Ampilfy push or build gives me "Invalid AttributeDataType input" error after adding analytics to existing project auth that was building fine

Before opening, please confirm:

[X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
[X] I have searched for duplicate or closed issues.
[X] I have read the guide for submitting bug reports.
[X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

14.17.3

Amplify CLI Version

7.6.5

What operating system are you using?

mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Amplify Categories

auth, analytics

Amplify Commands

push

Describe the bug

I can't push changes from amplify cli or deploy code. I am always getting error " Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException"

Expected behavior

I should be able to make changes and have my builds complete

Reproduction steps

Added analytics to an already existing project that had auth and api I believe this made some changes to my user pool but not exactly sure what it did. Now I can't build or push new changes

GraphQL schema(s)

```graphql # Put schemas below this line ```

Log output

``` # Put your logs below this line `This will overwrite your current graphql queries, mutations and subscriptions Yes ⠙ Updating resources in the cloud. This may take a few minutes... UPDATE_IN_PROGRESS amplify-recommendednext-dev-135335 AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:43 GMT-0600 (Central Standard Time) User Initiated ⠏ Updating resources in the cloud. This may take a few minutes... UPDATE_IN_PROGRESS analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:49 GMT-0600 (Central Standard Time) UPDATE_IN_PROGRESS apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:50 GMT-0600 (Central Standard Time) UPDATE_IN_PROGRESS authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:50 GMT-0600 (Central Standard Time) UPDATE_COMPLETE analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:51 GMT-0600 (Central Standard Time) ⠦ Updating resources in the cloud. This may take a few minutes... UPDATE_IN_PROGRESS amplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:51 GMT-0600 (Central Standard Time) User Initiated ⠧ Updating resources in the cloud. This may take a few minutes... UPDATE_IN_PROGRESS amplify-recommendednext-dev-135335-apirecommendednext-IV5UBMFSEAPP AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:50 GMT-0600 (Central Standard Time) User Initiated ⠴ Updating resources in the cloud. This may take a few minutes... UPDATE_IN_PROGRESS hu Jan 13 2022 12:52:58 GMT-0600 (Central Standard Time) UPDATE_IN_PROGRESS GraphQLAPITransformerSchema3CB2AE18 AWS::AppSync::GraphQLSchema Thu Jan 13 2022 12:52:58 GMT-0600 (Central Standard Time) ⠏ Updating resources in the cloud. This may take a few minutes... UPDATE_COMPLETE Thu Jan 13 2022 12:53:00 GMT-0600 (Central Standard Time) ⠸ Updating resources in the cloud. This may take a few minutes... UPDATE_IN_PROGRESS UserPool AWS::Cognito::UserPool Thu Jan 13 2022 12:53:03 GMT-0600 (Central Standard Time) ⠏ Updating resources in the cloud. This may take a few minutes... UPDATE_FAILED UserPool AWS::Cognito::UserPool Thu Jan 13 2022 12:53:07 GMT-0600 (Central Standard Time) Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: da231749-bcfb-4c6f-9aaa-80f13849794e; Proxy: null) UPDATE_ROLLBACK_IN_PROGRESS amplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:08 GMT-0600 (Central Standard Time) The following resource(s) failed to update: [UserPool]. ⠋ Updating resources in the cloud. This may take a few minutes... UPDATE_FAILED authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:13 GMT-0600 (Central Standard Time) Embedded stack arn:aws:cloudformation:us-east-1:606803379457:stack/amplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB/e88b2a20-724f-11ec-a572-0a85688e4491 was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [UserPool]. ⠦ Updating resources in the cloud. This may take a few minutes... UPDATE_ROLLBACK_IN_PROGRESS amplify-recommendednext-dev-135335-apirecommendednext-IV5UBMFSEAPP AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:14 GMT-0600 (Central Standard Time) Initiated by parent stack UPDATE_FAILED GraphQLAPITransformerSchema3CB2AE18 AWS::AppSync::GraphQLSchema Thu Jan 13 2022 12:53:14 GMT-0600 (Central Standard Time) Resource update cancelled ⠹ Updating resources in the cloud. This may take a few minutes... UPDATE_FAILED apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:25 GMT-0600 (Central Standard Time) Resource update cancelled ⠙ Updating resources in the cloud. This may take a few minutes... UPDATE_ROLLBACK_IN_PROGRESS amplify-recommendednext-dev-135335 AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:26 GMT-0600 (Central Standard Time) The following resource(s) failed to update: [apirecommendednext, authrecommended]. ⠇ Updating resources in the cloud. This may take a few minutes... UPDATE_IN_PROGRESS apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:47 GMT-0600 (Central Standard Time) UPDATE_IN_PROGRESS analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:47 GMT-0600 (Central Standard Time) UPDATE_IN_PROGRESS authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:48 GMT-0600 (Central Standard Time) UPDATE_COMPLETE analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:48 GMT-0600 (Central Standard Time) ⠼ Updating resources in the cloud. This may take a few minutes... UPDATE_COMPLETE UserPool AWS::Cognito::UserPool Thu Jan 13 2022 12:54:18 GMT-0600 (Central Standard Time) UPDATE_IN_PROGRESS GraphQLAPITransformerSchema3CB2AE18 AWS::AppSync::GraphQLSchema Thu Jan 13 2022 12:54:17 GMT-0600 (Central Standard Time) UPDATE_IN_PROGRESS GraphQLAPIDefaultApiKey215A6DD7 AWS::AppSync::ApiKey Thu Jan 13 2022 12:54:17 GMT-0600 (Central Standard Time) UPDATE_COMPLETE GraphQLAPIDefaultApiKey215A6DD7 AWS::AppSync::ApiKey Thu Jan 13 2022 12:54:19 GMT-0600 (Central Standard Time) ⠇ Updating resources in the cloud. This may take a few minutes... UPDATE_COMPLETE apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:22 GMT-0600 (Central Standard Time) ⠸ Updating resources in the cloud. This may take a few minutes... UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:29 GMT-0600 (Central Standard Time) ⠧ Updating resources in the cloud. This may take a few minutes... UPDATE_COMPLETE authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:35 GMT-0600 (Central Standard Time) UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-recommendednext-dev-135335 AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:38 GMT-0600 (Central Standard Time) ⠧ Updating resources in the cloud. This may take a few minutes... UPDATE_COMPLETE analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:40 GMT-0600 (Central Standard Time) ⠙ Updating resources in the cloud. This may take a few minutes... UPDATE_COMPLETE authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:50 GMT-0600 (Central Standard Time) UPDATE_COMPLETE apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:50 GMT-0600 (Central Standard Time) UPDATE_ROLLBACK_COMPLETE amplify-recommendednext-dev-135335 AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:50 GMT-0600 (Central Standard Time) ⠦ Updating resources in the cloud. This may take a few minutes... Following resources failed Resource Name: us-east-1_90zp5zw6q (AWS::Cognito::UserPool) Event Type: update Reason: Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: da231749-bcfb-4c6f-9aaa-80f13849794e; Proxy: null) URL: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/arn%3Aaws%3Acloudformation%3Aus-east-1%3A606803379457%3Astack%2Famplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB%2Fe88b2a20-724f-11ec-a572-0a85688e4491/events Resource Name: xedizi2s55fctk4dhw2ufv7rwmGraphQLSchema (AWS::AppSync::GraphQLSchema) Event Type: update Reason: Resource update cancelled URL: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/arn%3Aaws%3Acloudformation%3Aus-east-1%3A606803379457%3Astack%2Famplify-recommendednext-dev-135335-apirecommendednext-IV5UBMFSEAPP%2F3b188f00-7253-11ec-8e7c-0a492b04931b/events ```

Additional information

exact same issue as https://github.com/aws-amplify/amplify-cli/issues/2309 but it appears this has come back. Also seems like some else is having the same issue but they closed their issue https://github.com/aws-amplify/amplify-cli/issues/9510

@jladdison 's solution above helped me but it's certainly a strange error. My Cloudformation template all matched except for the one that was being pulled from remote. What's stranger is that I hadn't actually done a push on the project in quite some time so I can't really pinpoint when the requiredAttributes property was updated. In short, nothing had changed until I updated the CLI version. Seems the initial stages. of the push with the new CLI version modified the CF template and dropped all but one requiredAttribute?

Hallelujah! @jladdison's s solution worked for me too. I have been trying to fix this on and off since last Friday.

Although I question the long term reliability of this. My #current-cloud-backend cloudformation template only had 1 (given_name) of the 3 standard attributes that are currently ticked in my User Pool, in the Schema section. So I did as @jladdison did and removed the other 2 (email and family_name) from cli-inputs.json as @johnpc suggested. The "amplify push" worked (although that had been working previously) and importantly a push to git and subsequent build worked. The joys and frustration of black boxes.

I question the long term stability of this simply because it doesn't match "reality", or what Cognito shows. I presume the Amplify team can now fix this?

This change only happened when I tried an "amplify update auth" last week, running on an older version of the CLI. I then moved forward to 7.6.8, but that in itself didn't work. I suspect it will be safe to move forward to the latest version now. I'm pretty sure I experienced the same as @dwamianm above.

Since #current-cloud-backend isn't in git, you can't see that it's been changed.

