"Check assigned IAM roles for this pool" after migration from v5 to v6

[JacobDel]

Before opening, please confirm:

• [X] I have searched for duplicate or closed issues and discussions.
• [X] I have read the guide for submitting bug reports.
• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React Native

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

Other

Environment information

``` # Put output below this line ``` System: OS: macOS 14.4.1 CPU: (10) arm64 Apple M1 Max Memory: 99.61 MB / 32.00 GB Shell: 5.9 - /bin/zsh Binaries: Node: 22.5.1 - /opt/homebrew/bin/node Yarn: 4.3.1 - /opt/homebrew/bin/yarn npm: 10.8.2 - /opt/homebrew/bin/npm Watchman: 2024.07.15.00 - /opt/homebrew/bin/watchman Browsers: Chrome: 127.0.6533.89 Safari: 17.4.1 npmPackages: @aws-amplify/react-native: ^1.1.4 => 1.1.4 @babel/core: ^7.25.2 => 7.25.2 (7.22.10) @babel/plugin-proposal-class-properties: ^7.18.6 => 7.18.6 @babel/plugin-proposal-object-rest-spread: ^7.20.7 => 7.20.7 @babel/preset-env: ^7.25.3 => 7.25.3 (7.22.10) @babel/preset-flow: ^7.24.7 => 7.24.7 (7.22.5) @babel/preset-react: ^7.24.7 => 7.24.7 (7.22.5, 7.24.1) @babel/preset-typescript: ^7.24.7 => 7.24.7 (7.24.1, 7.22.5) @babel/runtime: ^7.25.0 => 7.25.0 (7.22.10, 7.23.2) @mdi/js: ^7.4.47 => 7.4.47 @react-native-community/cli: ^11.4.1 => 11.4.1 (13.6.9) @react-native-community/netinfo: ^11.3.2 => 11.3.2 @react-native/babel-preset: 0.74.86 => 0.74.86 (0.74.85) @react-native/eslint-config: ^0.74.86 => 0.74.86 @react-native/metro-config: ^0.74.86 => 0.74.86 @react-native/typescript-config: 0.74.86 => 0.74.86 @tsconfig/react-native: ^3.0.5 => 3.0.5 @types/d3: ^7.4.3 => 7.4.3 @types/jest: ^29.5.12 => 29.5.12 @types/lodash: ^4.17.7 => 4.17.7 @types/react: ^18.3.3 => 17.0.64 @types/react-native: ^0.73.0 => 0.73.0 (0.70.14) @types/react-native-get-random-values: ^1 => 1.8.2 @types/react-native-vector-icons: ^6.4.18 => 6.4.18 @types/react-test-renderer: ^18.3.0 => 18.3.0 HelloWorld: 0.0.1 aws-amplify: 6.4.3 => 6.4.3 aws-amplify/adapter-core: undefined () aws-amplify/analytics: undefined () aws-amplify/analytics/kinesis: undefined () aws-amplify/analytics/kinesis-firehose: undefined () aws-amplify/analytics/personalize: undefined () aws-amplify/analytics/pinpoint: undefined () aws-amplify/api: undefined () aws-amplify/api/server: undefined () aws-amplify/auth: undefined () aws-amplify/auth/cognito: undefined () aws-amplify/auth/cognito/server: undefined () aws-amplify/auth/enable-oauth-listener: undefined () aws-amplify/auth/server: undefined () aws-amplify/data: undefined () aws-amplify/data/server: undefined () aws-amplify/datastore: undefined () aws-amplify/in-app-messaging: undefined () aws-amplify/in-app-messaging/pinpoint: undefined () aws-amplify/push-notifications: undefined () aws-amplify/push-notifications/pinpoint: undefined () aws-amplify/storage: undefined () aws-amplify/storage/s3: undefined () aws-amplify/storage/s3/server: undefined () aws-amplify/storage/server: undefined () aws-amplify/utils: undefined () babel-jest: ^29.7.0 => 29.7.0 (27.5.1) babel-loader: ^9.1.3 => 9.1.3 (8.3.0) babel-plugin-module-resolver: ^5.0.2 => 5.0.2 color: ^4.2.3 => 4.2.3 (3.2.1) core-js: ^3.37.1 => 3.37.1 (3.32.1) cross-env: ^7.0.3 => 7.0.3 dotenv: ^16.4.5 => 16.4.5 (10.0.0) eslint: ^8.57.0 => 8.57.0 expo: ^51.0.24 => 51.0.24 graphql: ^16.9.0 => 16.9.0 (15.8.0) graphql-react: ^20.0.0 => 20.0.0 gts: ^5.3.1 => 5.3.1 i18next: ^23.12.2 => 23.12.2 iconsax-react-native: ^0.0.8 => 0.0.8 javascript-obfuscator: ^4.1.1 => 4.1.1 (4.0.2) jest: ^29.7.0 => 29.7.0 (27.5.1) moment: ^2.30.1 => 2.30.1 prettier: ^2.8.8 => 2.8.8 (3.2.5) react: 18.3.1 => 18.3.1 react-app-rewired: ^2.2.1 => 2.2.1 react-art: ^18.3.1 => 18.3.1 react-dom: ^18.3.1 => 18.3.1 (18.2.0) react-i18next: ^13.5.0 => 13.5.0 react-native: 0.74.4 => 0.74.4 react-native-blob-util: ^0.19.11 => 0.19.11 react-native-cn-quill: ^0.7.18 => 0.7.18 react-native-expandable-fab: ^1.1.2 => 1.1.2 react-native-fast-image: ^8.6.3 => 8.6.3 react-native-get-random-values: ^1.11.0 => 1.11.0 react-native-htmlview: ^0.16.0 => 0.16.0 react-native-localize: ^3.2.1 => 3.2.1 react-native-pager-view: ^6.3.3 => 6.3.3 react-native-safe-area-context: ^4.10.8 => 4.10.8 react-native-screens: ^3.33.0 => 3.33.0 react-native-web: ^0.19.12 => 0.19.12 react-native-web-linear-gradient: ^1.1.2 => 1.1.2 react-native-webview: ^13.10.5 => 13.10.5 react-scripts: ^5.0.1 => 5.0.1 react-test-renderer: 18.3.1 => 18.3.1 serve: ^14.2.3 => 14.2.3 ts-debounce: ^4.0.0 => 4.0.0 ts-loader: ^9.5.1 => 9.5.1 typescript: ^5.5.4 => 5.5.4 npmGlobalPackages: expo-cli: 6.3.2 npm: 10.8.2 yarn: 1.22.22

Describe the bug

A user is logged in from before migration. The code and packages are altered to comply with the v6 aws-amplify migration. The application is build and I get the following warning: Possible unhandled promise rejection (id: 0): InvalidIdentityPoolConfigurationException: Invalid identity pool configuration. Check assigned IAM roles for this pool. I close the warning and an error comes up when trying to signin: error signing in [UserAlreadyAuthenticatedException: There is already a signed in user.] When I try to retrieve the auth session with this code:

    console.log('preparing to fetch auth session');
    const activeAuthSession = await fetchAuthSession();
    console.log('is authenticated: ' + activeAuthSession);

then I get this console output:

preparing to fetch auth session

There is no error or crash noted, the app continues to work fine.

Note that aws-amplify v5 works fine and is still in use perfectly fine

Expected behavior

from code line:

    console.log('preparing to fetch auth session');
    const activeAuthSession = await fetchAuthSession();
    console.log('is authenticated: ' + activeAuthSession);

I expect:

preparing to fetch auth session
is authenticated: 

or

preparing to fetch auth session
is authenticated: [object Object]

or something similar

Reproduction steps

1. migrate from v5 to v6
2. apply the code snippet
3. don't make any changes to your IAM roles (same IAM roles from before migration)
4. fetch the current AuthSession

Code Snippet

App.tsx

// Put your code below this line.
import {Amplify} from 'aws-amplify';
import CognitoAuth from '@cognito_amplify_file.json';

Amplify.configure(CognitoAuth);

cognito_amplify_file.json:

{
  "Auth": {
    "Cognito": {
      "userPoolId": "XX-XXXX-X_XXXXXXXXX",
      "identityPoolId": "XX-XXXX-X:XXXXXXXX-XXXXX-XXXX-XXXXX-XXXXXXXXX",
      "userPoolClientId": "XXXXXXXXXXXXXXX"
    }
  }
}

Log output

