p>\n </div>\n\n </td>\n </tr>\n </tbody>\n</table>\n\n <!--[if (!mso)&(!IE)]><!--></div><!--<![endif]-->\n </div>\n</div>\n<!--[if (mso)|(IE)]></td><![endif]-->\n <!--[if (mso)|(IE)]></tr></table></td></tr></table><![endif]-->\n </div>\n </div>\n</div>\n\n\n <!--[if (mso)|(IE)]></td></tr></table><![endif]-->\n </td>\n </tr>\n </tbody>\n </table>\n <!--[if mso]></div><![endif]-->\n <!--[if IE]></div><![endif]-->\n</body>\n\n</html>\n",
"EmailSubjectByLink": "PracBee Practice Platform | Your verification link",
"DefaultEmailOption": "CONFIRM_WITH_CODE"
},
"SmsAuthenticationMessage": "Your authentication code is {####}",
"MfaConfiguration": "OFF",
"EstimatedNumberOfUsers": 443,
"EmailConfiguration": {
"EmailSendingAccount": "COGNITO_DEFAULT"
},
"SmsConfiguration": {
"SnsCallerArn": "arn:aws:iam::340350398738:role/sns0dfe6ad1171934-live",
"ExternalId": "practi0dfe6ad1_role_external_id"
},
"UserPoolTags": {},
"SmsConfigurationFailure": "SNSSandbox",
"Domain": "pracbee",
"AdminCreateUserConfig": {
"AllowAdminCreateUserOnly": false,
"UnusedAccountValidityDays": 7
},
"UsernameConfiguration": {
"CaseSensitive": false
},
"Arn": "arn:aws:cognito-idp:ap-south-1:340350398738:userpool/ap-south-1_SpA2UnkG1",
"AccountRecoverySetting": {
"RecoveryMechanisms": [
{
"Priority": 1,
"Name": "verified_email"
},
{
"Priority": 2,
"Name": "verified_phone_number"
}
]
}
}
}
For me version = 7.6.12 (fresh install)
The only thing that does not fit is:
"SchemaAttributes": [ { "Name": "sub", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": false, "Required": true, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" }
This sub is not in my list in amplify. But required attributes are given_name, family_name, website, email... also here with required flag and none other required.
Here the whole file:aws cognito-idp describe-user-pool --user-pool-id eu-central-1_TUbckccOl { "UserPool": { "Id": "eu-central-1_TUbckccOl", "Name": "wpgurufrontend-dev", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireUppercase": true, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": false, "TemporaryPasswordValidityDays": 7 } }, "LambdaConfig": {}, "LastModifiedDate": "2022-01-24T18:17:53.331000+00:00", "CreationDate": "2021-08-13T07:41:50.072000+00:00", "SchemaAttributes": [ { "Name": "sub", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": false, "Required": true, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "2048" } }, { "Name": "name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "given_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": true, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "family_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": true, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "middle_name", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "nickname", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "preferred_username", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "profile", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "picture", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "website", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": true, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "email", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": true, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "email_verified", "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false }, { "Name": "gender", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "birthdate", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "10", "MaxLength": "10" } }, { "Name": "zoneinfo", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "locale", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "phone_number", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "phone_number_verified", "AttributeDataType": "Boolean", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false }, { "Name": "address", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "0", "MaxLength": "2048" } }, { "Name": "updated_at", "AttributeDataType": "Number", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "NumberAttributeConstraints": { "MinValue": "0" } }, { "Name": "custom:company", "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Required": false, "StringAttributeConstraints": { "MinLength": "1", "MaxLength": "256" } } ], "AutoVerifiedAttributes": [ "email" ], "UsernameAttributes": [ "email" ], "SmsVerificationMessage": "Your verification code is {####}", "EmailVerificationMessage": "Your verification code is {####}", "EmailVerificationSubject": "Your verification code", "VerificationMessageTemplate": { "SmsMessage": "Your verification code is {####}", "EmailMessage": "Your verification code is {####}", "EmailSubject": "Your verification code", "DefaultEmailOption": "CONFIRM_WITH_CODE" }, "SmsAuthenticationMessage": "Your authentication code is {####}", "MfaConfiguration": "OPTIONAL", "EstimatedNumberOfUsers": 8, "EmailConfiguration": { "EmailSendingAccount": "COGNITO_DEFAULT" }, "SmsConfiguration": { "SnsCallerArn": "arn:aws:iam::648051759202:role/snse578150174023-dev", "ExternalId": "wpgurue5781501_role_external_id" }, "UserPoolTags": {}, "SmsConfigurationFailure": "SNSSandbox", "Domain": "wpgurudev", "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": false, "UnusedAccountValidityDays": 7 }, "UsernameConfiguration": { "CaseSensitive": false }, "Arn": "arn:aws:cognito-idp:eu-central-1:648051759202:userpool/eu-central-1_TUbckccOl", "AccountRecoverySetting": {} } }
johnpc
commented
2 years ago the "sub" attribute is normal - I have it too when I spin up a new app - so I would not expect that to be the cause.