@jladdison's solution also worked for me! Even though the error I was facing is not exactly the same (My cli-inputs.json file had many different RequiredAttributes since I created the User Pool and suddenly stopped working), the process he explains did the magic for me.

First it worked when executing amplify push and also worked after the git push and automatic Amplify Build in the cloud.

Huge thanks to @jladdison. This worked for me too.

amplify/#current-cloud-backend/auth/myapp1234/build/myapp1234-cloudformation-template.json had:

@jladdison where is that "current-cloud-backend? I only have one myapp1234-cloudformation-template.json !

for me I only have that file looking the same as you amplify/backend/auth/myapp1234/build/myapp1234-cloudformation-template.json:

"Schema": [ { "Mutable": true, "Name": "email", "Required": true }, { "Mutable": true, "Name": "name", "Required": true }

unfortunately I don't understand the fix, there is my issue which is a mixed issue

@voyagebagage , check your filesystem. I'm using VSCode for this project, and it hides the #current-cloud-backend folder in the explorer inside VSCode.

so I think I have the opposite problem I have that in the console: Capture d’écran 2022-02-02 à 13 40 00

but in other files I have "email" and "name" and only in #current-cloud-backend I have only name:

"Schema": [
          {
            "Mutable": true,
            "Name": "name",
            "Required": true
          }
        ],

when I try to add email here I get that issue:

     An error occurred when pushing the resources to the cloud

ResourceNotReady: Resource is not in the state stackUpdateComplete at constructor.setError (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/resource_waiter.js:182:47) at Request.CHECK_ACCEPTORS (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/resource_waiter.js:44:12) at Request.callListeners (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/state_machine.js:14:12) at /Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request. (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:38:9) at Request. (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:116:18) at Request.emit (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/state_machine.js:14:12) at /Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request. (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:38:9) at Request. (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:116:18) at callNextListener (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:96:12) at IncomingMessage.onEnd (/Users/sedatif2/.npm-global/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/event_listeners.js:335:13) at IncomingMessage.emit (events.js:412:35) at IncomingMessage.emit (domain.js:470:12) at endReadableNT (internal/streams/readable.js:1317:12) at processTicksAndRejections (internal/process/task_queues.js:82:21)

and when I remove name from cli-input.json I get that error:

"Cognito configuration in the cloud has drifted from local configuration. Present changes cannot be pushed until drift is fixed. requiredAttributes requested is ["name"], but ["email","name"] is required by Cognito configuration. Update /Users/sedatif2/iCloud Drive (Archive)/Documents/file1/fileOfMyProject/amplify/backend/auth/authName/cli-inputs.json to continue."

@voyagebagage please check what I did, you appear to have the same problem from looking at the error report at the end of your post.

My #current-cloud-backend also only had one standard attribute. You mustn't edit the #current-cloud-backend file, you must make your cli-inputs.json match it - ie remove the "extra" attributes from cli-inputs.json, don't add them to the file in #current-cloud-backend.

Hope that helps.

@voyagebagage It looks like you have the same issue that I had. See https://github.com/aws-amplify/amplify-cli/issues/9525#issuecomment-1020860520

It looks like what you tried was slightly different than what I did.

You should NOT add 'email' to amplify/#current-cloud-backend/auth/myapp1234/build/myapp1234-cloudformation-template.json, which looks like it was your first attempt.

You should also NOT remove 'name' from your amplify/backend/auth/myapp1234/cli-inputs.json, which looks like your second attempt

Make sure you restore those files to what they were before you made those changes.

You SHOULD remove 'email' from amplify/backend/auth/myapp1234/cli-inputs.json.

"requiredAttributes": [ "name" ],

then do 'amplify push'.

Hopefully that helps. If not, try 'amplify pull' and then make the change above again.

If that still does not work, then post the values for all 4 files like I did here: https://github.com/aws-amplify/amplify-cli/issues/9525#issuecomment-1020860520

Let us know how it goes.

IMPORTANT

If you don't need to keep your users or your data, then I believe an easier solution is to just create a new environment with 'amplify init'. This will create a completely new (and clean) environment that I believe will work properly.

I did not know that when I was trying to find a solution so I just wanted to point it out. Hopefully it will help some people that just have messed up development environments.

You probably don't want to do this for production environments with active users though, since they will not be in the new environment. I believe it is possible to manually move the users to the new Cognito pool, but as @johnpc pointed out here: https://github.com/aws-amplify/amplify-cli/issues/9525#issuecomment-1020379609 it is not recommended unless you really know what you are doing.

@jladdison thanks for your answer ,

I didn't remove 'name' but 'email from amplify/backend/auth/myapp1234/cli-inputs.json and got the second error, the drift one

But I'll give it another shot, and yes thought about starting from ground 0 but I was lazy to do the migration. Its my first issue due to a new CLI version, I will also need to re-create my post confirmation function etc..

thanks anyway

Customers in #9532 are reporting downgrade to CLI v7.6.8 works around this issue

@johnpc I'm facing the same issue and it can't be resolved after downgrading the amplify CLI to v7.6.8 There are some custom:attributes were added manually to the Cognito. I can run amplify push couple days ago without any problem.

UPDATE_FAILED UserPool AWS::Cognito::UserPool  Fri Feb 04 2022 00:02:35 GMT+1100 (Australian Eastern Daylight Time) Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 5766d0a9-0141-49da-ae1f-54d5bd8e12f8; Proxy: null)

{
  "version": "1",
  "cognitoConfig": {
    "resourceNameTruncated": "amplifb7e0ab32",
    "userPoolName": "fortifyfox",
    "autoVerifiedAttributes": [
      "email"
    ],
    "mfaConfiguration": "OFF",
    "mfaTypes": [
      "SMS Text Message"
    ],
    "smsAuthenticationMessage": "Your authentication code is {####}",
    "smsVerificationMessage": "Your verification code is {####}",
    "emailVerificationSubject": "Your verification code",
    "emailVerificationMessage": "Your verification code is {####}",
    "defaultPasswordPolicy": false,
    "passwordPolicyMinLength": 8,
    "passwordPolicyCharacters": [],
    "requiredAttributes": [
      "email",
      "family_name",
      "given_name"
    ],
    "aliasAttributes": [],
    "userpoolClientGenerateSecret": false,
    "userpoolClientRefreshTokenValidity": 30,
    "userpoolClientWriteAttributes": [
      "email"
    ],
    "userpoolClientReadAttributes": [
      "email"
    ],
    "userpoolClientLambdaRole": "fortifb7e0ab32_userpoolclient_lambda_role",
    "userpoolClientSetAttributes": false,
    "authSelections": "userPoolOnly",
    "resourceName": "fortifyfox",
    "serviceName": "Cognito",
    "useDefault": "manual",
    "sharedId": "b7e0ab32",
    "userPoolGroupList": [],
    "userPoolGroups": false,
    "usernameAttributes": [
      "email"
    ],
    "usernameCaseSensitive": false,
    "adminQueries": false,
    "hostedUI": true,
    "triggers": {
      "CustomMessage": [
        "custom"
      ],
      "PostConfirmation": [
        "add-to-group",
        "custom"
      ],
      "PreSignup": [
        "custom"
      ]
    },
    "authRoleArn": {
      "Fn::GetAtt": [
        "AuthRole",
        "Arn"
      ]
    },
    "unauthRoleArn": {
      "Fn::GetAtt": [
        "UnauthRole",
        "Arn"
      ]
    },
    "breakCircularDependency": true,
    "useEnabledMfas": false,
    "dependsOn": [
      {
        "category": "function",
        "resourceName": "fortifyfoxCustomMessage",
        "triggerProvider": "Cognito",
        "attributes": [
          "Arn",
          "Name"
        ]
      },
      {
        "category": "function",
        "resourceName": "fortifyfoxPostConfirmation",
        "triggerProvider": "Cognito",
        "attributes": [
          "Arn",
          "Name"
        ]
      },
      {
        "category": "function",
        "resourceName": "fortifyfoxPreSignup",
        "triggerProvider": "Cognito",
        "attributes": [
          "Arn",
          "Name"
        ]
      }
    ],
    "permissions": [
      "{\n  \"policyName\": \"AddToGroupCognito\",\n  \"trigger\": \"PostConfirmation\",\n  \"effect\": \"Allow\",\n  \"actions\": [\n    \"cognito-idp:AdminAddUserToGroup\",\n    \"cognito-idp:GetGroup\",\n    \"cognito-idp:CreateGroup\"\n  ],\n  \"resource\": {\n    \"paramType\": \"!GetAtt\",\n    \"keys\": [\n      \"UserPool\",\n      \"Arn\"\n    ]\n  }\n}"
    ],
    "authTriggerConnections": "[\n  {\n    \"triggerType\": \"CustomMessage\",\n    \"lambdaFunctionName\": \"fortifyfoxCustomMessage\"\n  },\n  {\n    \"triggerType\": \"PostConfirmation\",\n    \"lambdaFunctionName\": \"fortifyfoxPostConfirmation\"\n  },\n  {\n    \"triggerType\": \"PreSignUp\",\n    \"lambdaFunctionName\": \"fortifyfoxPreSignup\"\n  }\n]",
    "parentStack": {
      "Ref": "AWS::StackId"
    },
    "hostedUIDomainName": "dev-googlesignin",
    "authProvidersUserPool": [
      "Google"
    ],
    "hostedUIProviderMeta": "[{\"ProviderName\":\"Google\",\"authorize_scopes\":\"openid email profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"family_name\",\"given_name\":\"given_name\",\"username\":\"sub\"}}]",
    "oAuthMetadata": "{\"AllowedOAuthFlows\":[\"implicit\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:8878/\",\"https://dev.fortifyfox.com/\"],\"LogoutURLs\":[\"http://localhost:8878/\",\"https://dev.fortifyfox.com/\"]}",
    "authProviders": []
  }
}

@voyagebagage It looks like you have the same issue that I had. See #9525 (comment)

It looks like what you tried was slightly different than what I did.