``` // Put your logs below this line ```

aws-exports.js

No response

Manual configuration

cognito_amplify_file.json:

{
  "Auth": {
    "Cognito": {
      "userPoolId": "XX-XXXX-X_XXXXXXXXX",
      "identityPoolId": "XX-XXXX-X:XXXXXXXX-XXXXX-XXXX-XXXXX-XXXXXXXXX",
      "userPoolClientId": "XXXXXXXXXXXXXXX"
    }
  }
}

Additional configuration

No response

Mobile Device

iPhone 15 Pro emulated

Mobile Operating System

iOS latest

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

[cwomack]

Hello, @JacobDel and sorry to hear you're running into this. Have a few questions to see if we can pin down what the root cause of this is.

• Can you confirm that the User Pool and Identity Pool being used are the proper combination? That error appears to be thrown from the Cognito/server side.
• Are you passing in any else into the Amplify.configure() call beyond the userPoolId, identityPoolId and userPoolClientId?

[JacobDel]

Thank you for the follow up @cwomack

• Can you confirm that the User Pool and Identity Pool being used are the proper combination? That error appears to be thrown from the Cognito/server side.

I can confirm that the User Pool and Identity Pool are the proper combination. This is somewhat proven by using the same User Pool and Identity Pool credentials with aws-amplify v5 and having it work as expected.

• Are you passing in any else into the Amplify.configure() call beyond the userPoolId, identityPoolId and userPoolClientId?

No, as shared in the code snippet, only userPoolClientId, identityPoolId and userPoolId.

During the migration from v5 to v6 I also change the variable userPoolWebClientId to userPoolClientId, can you confirm that both variables should have the same value?

[cwomack]

@JacobDel, thanks for confirming the above details. Can you run Amplify.getConfig() just before where you're calling fetchAuthSession() and let us know what happens for the output? Just want to make sure the configuration values are matching what would be expected. I don't see any code examples where you're calling fetchAuthSession() as well, so any chance you could provide the frontend code where that's being done?

Additionally, could you try making a get-credentials-for-identity call using the AWS CLI to see if you can get the AWS credentials without getting the error?

[cwomack]

Closing this issue as we have not heard back from you. If you are still experiencing this, please feel free to reply back and provide any information previously requested and we'd be happy to re-open the issue.

Thank you!