johnpc
commented
2 years ago One more idea of something to check. in your amplify/backend/auth/{name}/build folder, can you send parameters.json and *-cloudformation-template.json?
sandeep-pracbee
commented
2 years ago parameters:
{
"identityPoolName": "practiceplatformidentitypool",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "practi0dfe6ad1",
"userPoolName": "practiceplatformuserpool",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "PracBee Practice Platform | Confirm Your Registration",
"emailVerificationMessage": "You're almost there! Activate your account now by entering the following code: '{####}'.",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": "8",
"passwordPolicyCharacters": [
"Requires Lowercase",
"Requires Uppercase",
"Requires Numbers"
],
"requiredAttributes": [
"email",
"name"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [],
"userpoolClientReadAttributes": [],
"userpoolClientLambdaRole": "practi0dfe6ad1_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"authSelections": "identityPoolAndUserPool",
"resourceName": "practiceplatformauth",
"serviceName": "Cognito",
"useDefault": "manual",
"sharedId": "0dfe6ad1",
"userPoolGroupList": [
"practiceplatformadmins",
"practiceplatformstudents",
"practiceplatformreviewers",
"practiceplatformcreators",
"practiceplatforteachers"
],
"userPoolGroups": false,
"usernameCaseSensitive": false,
"verificationBucketName": "practiceplatformauthverificationbucket",
"adminQueries": true,
"adminQueryGroup": "practiceplatformadmins",
"hostedUI": false,
"thirdPartyAuth": false,
"authProviders": [],
"triggers": "{\"PostConfirmation\":[\"add-to-group\"],\"PreSignup\":[\"custom\"]}",
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"useEnabledMfas": false,
"dependsOn": [
{
"category": "function",
"resourceName": "practiceplatformauthPostConfirmation",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
},
{
"category": "function",
"resourceName": "practiceplatformauthPreSignup",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
}
],
"parentStack": {
"Ref": "AWS::StackId"
},
"permissions": [
"{\"policyName\":\"AddToGroupCognito\",\"trigger\":\"PostConfirmation\",\"effect\":\"Allow\",\"actions\":[\"cognito-idp:AdminAddUserToGroup\",\"cognito-idp:GetGroup\",\"cognito-idp:CreateGroup\"],\"resource\":{\"paramType\":\"!GetAtt\",\"keys\":[\"UserPool\",\"Arn\"]}}"
],
"authTriggerConnections": [
"{\"triggerType\":\"PostConfirmation\",\"lambdaFunctionName\":\"practiceplatformauthPostConfirmation\"}",
"{\"triggerType\":\"PreSignUp\",\"lambdaFunctionName\":\"practiceplatformauthPreSignup\"}"
]
}cloudformation
{
"Description": "Amplify Cognito Stack for AWS Amplify CLI",
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"env": {
"Type": "String"
},
"functionpracticeplatformauthPostConfirmationArn": {
"Type": "String",
"Default": "functionpracticeplatformauthPostConfirmationArn"
},
"functionpracticeplatformauthPostConfirmationName": {
"Type": "String",
"Default": "functionpracticeplatformauthPostConfirmationName"
},
"functionpracticeplatformauthPreSignupArn": {
"Type": "String",
"Default": "functionpracticeplatformauthPreSignupArn"
},
"functionpracticeplatformauthPreSignupName": {
"Type": "String",
"Default": "functionpracticeplatformauthPreSignupName"
},
"identityPoolName": {
"Type": "String"
},
"allowUnauthenticatedIdentities": {
"Type": "String"
},
"resourceNameTruncated": {
"Type": "String"