You should NOT add 'email' to amplify/#current-cloud-backend/auth/myapp1234/build/myapp1234-cloudformation-template.json, which looks like it was your first attempt.

You should also NOT remove 'name' from your amplify/backend/auth/myapp1234/cli-inputs.json, which looks like your second attempt

Make sure you restore those files to what they were before you made those changes.

You SHOULD remove 'email' from amplify/backend/auth/myapp1234/cli-inputs.json.

"requiredAttributes": [ "name" ],

then do 'amplify push'.

Hopefully that helps. If not, try 'amplify pull' and then make the change above again.

If that still does not work, then post the values for all 4 files like I did here: #9525 (comment)

Let us know how it goes.

so I followed that and it is not working, I did a 100 times cmd+z in each files and get rid of

"email"

I get the drift error

To get to that error I just did upgrade the CLI and I'm pushing from another place in the world, could it be it ? the UserPool is for Singapore location so 'ap-southeast-1' and now I'm pushing form central Europe or the custom attributes?

@voyagebagage to be able to help you, please post the following files:

your-project/backend/auth/your-project/cli-inputs.json had: your-project>/backend/auth/your-project/build/your-project-cloudformation-template.json

your-project/#current-cloud-backend/auth/your-project/cli-inputs.json your-project/#current-cloud-backend/auth/your-project/build/your-project-cloudformation-template.json

I have the same drift error ,when I try to match the required attributes, I was before in 7.6.8 cli version, I have upgraded to the latest one , maybe that's the cause

@DuncanHouston sorry for the late answer

here it is :

your-project/backend/auth/your-project/cli-inputs.json

{
  "version": "1",
  "cognitoConfig": {
    "identityPoolName": "dashboardXXXXXXX_identitypool_XXXXX",
    "allowUnauthenticatedIdentities": false,
    "resourceNameTruncated": "dashbo85950a7d",
    "userPoolName": "dashboardXXXXXXX_userpool_XXXXXX",
    "autoVerifiedAttributes": ["email"],
    "mfaConfiguration": "OFF",
    "mfaTypes": ["SMS Text Message"],
    "smsAuthenticationMessage": "Your authentication code is {####}",
    "smsVerificationMessage": "Your verification code is {####}",
    "emailVerificationSubject": "Your verification code",
    "emailVerificationMessage": "Your verification code is {####}",
    "defaultPasswordPolicy": false,
    "passwordPolicyMinLength": 8,
    "passwordPolicyCharacters": [],
    "requiredAttributes": ["name"],
    "aliasAttributes": [],
    "userpoolClientGenerateSecret": false,
    "userpoolClientRefreshTokenValidity": 30,
    "userpoolClientWriteAttributes": ["email"],
    "userpoolClientReadAttributes": ["email"],
    "userpoolClientLambdaRole": "dashbo85950a7d_userpoolclient_lambda_role",
    "userpoolClientSetAttributes": false,
    "sharedId": "XXXXXX",
    "resourceName": "dashboardXXXXXXXXX",
    "authSelections": "identityPoolAndUserPool",
    "useDefault": "default",
    "usernameAttributes": ["email"],
    "userPoolGroups": true,
    "adminQueries": false,
    "triggers": {
      "PostConfirmation": ["custom"]
    },
    "hostedUI": false,
    "userPoolGroupList": ["Admin", "Agent", "Client"],
    "serviceName": "Cognito",
    "usernameCaseSensitive": false,
    "useEnabledMfas": false,
    "authRoleArn": {
      "Fn::GetAtt": ["AuthRole", "Arn"]
    },
    "unauthRoleArn": {
      "Fn::GetAtt": ["UnauthRole", "Arn"]
    },
    "breakCircularDependency": true,
    "dependsOn": [
      {
        "category": "function",
        "resourceName": "dashboardXXXXXXXXPostConfirmation",
        "triggerProvider": "Cognito",
        "attributes": ["Arn", "Name"]
      }
    ],
    "permissions": [],
    "authTriggerConnections": "[\n  {\n    \"triggerType\": \"PostConfirmation\",\n    \"lambdaFunctionName\": \"dashboardXXXXXXXXPostConfirmation\"\n  }\n]",
    "authProviders": [],
    "parentStack": {
      "Ref": "AWS::StackId"
    }
  }
}

your-project>/backend/auth/your-project/build/your-project-cloudformation-template.json

{
  "Description": "Amplify Cognito Stack for AWS Amplify CLI",
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "env": {
      "Type": "String"
    },
    "functiondashboardXXXXXXXXdPostConfirmationArn": {
      "Type": "String",
      "Default": "functiondashboardXXXXXXXXdPostConfirmationArn"
    },
    "functiondashboardXXXXXXXXdPostConfirmationName": {
      "Type": "String",
      "Default": "functiondashboardXXXXXXXXdPostConfirmationName"
    },
    "identityPoolName": {
      "Type": "String"
    },
    "allowUnauthenticatedIdentities": {
      "Type": "String"
    },
    "resourceNameTruncated": {
      "Type": "String"
    },
    "userPoolName": {
      "Type": "String"
    },
    "autoVerifiedAttributes": {
      "Type": "CommaDelimitedList"
    },
    "mfaConfiguration": {
      "Type": "String"
    },
    "mfaTypes": {
      "Type": "CommaDelimitedList"
    },
    "smsAuthenticationMessage": {
      "Type": "String"
    },
    "smsVerificationMessage": {
      "Type": "String"
    },
    "emailVerificationSubject": {
      "Type": "String"
    },
    "emailVerificationMessage": {
      "Type": "String"
    },
    "defaultPasswordPolicy": {
      "Type": "String"
    },
    "passwordPolicyMinLength": {
      "Type": "String"
    },
    "passwordPolicyCharacters": {
      "Type": "CommaDelimitedList"
    },
    "requiredAttributes": {
      "Type": "CommaDelimitedList"
    },
    "aliasAttributes": {
      "Type": "CommaDelimitedList"
    },
    "userpoolClientGenerateSecret": {
      "Type": "String"
    },
    "userpoolClientRefreshTokenValidity": {
      "Type": "String"
    },
    "userpoolClientWriteAttributes": {
      "Type": "CommaDelimitedList"
    },
    "userpoolClientReadAttributes": {
      "Type": "CommaDelimitedList"
    },
    "userpoolClientLambdaRole": {
      "Type": "String"
    },
    "userpoolClientSetAttributes": {
      "Type": "String"
    },
    "sharedId": {
      "Type": "String"
    },
    "resourceName": {
      "Type": "String"
    },
    "authSelections": {
      "Type": "String"
    },
    "useDefault": {
      "Type": "String"
    },
    "usernameAttributes": {
      "Type": "CommaDelimitedList"
    },
    "userPoolGroups": {
      "Type": "String"
    },
    "adminQueries": {
      "Type": "String"
    },
    "triggers": {
      "Type": "String"
    },
    "hostedUI": {
      "Type": "String"
    },
    "userPoolGroupList": {
      "Type": "CommaDelimitedList"
    },
    "serviceName": {
      "Type": "String"
    },
    "usernameCaseSensitive": {
      "Type": "String"
    },
    "useEnabledMfas": {
      "Type": "String"
    },
    "authRoleArn": {
      "Type": "String"
    },
    "unauthRoleArn": {
      "Type": "String"
    },
    "breakCircularDependency": {
      "Type": "String"
    },
    "dependsOn": {
      "Type": "CommaDelimitedList"
    },
    "permissions": {
      "Type": "CommaDelimitedList"
    },
    "authTriggerConnections": {
      "Type": "CommaDelimitedList"
    },
    "authProviders": {
      "Type": "CommaDelimitedList"
    },
    "parentStack": {
      "Type": "String"
    }
  },
  "Conditions": {
    "ShouldNotCreateEnvResources": {
      "Fn::Equals": [
        {
          "Ref": "env"
        },
        "NONE"
      ]
    },
    "ShouldOutputAppClientSecrets": {
      "Fn::Equals": [
        {
          "Ref": "userpoolClientGenerateSecret"
        },
        true
      ]
    }
  },
  "Resources": {
    "SNSRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "",
              "Effect": "Allow",
              "Principal": {
                "Service": "cognito-idp.amazonaws.com"
              },
              "Action": [
                "sts:AssumeRole"
              ],
              "Condition": {
                "StringEquals": {
                  "sts:ExternalId": "dashbo85950a7d_role_external_id"
                }
              }
            }
          ]
        },
        "Policies": [
          {
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "sns:Publish"
                  ],
                  "Resource": "*"
                }
              ]
            },
            "PolicyName": "dashbo85950a7d-sns-policy"
          }
        ],
        "RoleName": {
          "Fn::If": [
            "ShouldNotCreateEnvResources",
            "dashbo85950a7d_sns-role",
            {
              "Fn::Join": [
                "",
                [
                  "sns85950a7d",
                  {
                    "Fn::Select": [
                      3,
                      {
                        "Fn::Split": [
                          "-",
                          {
                            "Ref": "AWS::StackName"
                          }
                        ]
                      }
                    ]
                  },
                  "-",
                  {
                    "Ref": "env"
                  }
                ]
              ]
            }
          ]
        }
      }
    },
    "UserPool": {
      "Type": "AWS::Cognito::UserPool",
      "Properties": {
        "AutoVerifiedAttributes": [
          "email"
        ],
        "EmailVerificationMessage": {
          "Ref": "emailVerificationMessage"
        },
        "EmailVerificationSubject": {
          "Ref": "emailVerificationSubject"
        },
        "MfaConfiguration": {
          "Ref": "mfaConfiguration"
        },
        "Policies": {
          "PasswordPolicy": {
            "MinimumLength": {
              "Ref": "passwordPolicyMinLength"
            },
            "RequireLowercase": false,
            "RequireNumbers": false,
            "RequireSymbols": false,
            "RequireUppercase": false
          }
        },
        "Schema": [
          {
            "Mutable": true,
            "Name": "name",
            "Required": true
          }
        ],
        "SmsAuthenticationMessage": {
          "Ref": "smsAuthenticationMessage"
        },
        "SmsConfiguration": {
          "ExternalId": "dashbo85950a7d_role_external_id",
          "SnsCallerArn": {
            "Fn::GetAtt": [
              "SNSRole",
              "Arn"
            ]
          }
        },
        "SmsVerificationMessage": {
          "Ref": "smsVerificationMessage"
        },
        "UsernameAttributes": {
          "Ref": "usernameAttributes"
        },
        "UsernameConfiguration": {
          "CaseSensitive": false
        },
        "UserPoolName": {
          "Fn::If": [
            "ShouldNotCreateEnvResources",
            {
              "Ref": "userPoolName"
            },
            {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "userPoolName"
                  },
                  "-",
                  {
                    "Ref": "env"
                  }
                ]
              ]
            }
          ]
        }
      }
    },
    "UserPoolClientWeb": {
      "Type": "AWS::Cognito::UserPoolClient",
      "Properties": {
        "UserPoolId": {
          "Ref": "UserPool"
        },
        "ClientName": "dashbo85950a7d_app_clientWeb",
        "RefreshTokenValidity": {
          "Ref": "userpoolClientRefreshTokenValidity"
        }
      },
      "DependsOn": [
        "UserPool"
      ]
    },
    "UserPoolClient": {
      "Type": "AWS::Cognito::UserPoolClient",
      "Properties": {
        "UserPoolId": {
          "Ref": "UserPool"
        },
        "ClientName": "dashbo85950a7d_app_client",
        "GenerateSecret": {
          "Ref": "userpoolClientGenerateSecret"
        },
        "RefreshTokenValidity": {
          "Ref": "userpoolClientRefreshTokenValidity"
        }
      },
      "DependsOn": [
        "UserPool"
      ]
    },
    "UserPoolClientRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              },
              "Action": "sts:AssumeRole"
            }
          ]
        },
        "RoleName": {
          "Fn::If": [
            "ShouldNotCreateEnvResources",
            {
              "Ref": "userpoolClientLambdaRole"
            },
            {
              "Fn::Join": [
                "",
                [
                  "upClientLambdaRole85950a7d",
                  {
                    "Fn::Select": [
                      3,
                      {
                        "Fn::Split": [
                          "-",
                          {
                            "Ref": "AWS::StackName"
                          }
                        ]
                      }
                    ]
                  },
                  "-",
                  {
                    "Ref": "env"
                  }
                ]
              ]
            }
          ]
        }
      },
      "DependsOn": [
        "UserPoolClient"
      ]
    },
    "UserPoolClientLambda": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
          "ZipFile": "const response = require('cfn-response');\nconst aws = require('aws-sdk');\nconst identity = new aws.CognitoIdentityServiceProvider();\nexports.handler = (event, context, callback) => {\n  if (event.RequestType == 'Delete') {\n    response.send(event, context, response.SUCCESS, {});\n  }\n  if (event.RequestType == 'Update' || event.RequestType == 'Create') {\n    const params = {\n      ClientId: event.ResourceProperties.clientId,\n      UserPoolId: event.ResourceProperties.userpoolId,\n    };\n    identity\n      .describeUserPoolClient(params)\n      .promise()\n      .then(res => {\n        response.send(event, context, response.SUCCESS, { appSecret: res.UserPoolClient.ClientSecret });\n      })\n      .catch(err => {\n        response.send(event, context, response.FAILED, { err });\n      });\n  }\n};\n"
        },
        "Role": {
          "Fn::GetAtt": [
            "UserPoolClientRole",
            "Arn"
          ]
        },
        "Handler": "index.handler",
        "Runtime": "nodejs12.x",
        "Timeout": 300
      },
      "DependsOn": [
        "UserPoolClientRole"
      ]
    },
    "UserPoolClientLambdaPolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "cognito-idp:DescribeUserPoolClient"
              ],
              "Resource": {
                "Fn::GetAtt": [
                  "UserPool",
                  "Arn"
                ]
              }
            }
          ]
        },
        "PolicyName": "dashbo85950a7d_userpoolclient_lambda_iam_policy",
        "Roles": [
          {
            "Ref": "UserPoolClientRole"
          }
        ]
      },
      "DependsOn": [
        "UserPoolClientLambda"
      ]
    },
    "UserPoolClientLogPolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Resource": {
                "Fn::Sub": [
                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
                  {
                    "region": {
                      "Ref": "AWS::Region"
                    },
                    "account": {
                      "Ref": "AWS::AccountId"
                    },
                    "lambda": {
                      "Ref": "UserPoolClientLambda"
                    }
                  }
                ]
              }
            }
          ]
        },
        "PolicyName": "dashbo85950a7d_userpoolclient_lambda_log_policy",
        "Roles": [
          {
            "Ref": "UserPoolClientRole"
          }
        ]
      },
      "DependsOn": [
        "UserPoolClientLambdaPolicy"
      ]
    },
    "UserPoolClientInputs": {
      "Type": "Custom::LambdaCallout",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "UserPoolClientLambda",
            "Arn"
          ]
        },
        "clientId": {
          "Ref": "UserPoolClient"
        },
        "userpoolId": {
          "Ref": "UserPool"
        }
      },
      "DependsOn": [
        "UserPoolClientLogPolicy"
      ],
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete"
    },
    "IdentityPool": {
      "Type": "AWS::Cognito::IdentityPool",
      "Properties": {
        "AllowUnauthenticatedIdentities": {
          "Ref": "allowUnauthenticatedIdentities"
        },
        "CognitoIdentityProviders": [
          {
            "ClientId": {
              "Ref": "UserPoolClient"
            },
            "ProviderName": {
              "Fn::Sub": [
                "cognito-idp.${region}.amazonaws.com/${client}",
                {
                  "region": {
                    "Ref": "AWS::Region"
                  },
                  "client": {
                    "Ref": "UserPool"
                  }
                }
              ]
            }
          },
          {
            "ClientId": {
              "Ref": "UserPoolClientWeb"
            },
            "ProviderName": {
              "Fn::Sub": [
                "cognito-idp.${region}.amazonaws.com/${client}",
                {
                  "region": {
                    "Ref": "AWS::Region"
                  },
                  "client": {
                    "Ref": "UserPool"
                  }
                }
              ]
            }
          }
        ],
        "IdentityPoolName": {
          "Fn::If": [
            "ShouldNotCreateEnvResources",
            "dashboardXXXXXXXX_identitypool_85950a7d",
            {
              "Fn::Join": [
                "",
                [
                  "dashboardXXXXXXXX_identitypool_85950a7d__",
                  {
                    "Ref": "env"
                  }
                ]
              ]
            }
          ]
        }
      },
      "DependsOn": [
        "UserPoolClientInputs"
      ]
    },
    "IdentityPoolRoleMap": {
      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
      "Properties": {
        "IdentityPoolId": {
          "Ref": "IdentityPool"
        },
        "Roles": {
          "unauthenticated": {
            "Ref": "unauthRoleArn"
          },
          "authenticated": {
            "Ref": "authRoleArn"
          }
        }
      },
      "DependsOn": [
        "IdentityPool"
      ]
    }
  },
  "Outputs": {
    "IdentityPoolId": {
      "Description": "Id for the identity pool",
      "Value": {
        "Ref": "IdentityPool"
      }
    },
    "IdentityPoolName": {
      "Value": {
        "Fn::GetAtt": [
          "IdentityPool",
          "Name"
        ]
      }
    },
    "UserPoolId": {
      "Description": "Id for the user pool",
      "Value": {
        "Ref": "UserPool"
      }
    },
    "UserPoolArn": {
      "Description": "Arn for the user pool",
      "Value": {
        "Fn::GetAtt": [
          "UserPool",
          "Arn"
        ]
      }
    },
    "UserPoolName": {
      "Value": {
        "Ref": "userPoolName"
      }
    },
    "AppClientIDWeb": {
      "Description": "The user pool app client id for web",
      "Value": {
        "Ref": "UserPoolClientWeb"
      }
    },
    "AppClientID": {
      "Description": "The user pool app client id",
      "Value": {
        "Ref": "UserPoolClient"
      }
    },
    "AppClientSecret": {
      "Value": {
        "Fn::GetAtt": [
          "UserPoolClientInputs",
          "appSecret"
        ]
      },
      "Condition": "ShouldOutputAppClientSecrets"
    },
    "CreatedSNSRole": {
      "Description": "role arn",
      "Value": {
        "Fn::GetAtt": [
          "SNSRole",
          "Arn"
        ]
      }
    }
  }
}