},
"userPoolName": {
"Type": "String"
},
"autoVerifiedAttributes": {
"Type": "CommaDelimitedList"
},
"mfaConfiguration": {
"Type": "String"
},
"mfaTypes": {
"Type": "CommaDelimitedList"
},
"smsAuthenticationMessage": {
"Type": "String"
},
"smsVerificationMessage": {
"Type": "String"
},
"emailVerificationSubject": {
"Type": "String"
},
"emailVerificationMessage": {
"Type": "String"
},
"defaultPasswordPolicy": {
"Type": "String"
},
"passwordPolicyMinLength": {
"Type": "String"
},
"passwordPolicyCharacters": {
"Type": "CommaDelimitedList"
},
"requiredAttributes": {
"Type": "CommaDelimitedList"
},
"aliasAttributes": {
"Type": "CommaDelimitedList"
},
"userpoolClientGenerateSecret": {
"Type": "String"
},
"userpoolClientRefreshTokenValidity": {
"Type": "String"
},
"userpoolClientWriteAttributes": {
"Type": "CommaDelimitedList"
},
"userpoolClientReadAttributes": {
"Type": "CommaDelimitedList"
},
"userpoolClientLambdaRole": {
"Type": "String"
},
"userpoolClientSetAttributes": {
"Type": "String"
},
"authSelections": {
"Type": "String"
},
"resourceName": {
"Type": "String"
},
"serviceName": {
"Type": "String"
},
"useDefault": {
"Type": "String"
},
"sharedId": {
"Type": "String"
},
"userPoolGroupList": {
"Type": "CommaDelimitedList"
},
"userPoolGroups": {
"Type": "String"
},
"usernameCaseSensitive": {
"Type": "String"
},
"verificationBucketName": {
"Type": "String"
},
"adminQueries": {
"Type": "String"
},
"adminQueryGroup": {
"Type": "String"
},
"hostedUI": {
"Type": "String"
},
"thirdPartyAuth": {
"Type": "String"
},
"authProviders": {
"Type": "CommaDelimitedList"
},
"triggers": {
"Type": "String"
},
"authRoleArn": {
"Type": "String"
},
"unauthRoleArn": {
"Type": "String"
},
"breakCircularDependency": {
"Type": "String"
},
"useEnabledMfas": {
"Type": "String"
},
"dependsOn": {
"Type": "CommaDelimitedList"
},
"parentStack": {
"Type": "String"
},
"permissions": {
"Type": "CommaDelimitedList"
},
"authTriggerConnections": {
"Type": "CommaDelimitedList"
}
},
"Conditions": {
"ShouldNotCreateEnvResources": {
"Fn::Equals": [
{
"Ref": "env"
},
"NONE"
]
},
"ShouldOutputAppClientSecrets": {
"Fn::Equals": [
{
"Ref": "userpoolClientGenerateSecret"
},
true
]
}
},
"Resources": {
"CustomMessageConfirmationBucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"AccessControl": "Private",
"BucketName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
{
"Ref": "verificationBucketName"
},
{
"Fn::Join": [
"-",
[
{
"Ref": "verificationBucketName"
},
{
"Ref": "env"
}
]
]
}
]
},
"CorsConfiguration": {
"CorsRules": [
{
"AllowedHeaders": [
"Authorization",
"Content-length"
],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"*"
],
"MaxAge": 3000
}
]
}
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
},
"SNSRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": [
"sts:AssumeRole"
],
"Condition": {
"StringEquals": {
"sts:ExternalId": "practi0dfe6ad1_role_external_id"
}
}
}
]
},
"Policies": [
{
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": "*"
}
]
},
"PolicyName": "practi0dfe6ad1-sns-policy"
}
],
"RoleName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"practi0dfe6ad1_sns-role",
{
"Fn::Join": [
"",
[
"sns0dfe6ad1",
{
"Fn::Select": [
3,
{
"Fn::Split": [
"-",
{
"Ref": "AWS::StackName"
}
]
}
]
},
"-",
{
"Ref": "env"
}
]
]
}
]
}
}
},
"UserPool": {
"Type": "AWS::Cognito::UserPool",
"Properties": {
"AutoVerifiedAttributes": [
"email"
],
"EmailVerificationMessage": {