your-project/#current-cloud-backend/auth/your-project/cli-inputs.json

{
  "version": "1",
  "cognitoConfig": {
    "identityPoolName": "dashboardXXXXXXX_identitypool_85950a7d",
    "allowUnauthenticatedIdentities": false,
    "resourceNameTruncated": "dashbo85950a7d",
    "userPoolName": "dashboardXXXXXXX_userpool_85950a7d",
    "autoVerifiedAttributes": [
      "email"
    ],
    "mfaConfiguration": "OFF",
    "mfaTypes": [
      "SMS Text Message"
    ],
    "smsAuthenticationMessage": "Your authentication code is {####}",
    "smsVerificationMessage": "Your verification code is {####}",
    "emailVerificationSubject": "Your verification code",
    "emailVerificationMessage": "Your verification code is {####}",
    "defaultPasswordPolicy": false,
    "passwordPolicyMinLength": 8,
    "passwordPolicyCharacters": [],
    "requiredAttributes": [
      "email",
      "name"
    ],
    "aliasAttributes": [],
    "userpoolClientGenerateSecret": false,
    "userpoolClientRefreshTokenValidity": 30,
    "userpoolClientWriteAttributes": [
      "email"
    ],
    "userpoolClientReadAttributes": [
      "email"
    ],
    "userpoolClientLambdaRole": "dashbo85950a7d_userpoolclient_lambda_role",
    "userpoolClientSetAttributes": false,
    "sharedId": "85950a7d",
    "resourceName": "dashboardXXXXXXX",
    "authSelections": "identityPoolAndUserPool",
    "useDefault": "default",
    "usernameAttributes": [
      "email"
    ],
    "userPoolGroups": true,
    "adminQueries": false,
    "triggers": {
      "PostConfirmation": [
        "custom"
      ]
    },
    "hostedUI": false,
    "userPoolGroupList": [
      "Admin",
      "Agent",
      "Client"
    ],
    "serviceName": "Cognito",
    "usernameCaseSensitive": false,
    "useEnabledMfas": false,
    "authRoleArn": {
      "Fn::GetAtt": [
        "AuthRole",
        "Arn"
      ]
    },
    "unauthRoleArn": {
      "Fn::GetAtt": [
        "UnauthRole",
        "Arn"
      ]
    },
    "breakCircularDependency": true,
    "dependsOn": [
      {
        "category": "function",
        "resourceName": "dashboardXXXXXXXdPostConfirmation",
        "triggerProvider": "Cognito",
        "attributes": [
          "Arn",
          "Name"
        ]
      }
    ],
    "permissions": [],
    "authTriggerConnections": "[\n  {\n    \"triggerType\": \"PostConfirmation\",\n    \"lambdaFunctionName\": \"dashboardforninjagqlXXXXXXXXdPostConfirmation\"\n  }\n]",
    "authProviders": [],
    "parentStack": {
      "Ref": "AWS::StackId"
    }
  }
}

your-project/#current-cloud-backend/auth/your-project/build/your-project-cloudformation-template.json