"Ref": "emailVerificationMessage"
},
"EmailVerificationSubject": {
"Ref": "emailVerificationSubject"
},
"MfaConfiguration": {
"Ref": "mfaConfiguration"
},
"Policies": {
"PasswordPolicy": {
"MinimumLength": {
"Ref": "passwordPolicyMinLength"
},
"RequireLowercase": true,
"RequireNumbers": true,
"RequireSymbols": false,
"RequireUppercase": true
}
},
"Schema": [
{
"Mutable": true,
"Name": "email",
"Required": true
},
{
"Mutable": true,
"Name": "name",
"Required": true
}
],
"SmsAuthenticationMessage": {
"Ref": "smsAuthenticationMessage"
},
"SmsConfiguration": {
"ExternalId": "practi0dfe6ad1_role_external_id",
"SnsCallerArn": {
"Fn::GetAtt": [
"SNSRole",
"Arn"
]
}
},
"SmsVerificationMessage": {
"Ref": "smsVerificationMessage"
},
"UsernameConfiguration": {
"CaseSensitive": false
},
"UserPoolName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
{
"Ref": "userPoolName"
},
{
"Fn::Join": [
"",
[
{
"Ref": "userPoolName"
},
"-",
{
"Ref": "env"
}
]
]
}
]
}
}
},
"UserPoolClientWeb": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"UserPoolId": {
"Ref": "UserPool"
},
"ClientName": "practi0dfe6ad1_app_clientWeb",
"RefreshTokenValidity": {
"Ref": "userpoolClientRefreshTokenValidity"
}
},
"DependsOn": [
"UserPool"
]
},
"UserPoolClient": {
"Type": "AWS::Cognito::UserPoolClient",
"Properties": {
"UserPoolId": {
"Ref": "UserPool"
},
"ClientName": "practi0dfe6ad1_app_client",
"GenerateSecret": {
"Ref": "userpoolClientGenerateSecret"
},
"RefreshTokenValidity": {
"Ref": "userpoolClientRefreshTokenValidity"
}
},
"DependsOn": [
"UserPool"
]
},
"UserPoolClientRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"RoleName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
{
"Ref": "userpoolClientLambdaRole"
},
{
"Fn::Join": [
"",
[
"upClientLambdaRole0dfe6ad1",
{
"Fn::Select": [
3,
{
"Fn::Split": [
"-",
{
"Ref": "AWS::StackName"
}
]
}
]
},
"-",
{
"Ref": "env"
}
]
]
}
]
}
},
"DependsOn": [
"UserPoolClient"
]
},
"UserPoolClientLambda": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Code": {
"ZipFile": "const response = require('cfn-response');\nconst aws = require('aws-sdk');\nconst identity = new aws.CognitoIdentityServiceProvider();\nexports.handler = (event, context, callback) => {\n if (event.RequestType == 'Delete') {\n response.send(event, context, response.SUCCESS, {});\n }\n if (event.RequestType == 'Update' || event.RequestType == 'Create') {\n const params = {\n ClientId: event.ResourceProperties.clientId,\n UserPoolId: event.ResourceProperties.userpoolId,\n };\n identity\n .describeUserPoolClient(params)\n .promise()\n .then(res => {\n response.send(event, context, response.SUCCESS, { appSecret: res.UserPoolClient.ClientSecret });\n })\n .catch(err => {\n response.send(event, context, response.FAILED, { err });\n });\n }\n};\n"
},
"Role": {
"Fn::GetAtt": [
"UserPoolClientRole",
"Arn"
]
},
"Handler": "index.handler",
"Runtime": "nodejs12.x",
"Timeout": 300
},
"DependsOn": [
"UserPoolClientRole"
]
},
"UserPoolClientLambdaPolicy": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-idp:DescribeUserPoolClient"
],
"Resource": {
"Fn::GetAtt": [
"UserPool",
"Arn"
]
}
}
]
},
"PolicyName": "practi0dfe6ad1_userpoolclient_lambda_iam_policy",
"Roles": [
{
"Ref": "UserPoolClientRole"
}
]
},
"DependsOn": [
"UserPoolClientLambda"
]
},
"UserPoolClientLogPolicy": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": {
"Fn::Sub": [
"arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