{
  "Description": "Amplify Cognito Stack for AWS Amplify CLI",
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "env": {
      "Type": "String"
    },
    "functiondashboardXXXXXXPostConfirmationArn": {
      "Type": "String",
      "Default": "functiondashboardXXXXXXXXdPostConfirmationArn"
    },
    "functiondashboardXXXXXXXXPostConfirmationName": {
      "Type": "String",
      "Default": "functiondashboardXXXXXXXdPostConfirmationName"
    },
    "identityPoolName": {
      "Type": "String"
    },
    "allowUnauthenticatedIdentities": {
      "Type": "String"
    },
    "resourceNameTruncated": {
      "Type": "String"
    },
    "userPoolName": {
      "Type": "String"
    },
    "autoVerifiedAttributes": {
      "Type": "CommaDelimitedList"
    },
    "mfaConfiguration": {
      "Type": "String"
    },
    "mfaTypes": {
      "Type": "CommaDelimitedList"
    },
    "smsAuthenticationMessage": {
      "Type": "String"
    },
    "smsVerificationMessage": {
      "Type": "String"
    },
    "emailVerificationSubject": {
      "Type": "String"
    },
    "emailVerificationMessage": {
      "Type": "String"
    },
    "defaultPasswordPolicy": {
      "Type": "String"
    },
    "passwordPolicyMinLength": {
      "Type": "String"
    },
    "passwordPolicyCharacters": {
      "Type": "CommaDelimitedList"
    },
    "requiredAttributes": {
      "Type": "CommaDelimitedList"
    },
    "aliasAttributes": {
      "Type": "CommaDelimitedList"
    },
    "userpoolClientGenerateSecret": {
      "Type": "String"
    },
    "userpoolClientRefreshTokenValidity": {
      "Type": "String"
    },
    "userpoolClientWriteAttributes": {
      "Type": "CommaDelimitedList"
    },
    "userpoolClientReadAttributes": {
      "Type": "CommaDelimitedList"
    },
    "userpoolClientLambdaRole": {
      "Type": "String"
    },
    "userpoolClientSetAttributes": {
      "Type": "String"
    },
    "sharedId": {
      "Type": "String"
    },
    "resourceName": {
      "Type": "String"
    },
    "authSelections": {
      "Type": "String"
    },
    "useDefault": {
      "Type": "String"
    },
    "usernameAttributes": {
      "Type": "CommaDelimitedList"
    },
    "userPoolGroups": {
      "Type": "String"
    },
    "adminQueries": {
      "Type": "String"
    },
    "triggers": {
      "Type": "String"
    },
    "hostedUI": {
      "Type": "String"
    },
    "userPoolGroupList": {
      "Type": "CommaDelimitedList"
    },
    "serviceName": {
      "Type": "String"
    },
    "usernameCaseSensitive": {
      "Type": "String"
    },
    "useEnabledMfas": {
      "Type": "String"
    },
    "authRoleArn": {
      "Type": "String"
    },
    "unauthRoleArn": {
      "Type": "String"
    },
    "breakCircularDependency": {
      "Type": "String"
    },
    "dependsOn": {
      "Type": "CommaDelimitedList"
    },
    "permissions": {
      "Type": "CommaDelimitedList"
    },
    "authTriggerConnections": {
      "Type": "CommaDelimitedList"
    },
    "authProviders": {
      "Type": "CommaDelimitedList"
    },
    "parentStack": {
      "Type": "String"
    }
  },
  "Conditions": {
    "ShouldNotCreateEnvResources": {
      "Fn::Equals": [
        {
          "Ref": "env"
        },
        "NONE"
      ]
    },
    "ShouldOutputAppClientSecrets": {
      "Fn::Equals": [
        {
          "Ref": "userpoolClientGenerateSecret"
        },
        true
      ]
    }
  },
  "Resources": {
    "SNSRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Sid": "",
              "Effect": "Allow",
              "Principal": {
                "Service": "cognito-idp.amazonaws.com"
              },
              "Action": [
                "sts:AssumeRole"
              ],
              "Condition": {
                "StringEquals": {
                  "sts:ExternalId": "dashbo85950a7d_role_external_id"
                }
              }
            }
          ]
        },
        "Policies": [
          {
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "sns:Publish"
                  ],
                  "Resource": "*"
                }
              ]
            },
            "PolicyName": "dashbo85950a7d-sns-policy"
          }
        ],
        "RoleName": {
          "Fn::If": [
            "ShouldNotCreateEnvResources",
            "dashbo85950a7d_sns-role",
            {
              "Fn::Join": [
                "",
                [
                  "sns85950a7d",
                  {
                    "Fn::Select": [
                      3,
                      {
                        "Fn::Split": [
                          "-",
                          {
                            "Ref": "AWS::StackName"
                          }
                        ]
                      }
                    ]
                  },
                  "-",
                  {
                    "Ref": "env"
                  }
                ]
              ]
            }
          ]
        }
      }
    },
    "UserPool": {
      "Type": "AWS::Cognito::UserPool",
      "Properties": {
        "AutoVerifiedAttributes": [
          "email"
        ],
        "EmailVerificationMessage": {
          "Ref": "emailVerificationMessage"
        },
        "EmailVerificationSubject": {
          "Ref": "emailVerificationSubject"
        },
        "MfaConfiguration": {
          "Ref": "mfaConfiguration"
        },
        "Policies": {
          "PasswordPolicy": {
            "MinimumLength": {
              "Ref": "passwordPolicyMinLength"
            },
            "RequireLowercase": false,
            "RequireNumbers": false,
            "RequireSymbols": false,
            "RequireUppercase": false
          }
        },
        "Schema": [
          {
            "Mutable": true,
            "Name": "name",
            "Required": true
          }
        ],
        "SmsAuthenticationMessage": {
          "Ref": "smsAuthenticationMessage"
        },
        "SmsConfiguration": {
          "ExternalId": "dashbo85950a7d_role_external_id",
          "SnsCallerArn": {
            "Fn::GetAtt": [
              "SNSRole",
              "Arn"
            ]
          }
        },
        "SmsVerificationMessage": {
          "Ref": "smsVerificationMessage"
        },
        "UsernameAttributes": {
          "Ref": "usernameAttributes"
        },
        "UsernameConfiguration": {
          "CaseSensitive": false
        },
        "UserPoolName": {
          "Fn::If": [
            "ShouldNotCreateEnvResources",
            {
              "Ref": "userPoolName"
            },
            {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "userPoolName"
                  },
                  "-",
                  {
                    "Ref": "env"
                  }
                ]
              ]
            }
          ]
        }
      }
    },
    "UserPoolClientWeb": {
      "Type": "AWS::Cognito::UserPoolClient",
      "Properties": {
        "UserPoolId": {
          "Ref": "UserPool"
        },
        "ClientName": "dashbo85950a7d_app_clientWeb",
        "RefreshTokenValidity": {
          "Ref": "userpoolClientRefreshTokenValidity"
        }
      },
      "DependsOn": [
        "UserPool"
      ]
    },
    "UserPoolClient": {
      "Type": "AWS::Cognito::UserPoolClient",
      "Properties": {
        "UserPoolId": {
          "Ref": "UserPool"
        },
        "ClientName": "dashbo85950a7d_app_client",
        "GenerateSecret": {
          "Ref": "userpoolClientGenerateSecret"
        },
        "RefreshTokenValidity": {
          "Ref": "userpoolClientRefreshTokenValidity"
        }
      },
      "DependsOn": [
        "UserPool"
      ]
    },
    "UserPoolClientRole": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              },
              "Action": "sts:AssumeRole"
            }
          ]
        },
        "RoleName": {
          "Fn::If": [
            "ShouldNotCreateEnvResources",
            {
              "Ref": "userpoolClientLambdaRole"
            },
            {
              "Fn::Join": [
                "",
                [
                  "upClientLambdaRole85950a7d",
                  {
                    "Fn::Select": [
                      3,
                      {
                        "Fn::Split": [
                          "-",
                          {
                            "Ref": "AWS::StackName"
                          }
                        ]
                      }
                    ]
                  },
                  "-",
                  {
                    "Ref": "env"
                  }
                ]
              ]
            }
          ]
        }
      },
      "DependsOn": [
        "UserPoolClient"
      ]
    },
    "UserPoolClientLambda": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
          "ZipFile": "const response = require('cfn-response');\nconst aws = require('aws-sdk');\nconst identity = new aws.CognitoIdentityServiceProvider();\nexports.handler = (event, context, callback) => {\n  if (event.RequestType == 'Delete') {\n    response.send(event, context, response.SUCCESS, {});\n  }\n  if (event.RequestType == 'Update' || event.RequestType == 'Create') {\n    const params = {\n      ClientId: event.ResourceProperties.clientId,\n      UserPoolId: event.ResourceProperties.userpoolId,\n    };\n    identity\n      .describeUserPoolClient(params)\n      .promise()\n      .then(res => {\n        response.send(event, context, response.SUCCESS, { appSecret: res.UserPoolClient.ClientSecret });\n      })\n      .catch(err => {\n        response.send(event, context, response.FAILED, { err });\n      });\n  }\n};\n"
        },
        "Role": {
          "Fn::GetAtt": [
            "UserPoolClientRole",
            "Arn"
          ]
        },
        "Handler": "index.handler",
        "Runtime": "nodejs12.x",
        "Timeout": 300
      },
      "DependsOn": [
        "UserPoolClientRole"
      ]
    },
    "UserPoolClientLambdaPolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "cognito-idp:DescribeUserPoolClient"
              ],
              "Resource": {
                "Fn::GetAtt": [
                  "UserPool",
                  "Arn"
                ]
              }
            }
          ]
        },
        "PolicyName": "dashbo85950a7d_userpoolclient_lambda_iam_policy",
        "Roles": [
          {
            "Ref": "UserPoolClientRole"
          }
        ]
      },
      "DependsOn": [
        "UserPoolClientLambda"
      ]
    },
    "UserPoolClientLogPolicy": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Resource": {
                "Fn::Sub": [
                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
                  {
                    "region": {
                      "Ref": "AWS::Region"
                    },
                    "account": {
                      "Ref": "AWS::AccountId"
                    },
                    "lambda": {
                      "Ref": "UserPoolClientLambda"
                    }
                  }
                ]
              }
            }
          ]
        },
        "PolicyName": "dashbo85950a7d_userpoolclient_lambda_log_policy",
        "Roles": [
          {
            "Ref": "UserPoolClientRole"
          }
        ]
      },
      "DependsOn": [
        "UserPoolClientLambdaPolicy"
      ]
    },
    "UserPoolClientInputs": {
      "Type": "Custom::LambdaCallout",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "UserPoolClientLambda",
            "Arn"
          ]
        },
        "clientId": {
          "Ref": "UserPoolClient"
        },
        "userpoolId": {
          "Ref": "UserPool"
        }
      },
      "DependsOn": [
        "UserPoolClientLogPolicy"
      ],
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete"
    },
    "IdentityPool": {
      "Type": "AWS::Cognito::IdentityPool",
      "Properties": {
        "AllowUnauthenticatedIdentities": {
          "Ref": "allowUnauthenticatedIdentities"
        },
        "CognitoIdentityProviders": [
          {
            "ClientId": {
              "Ref": "UserPoolClient"
            },
            "ProviderName": {
              "Fn::Sub": [
                "cognito-idp.${region}.amazonaws.com/${client}",
                {
                  "region": {
                    "Ref": "AWS::Region"
                  },
                  "client": {
                    "Ref": "UserPool"
                  }
                }
              ]
            }
          },
          {
            "ClientId": {
              "Ref": "UserPoolClientWeb"
            },
            "ProviderName": {
              "Fn::Sub": [
                "cognito-idp.${region}.amazonaws.com/${client}",
                {
                  "region": {
                    "Ref": "AWS::Region"
                  },
                  "client": {
                    "Ref": "UserPool"
                  }
                }
              ]
            }
          }
        ],
        "IdentityPoolName": {
          "Fn::If": [
            "ShouldNotCreateEnvResources",
            "dashboardforninjagql85950a7d_identitypool_85950a7d",
            {
              "Fn::Join": [
                "",
                [
                  "dashboardforninjagql85950a7d_identitypool_85950a7d__",
                  {
                    "Ref": "env"
                  }
                ]
              ]
            }
          ]
        }
      },
      "DependsOn": [
        "UserPoolClientInputs"
      ]
    },
    "IdentityPoolRoleMap": {
      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
      "Properties": {
        "IdentityPoolId": {
          "Ref": "IdentityPool"
        },
        "Roles": {
          "unauthenticated": {
            "Ref": "unauthRoleArn"
          },
          "authenticated": {
            "Ref": "authRoleArn"
          }
        }
      },
      "DependsOn": [
        "IdentityPool"
      ]
    }
  },
  "Outputs": {
    "IdentityPoolId": {
      "Description": "Id for the identity pool",
      "Value": {
        "Ref": "IdentityPool"
      }
    },
    "IdentityPoolName": {
      "Value": {
        "Fn::GetAtt": [
          "IdentityPool",
          "Name"
        ]
      }
    },
    "UserPoolId": {
      "Description": "Id for the user pool",
      "Value": {
        "Ref": "UserPool"
      }
    },
    "UserPoolArn": {
      "Description": "Arn for the user pool",
      "Value": {
        "Fn::GetAtt": [
          "UserPool",
          "Arn"
        ]
      }
    },
    "UserPoolName": {
      "Value": {
        "Ref": "userPoolName"
      }
    },
    "AppClientIDWeb": {
      "Description": "The user pool app client id for web",
      "Value": {
        "Ref": "UserPoolClientWeb"
      }
    },
    "AppClientID": {
      "Description": "The user pool app client id",
      "Value": {
        "Ref": "UserPoolClient"
      }
    },
    "AppClientSecret": {
      "Value": {
        "Fn::GetAtt": [
          "UserPoolClientInputs",
          "appSecret"
        ]
      },
      "Condition": "ShouldOutputAppClientSecrets"
    },
    "CreatedSNSRole": {
      "Description": "role arn",
      "Value": {
        "Fn::GetAtt": [
          "SNSRole",
          "Arn"
        ]
      }
    }
  }
}

@voyagebagage

OK, I think I might be able to help. These are the key parts of how you files look now:

your-project/backend/auth/your-project/cli-inputs.json { ... "requiredAttributes": ["name"], ... }

your-project/backend/auth/your-project/build/your-project-cloudformation-template.json { ... "Schema": [ { "Mutable": true, "Name": "name", "Required": true } ], ... }

your-project/#current-cloud-backend/auth/your-project/cli-inputs.json { ... "requiredAttributes": [ "email", "name" ], ... }

your-project/#current-cloud-backend/auth/your-project/build/your-project-cloudformation-template.json { ... "Schema": [ { "Mutable": true, "Name": "name", "Required": true } ], ... }

Right. So firstly my understanding is your cli-inputs and cloudformation-templates should pair up. Your first pair does, second doesn't. My guess is you added "email" to your-project/#current-cloud-backend/auth/your-project/cli-inputs.json? Check against your user pool or source control and revert the file that changed.