{
"region": {
"Ref": "AWS::Region"
},
"account": {
"Ref": "AWS::AccountId"
},
"lambda": {
"Ref": "UserPoolClientLambda"
}
}
]
}
}
]
},
"PolicyName": "practi0dfe6ad1_userpoolclient_lambda_log_policy",
"Roles": [
{
"Ref": "UserPoolClientRole"
}
]
},
"DependsOn": [
"UserPoolClientLambdaPolicy"
]
},
"UserPoolClientInputs": {
"Type": "Custom::LambdaCallout",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"UserPoolClientLambda",
"Arn"
]
},
"clientId": {
"Ref": "UserPoolClient"
},
"userpoolId": {
"Ref": "UserPool"
}
},
"DependsOn": [
"UserPoolClientLogPolicy"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"IdentityPool": {
"Type": "AWS::Cognito::IdentityPool",
"Properties": {
"AllowUnauthenticatedIdentities": {
"Ref": "allowUnauthenticatedIdentities"
},
"CognitoIdentityProviders": [
{
"ClientId": {
"Ref": "UserPoolClient"
},
"ProviderName": {
"Fn::Sub": [
"cognito-idp.${region}.amazonaws.com/${client}",
{
"region": {
"Ref": "AWS::Region"
},
"client": {
"Ref": "UserPool"
}
}
]
}
},
{
"ClientId": {
"Ref": "UserPoolClientWeb"
},
"ProviderName": {
"Fn::Sub": [
"cognito-idp.${region}.amazonaws.com/${client}",
{
"region": {
"Ref": "AWS::Region"
},
"client": {
"Ref": "UserPool"
}
}
]
}
}
],
"IdentityPoolName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"practiceplatformidentitypool",
{
"Fn::Join": [
"",
[
"practiceplatformidentitypool__",
{
"Ref": "env"
}
]
]
}
]
}
},
"DependsOn": [
"UserPoolClientInputs"
]
},
"IdentityPoolRoleMap": {
"Type": "AWS::Cognito::IdentityPoolRoleAttachment",
"Properties": {
"IdentityPoolId": {
"Ref": "IdentityPool"
},
"Roles": {
"unauthenticated": {
"Ref": "unauthRoleArn"
},
"authenticated": {
"Ref": "authRoleArn"
}
}
},
"DependsOn": [
"IdentityPool"
]
}
},
"Outputs": {
"IdentityPoolId": {
"Description": "Id for the identity pool",
"Value": {
"Ref": "IdentityPool"
}
},
"IdentityPoolName": {
"Value": {
"Fn::GetAtt": [
"IdentityPool",
"Name"
]
}
},
"UserPoolId": {
"Description": "Id for the user pool",
"Value": {
"Ref": "UserPool"
}
},
"UserPoolArn": {
"Description": "Arn for the user pool",
"Value": {
"Fn::GetAtt": [
"UserPool",
"Arn"
]
}
},
"UserPoolName": {
"Value": {
"Ref": "userPoolName"
}
},
"AppClientIDWeb": {
"Description": "The user pool app client id for web",
"Value": {
"Ref": "UserPoolClientWeb"
}
},
"AppClientID": {
"Description": "The user pool app client id",
"Value": {
"Ref": "UserPoolClient"
}
},
"AppClientSecret": {
"Value": {
"Fn::GetAtt": [
"UserPoolClientInputs",
"appSecret"
]
},
"Condition": "ShouldOutputAppClientSecrets"
},
"CreatedSNSRole": {
"Description": "role arn",
"Value": {
"Fn::GetAtt": [
"SNSRole",
"Arn"
]
}
}
}
}Looking over this I do not see anything out of place between this and the resource you've got deployed to the cloud. I am not sure why CloudFormation is failing and rolling back in your case. Did this start happening in v7.6.9? downgrading does not fix it? Are there any additional details in your CloudFormation console? When you run amplify status does it show that auth needs to be updated? If so do you know why?
sandeep-pracbee
commented
2 years ago Downgrading doesn't help and I am just stuck with this. I was trying to recreate Adminqueries as I accidentally created 2 AdminQueries function and I thought that it was the reason for failure. Even if I restore, my Amplify deploys fails.
johnpc
commented
2 years ago does amplify status show Auth needs to be updated?