Secondly, the files in #current-cloud-backend represent what's currently live. You need to change the other pair to match this pair.

In short, I think if you remove "email" from your-project/#current-cloud-backend/auth/your-project/cli-inputs.json it will work.

Try that, hope it works

@DuncanHouston I didn't add "email" like I said it is required because when I do like you suggest and remove it I have that error:

Cognito configuration in the cloud has drifted from local configuration. Present changes cannot be pushed until drift is fixed. requiredAttributes requested is ["name"], but ["email","name"] is required by Cognito configuration. Update /Users/sedatif2/iCloud Drive (Archive)/Documents/DEV-World/dashboard/amplify/backend/auth/dashboardXXXXX/cli-inputs.json to continue.

when I remove it and do my amplify push --yes at the fetching time I get that error and the "email" puts itself back in the file and the error shows up

but I'm not sure to understand you when you say:

Check against your user pool or source control and revert the file that changed.

check in the console ? what is source control ?

Thanks anyway for your help

I'm trying to get this to work might be a solution

@voyagebagage I believe I may have been in a similar situation as you and I was able to work through it. The following worked for me:

1) Revert to the amplify-cli version that was being used before trying to update (in my case 7.6.8) 2) Edit the cli-inputs.json to remove the problem requiredAttributes (the ones not in the cloudformation template) 3) amplify push 4) Update amplify-cli (in my case to 7.6.15) 5) amplify push --force

@voyagebagage then perhaps you should try adding email to your-project/#current-cloud-backend/auth/your-project/build/your-project-cloudformation-template.json, since removing it from your-project/#current-cloud-backend/auth/your-project/cli-inputs.json didn't work. The 2 files need to match each other.

So you will be adding: { "Mutable": true, "Name": "email", "Required": true } to your-project/#current-cloud-backend/auth/your-project/build/your-project-cloudformation-template.json with a "," after the current single entry.

Try that.

@voyagebagage then perhaps you should try adding email to your-project/#current-cloud-backend/auth/your-project/build/your-project-cloudformation-template.json, since removing it from your-project/#current-cloud-backend/auth/your-project/cli-inputs.json didn't work. The 2 files need to match each other.

So you will be adding: { "Mutable": true, "Name": "email", "Required": true } to your-project/#current-cloud-backend/auth/your-project/build/your-project-cloudformation-template.json with a "," after the current single entry.

Try that.

this I tried before and still : UPDATE_FAILED UserPool AWS::Cognito::UserPool Wed Feb 09 2022 14:21:00 GMT+0100 (heure normale d’Europe centrale) Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 29185cd8-8b7c-445e-9b7f-1e01ea55c45f; Proxy: null)

but I get my API_Key error to , I don't know if the 2 are related.... I'm pushing with

"createAPIKey": 0,
  "APIKeyExpirationEpoch": -1

as well

@voyagebagage I believe I may have been in a similar situation as you and I was able to work through it. The following worked for me:

Revert to the amplify-cli version that was being used before trying to update (in my case 7.6.8)

Edit the cli-inputs.json to remove the problem requiredAttributes (the ones not in the cloudformation template)

amplify push

Update amplify-cli (in my case to 7.6.15)

amplify push --force

now downgrading doesn't work any CLI cmd through me the error: Invalid feature flag configuration

These feature flags are defined in the "amplify/cli.json" configuration file and are unknown to the currently running Amplify CLI:

graphqltransformer.showfieldauthnotification

This issue likely happens when the project has been pushed with a newer version of Amplify CLI, try updating to a newer version.

Learn more about feature flags: https://docs.amplify.aws/cli/reference/feature-flags

I think I will restart my project only solution left

well I got this when I pushed --force might be a problem of iCloud directory Capture d’écran 2022-02-09 à 17 32 07

So it looks like I'm having this issue again. Two weeks ago I solved this same problem by following @jladdison's solution. Today I came back to publish some changes, before that I was requested to update the cli version to the 7.6.15 version.

When I try to do amplify push I get the following error:

Cognito configuration in the cloud has drifted from local configuration. Present changes cannot be pushed until drift is fixed. requiredAttributes requested is ["phone_number"], but ["email","family_name","given_name","name","phone_number"] is required by Cognito configuration. Update your_amplify_project/amplify/backend/auth/my_userpool/cli-inputs.json to continue.

And here comes the weirdest part of it all, my Cognito configuration in the AWS Management Console asks only for phone_number:

Screen Shot 2022-02-09 at 11 38 05

Screen Shot 2022-02-09 at 11 39 08

If I check my amplify/#current-cloud-backend/auth/my_userpool/cli-inputs.json everything looks right:

"requiredAttributes": ["phone_number"]

Also, my amplify/#current-cloud-backend/auth/my_userpool/buildmy_userpool-UserPool-cloudformation-template.json has only the phone_number attribute declared:

"Schema": [ { "Mutable": true, "Name": "phone_number", "Required": true } ],

When I do amplify push with this configuration (it should work since the only required attribute is the phone_number!) I get the following error:

Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException

Finally, if I go to my Stack Detail -> Parameters in the CloudFormation Console I see the following info:

Screen Shot 2022-02-09 at 11 48 45

I think this is the first time in this thread that we mention this last part Stack-related. I think the error comes from this drift, but I do not know whether we can modify this stack or how this happened. I'm just sharing all this documentation so we can solve it.

I'm going to keep looking for a solution for this.

@d-cifuentes does it still happen if you remove your amplify dir and re-pull?

@johnpc Yes, I have just tried that and is really weird. I did remove the whole amplify folder and pulled again, then I added a new environment variable for one of my functions and pushed again to try.

This is the status of all of my resources in this amplify project:

Screen Shot 2022-02-09 at 12 36 58

There is no change in the Auth section!

Ok, so I found the solution for this error. While reviewing the error logs I found out this message:

An error occurred during the push operation: Resource is not in the state stackUpdateComplete

Googling it I found this StackOverflow question from two years ago, the answer states that we can try and run amplify update auth.

From here I followed these steps:

Walkthrough all the auth configurations
Do not change anything of your current configuration, just press enter
Reached the 'Do you want to specify the user attributes this app can read and write?' question and selected yes
In the 'Specify write attributes' section, all of the required attributes for sign up were selected and I kept them that way
Finally, pushed again and it worked

It looks like updating the auth configuration and re-writing the configuration we selected in the creation of the user pool solves the drift problem.

I hope this can help you guys.

@d-cifuentes thanks for your solution, I try removing the the amplify dir , pull and update auth like you suggested but still doesn't work for me

It is not working for me, we think it is something with a custom attribute we added some time ago.

Sharing my cli-inputs.json:

{
  "version": "1",
  "cognitoConfig": {
    "identityPoolName": "medu1b342794_identitypool_1b342794",
    "allowUnauthenticatedIdentities": true,
    "resourceNameTruncated": "medu1b342794",
    "userPoolName": "medu1b342794_userpool_1b342794",
    "autoVerifiedAttributes": [
      "email"
    ],
    "mfaConfiguration": "OFF",
    "mfaTypes": [
      "SMS Text Message"
    ],
    "smsAuthenticationMessage": "Your authentication code is {####}",
    "smsVerificationMessage": "Your verification code is {####}",
    "emailVerificationSubject": "Your verification code",
    "emailVerificationMessage": "Your verification code is {####}",
    "defaultPasswordPolicy": false,
    "passwordPolicyMinLength": 8,
    "passwordPolicyCharacters": [],
    "requiredAttributes": [
      "birthdate",
      "email",
      "family_name",
      "name"
    ],
    "aliasAttributes": [],
    "userpoolClientGenerateSecret": true,
    "userpoolClientRefreshTokenValidity": 30,
    "userpoolClientWriteAttributes": [
      "birthdate",
      "email",
      "family_name",
      "name"
    ],
    "userpoolClientReadAttributes": [
      "birthdate",
      "email",
      "family_name",
      "name"
    ],
    "userpoolClientLambdaRole": "medu1b1b342794_userpoolclient_lambda_role",
    "userpoolClientSetAttributes": true,
    "authSelections": "identityPoolAndUserPool",
    "resourceName": "medu1b342794",
    "serviceName": "Cognito",
    "useDefault": "manual",
    "sharedId": "1b342794",
    "userPoolGroupList": [
      "Admin",
      "MeduAdmins",
      "MeduClients",
      "MeduUsers"
    ],
    "userPoolGroups": true,
    "usernameAttributes": [
      "email"
    ],
    "adminQueries": true,
    "hostedUI": false,
    "triggers": {
      "PostConfirmation": [
        "add-to-group",
        "custom"
      ],
      "PreSignup": [
        "email-filter-denylist-legacy"
      ]
    },
    "authRoleArn": {
      "Fn::GetAtt": [
        "AuthRole",
        "Arn"
      ]
    },
    "unauthRoleArn": {
      "Fn::GetAtt": [
        "UnauthRole",
        "Arn"
      ]
    },
    "breakCircularDependency": false,
    "useEnabledMfas": false,
    "dependsOn": [
      {
        "category": "function",
        "resourceName": "medu1b342794PostConfirmation",
        "triggerProvider": "Cognito",
        "attributes": [
          "Arn",
          "Name"
        ]
      },
      {
        "category": "function",
        "resourceName": "medu1b342794PreSignup",
        "triggerProvider": "Cognito",
        "attributes": [
          "Arn",
          "Name"
        ]
      }
    ],
    "permissions": [
      "{\n  \"policyName\": \"AddToGroupCognito\",\n  \"trigger\": \"PostConfirmation\",\n  \"effect\": \"Allow\",\n  \"actions\": [\n    \"cognito-idp:AdminAddUserToGroup\",\n    \"cognito-idp:GetGroup\",\n    \"cognito-idp:CreateGroup\"\n  ],\n  \"resource\": {\n    \"paramType\": \"!GetAtt\",\n    \"keys\": [\n      \"UserPool\",\n      \"Arn\"\n    ]\n  }\n}"
    ],
    "authTriggerConnections": [
      "{\"triggerType\":\"PostConfirmation\",\"lambdaFunctionName\":\"medu1b342794PostConfirmation\"}",
      "{\"triggerType\":\"PreSignUp\",\"lambdaFunctionName\":\"medu1b342794PreSignup\"}"
    ],
    "parentStack": {
      "Ref": "AWS::StackId"
    },
    "authProviders": [],
    "thirdPartyAuth": false,
    "adminQueryGroup": "Admin"
  }
}