If you amplify pull this environment into a new directory, can you immediately not run amplify push? Sometimes when there's something borked in my local state, and I don't mind losing any local unpushed changes, I'll just remove my entire amplify directory and re-pull it back into my app.
dbeck121
commented
2 years ago does
amplify statusshow Auth needs to be updated?If you
amplify pullthis environment into a new directory, can you immediately not runamplify push? Sometimes when there's something borked in my local state, and I don't mind losing any local unpushed changes, I'll just remove my entireamplifydirectory and re-pull it back into my app.
Hi, I tried removing amplify folder. Amplify auth says "no change" but when changing the order of attributes for example.
Problem occurs when doing amplify push auth or regular amplify push.
Would it help you to get a copy or access to my project?
BR
johnpc
commented
2 years ago @dbeck121 would you mind a opening a separate ticket for this conversation?
The topic of this issue is the issue that @Shomari reported, where, due to a bug fixed by https://github.com/aws-amplify/amplify-cli/pull/9251, Amplify created Cognito user pools with requiredAttributes that do not line up with those that the project is configured to request. The workaround for that issue is to update cli-inputs.json to reflect those in the deployed Cognito user pool.
Since your issue appears to have a different root cause I'd like to explore it separately.
jladdison
commented
2 years ago If you
amplify pullthis environment into a new directory, can you immediately not runamplify push? Sometimes when there's something borked in my local state, and I don't mind losing any local unpushed changes, I'll just remove my entireamplifydirectory and re-pull it back into my app.
I am having the same issue. amplify pull did not fix it.
Here is what I did:
Still get this error when pushing:
UPDATE_FAILED UserPool AWS::Cognito::UserPool Mon Jan 24 2022 12:32:06 GMT-0800 (Pacific Standard Time) Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: c5760a9d-035f-4de7-a8ab-309a1fa7be7d; Proxy: null)
Also, my required attributes are correct, using amplify 7.6.12 now, and rolling back to amplify 7.6.8 before this did not work.
dbeck121
commented
2 years ago @johnpc sure: https://github.com/aws-amplify/amplify-cli/issues/9593
jladdison
commented
2 years ago I was finally able to get amplify push to work. It appears that it was the same problem with requiredAttributes, but it was presenting itself differently.
Required Attributes in the Cognito Console showed both name and email:
(NOTE: replaced my app id with 'myapp1234' in the paths below)
amplify/backend/auth/myapp1234/cli-inputs.json had:
"requiredAttributes": [ "email", "name" ],
amplify/backend/auth/myapp1234/build/myapp1234-cloudformation-template.json had:
"Schema": [ { "Mutable": true, "Name": "email", "Required": true }, { "Mutable": true, "Name": "name", "Required": true }
amplify/#current-cloud-backend/auth/myapp1234/cli-inputs.json had:
"requiredAttributes": [ "email", "name" ],
amplify/#current-cloud-backend/auth/myapp1234/build/myapp1234-cloudformation-template.json had:
"Schema": [ { "Mutable": true, "Name": "name", "Required": true } ],
So the only incorrect file was the cloudformation-template file in the #current-cloud-backend directory. Everything else appeared correct.
I removed "email" from the amplify/backend/auth/myapp1234/cli-inputs.json file as @johnpc suggested. I then did an amplify push and everything worked. All the above files now show only the name attribute.
Strangely, the Cognito console still shows both "name" and "email". It does not appear to be causing a problem for me though.
This obviously does not solve the root issue that caused the sync drift, but it got me up and running again after several days of frustration and downtime.
Hopefully this helps everyone else that has this issue.
Before opening, please confirm:
How did you install the Amplify CLI?
npm
If applicable, what version of Node.js are you using?
14.17.3
Amplify CLI Version
7.6.5
What operating system are you using?
mac
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
No manual changes made
Amplify Categories
auth, analytics
Amplify Commands
push
Describe the bug
I can't push changes from amplify cli or deploy code. I am always getting error " Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException"
Expected behavior
I should be able to make changes and have my builds complete
Reproduction steps
Added analytics to an already existing project that had auth and api I believe this made some changes to my user pool but not exactly sure what it did. Now I can't build or push new changes
GraphQL schema(s)
Log output
Additional information
exact same issue as https://github.com/aws-amplify/amplify-cli/issues/2309 but it appears this has come back. Also seems like some else is having the same issue but they closed their issue https://github.com/aws-amplify/amplify-cli/issues/9510