I am stuck on this...can't go forward or backwards...

Looks like a lot of others are having the issue here: https://github.com/aws/aws-cdk/issues/8585

So the current template has:

"Schema": [ { "Mutable": true, "Name": "phone_number", "Required": true } ],

and the one I am generating has:

"Schema": [ { "Mutable": true, "Name": "email", "Required": true }, { "Mutable": true, "Name": "family_name", "Required": true }, { "Mutable": true, "Name": "given_name", "Required": true }, { "Mutable": true, "Name": "phone_number", "Required": true } ],

The console shows all four items as required...

Removing them all but phone results in an error, that I need all four...

Having them results in the AttributeDataType input error...

I have pulled...and same result...

I have two custom fields, not sure if they are impacting this as well...

team provider seems a bit weird: "categories": { "auth": { "jcmobile": { "facebookAppId": "xxx", "googleClientId": "xxx.apps.googleusercontent.com" }, "userPoolGroups": {}, "true": { "facebookAppId": "xxx", "googleClientId": "xxx.apps.googleusercontent.com" }

....

@GeorgeBellTMH I have exactly the same problem. My previous schema is:

"Schema": [ { "Mutable": true, "Name": "family_name", "Required": true } ]

and my new schema is:

    "Schema": [
      {
        "Mutable": true,
        "Name": "email",
        "Required": true
      },
      {
        "Mutable": true,
        "Name": "given_name",
        "Required": true
      },
      {
        "Mutable": true,
        "Name": "family_name",
        "Required": true
      }
    ],

and I've made no change to the cli-inputs except upgrade amplify-cli

So, my workaround was to amplify override auth...then manually set the schema to the old settings, and ensure the read/write attributes include my custom attributes...

import { AmplifyAuthCognitoStackTemplate } from "@aws-amplify/cli-extensibility-helper"

export function override(resources: AmplifyAuthCognitoStackTemplate) { resources.userPool.schema = resources.userPool.schema = [ { name: "phone_number", required: true, mutable: true }, ] resources.userPoolClient.readAttributes = [ "address", "birthdate", "email", "family_name", "middle_name", "gender", "locale", "given_name", "name", "nickname", "phone_number", "preferred_username", "picture", "profile", "updated_at", "website", "zoneinfo", "email_verified", "phone_number_verified", "custom:orgName", "custom:isOrg", ] resources.userPoolClient.writeAttributes = [ "address", "birthdate", "middle_name", "gender", "locale", "name", "nickname", "preferred_username", "picture", "profile", "updated_at", "website", "zoneinfo", "email", "family_name", "given_name", "phone_number", "custom:orgName", "custom:isOrg", ] resources.userPoolClientWeb.readAttributes = [ "address", "birthdate", "email", "family_name", "middle_name", "gender", "locale", "given_name", "name", "nickname", "phone_number", "preferred_username", "picture", "profile", "updated_at", "website", "zoneinfo", "email_verified", "phone_number_verified", "custom:orgName", "custom:isOrg", ] resources.userPoolClientWeb.writeAttributes = [ "address", "birthdate", "middle_name", "gender", "locale", "name", "nickname", "preferred_username", "picture", "profile", "updated_at", "website", "zoneinfo", "email", "family_name", "given_name", "phone_number", "custom:orgName", "custom:isOrg", ] }

@GeorgeBellTMH

This works perfectly, thank you so much!

@voyagebagage I believe I may have been in a similar situation as you and I was able to work through it. The following worked for me:

Revert to the amplify-cli version that was being used before trying to update (in my case 7.6.8)

Edit the cli-inputs.json to remove the problem requiredAttributes (the ones not in the cloudformation template)

amplify push

Update amplify-cli (in my case to 7.6.15)

amplify push --force

@jeremy-white THANKS! This did it for me.

The only missing step is to remove the two lines the new CLI version added to amplify/cli.json after downgrading to the previous version.

My problem was:

current-cloud-backend CF template contained only phone_number
All other CF templates and cli-inputs contained both phone_number and email
Removing email from cli-inputs-json resulted in drift error message when using current (7.6.23) amplify-cli
But it worked when I removed the attribute and pushed using the CLI 7.6.5
Then I can update and do push with no problems

Thanks again @jeremy-white

@oookoook good to know, thanks. I did go to 7.6.6 and didnt tried with the 5 unfortunately, I rebuilt and know it is even better

Hey @Shomari and folks in the thread :wave: are you still experiencing this issue? There's quite a few comments here describing the affected workflow and a fix has since gone out for this issue, though I wanted to be sure this was taken care of 🙂

@josefaidt Just happened to me two days ago on my production environment. UPDATE_FAILED UserPool AWS::Cognito::UserPool Thu May 05 2022 15:38:02 GMT-0400 (Eastern Daylight Time) Invalid AttributeDataType input, consider using the provided AttributeDataType enum.

My #current-cloud-backend cloudformation-template.json lacks the email variable and only has name:

          {
            "Mutable": true,
            "Name": "name",
            "Required": true
          }

Both email and name are present in my local cloudformation-template.json. Both local and cloud cli-inputs.json have

"requiredAttributes": [
      "email",
      "name"
    ],

When I delete "name" from the local cli-inputs.json and push, I receive a drift error message. Cognito configuration in the cloud has drifted from local configuration. Present changes cannot be pushed until drift is fixed. `requiredAttributes` requested is ["name"], but ["email","name"] is required by Cognito configuration.

I have tried downgrading the CLI from 8.1.0 and pushing to no avail.

Right before this occurred, I was working on a separate clone environment, when I ran amplify api migrate and pushed that. Then when I went back to my production environment and received an error when pulling saying '...backend-config.json' does not exist. I copied the backend-config.json file from the current-cloud-backend and put it in my local backend and then it worked. I also received warnings about @connection being deprecated so I migrated the api there too.

However now I am stuck with this Auth issue.

My cloned development environment is working fine however, and all the json files match, all possessing both email and name variables.

Hi @josefaidt , I still have the issue even after updating the cli to v 8.1.0. Everything works fine, until i trigger the migration. After the mirgration the push fails with Invalid AttributeDataType input, consider using the provided AttributeDataType enum. After removing the surplus requiredAttributes ('email' in my case), I also receive a drift error message.

Adding these screenshots in case it helps at all.

Current develop env Congito required attributes -- which successfully pushes. (This env was cloned from the prod env before the bug occurred).

Current prod env Congito required attributes -- which fails. (Notice email is not checked anymore. Used to match develop env.)

Cognito required attributes for prod according to Amplify Studio (which fails to deploy with the same Invalid AttributeDataType input error).

@josefaidt any update on this? I've been stuck here almost two weeks.

Hey @djsjr :wave: apologies for the delay! Are you still experiencing this? Do you have any custom attributes applied to your User Pool?

Hi @josefaidt. Yes I am still having the issue and no I do not have any custom attributes.

My current workaround is creating a temporary new environment from scratch (prod wouldn't clone - error) and importing the prod auth pool when adding auth plugin to the new environment. Seems to be working so far.

I would like to go back to my prod environment however

Hey @djsjr :wave: apologies for the delay here! Would you be open to hopping on a quick call with us to take a look at this issue and identify the root cause and workaround? Please reach out to amplify-cli@amazon.com or ping me (josef) on our community Discord server

@josefaidt sent a message on discord 👍🏻

Hey @djsjr :wave: thanks for meeting with me! I've removed the pending-close... ahead of a deeper investigation

@djsjr @thingstiger @isaac-rosterlab anyway you can 1/ install the latest version of the CLI and re-try 2/ run amplify diagnose --send-report 3/ share your project ID (displayed by the Diagnose command) with us after you run diagnose

aws-amplify / amplify-cli