aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.72k stars 3.94k forks source link

[aws-cognito] Change domainPrefix after initial deploy #10062

Open niklaswallerstedt opened 4 years ago

niklaswallerstedt commented 4 years ago

I wanted to change the hosted UI domain prefix after an initial deploy (userPoolCognitoDomainPrefix), but I'm getting a 400 on subsequent deploys. (I've just recently started to work with Cognito with CDK, so there might be some constraints in Cognito I'm not aware of. Keep up the good work!)

User pool already has a domain configured. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 8e2a6c6e-c9c3-443c-b09c-f95abc71843e; Proxy: null)

Reproduction Steps

import * as cdk from '@aws-cdk/core';
import * as cognito from '@aws-cdk/aws-cognito';

export class IdentityStack extends cdk.Stack {
  userPool: cognito.UserPool;
  userPoolClientName = 'Identity';
  userPoolCognitoDomainPrefix = 'identity-dev'

  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    this.userPool = new cognito.UserPool(this, 'UserPool', {});

    this.userPool.addClient('UserPoolClient', {
      userPoolClientName: 'Identity',
      oAuth: {
        callbackUrls: [
          'http://localhost:3005'
        ]
      }
    });

    this.userPool.addDomain('UserPoolDomain', {
      cognitoDomain: {
        domainPrefix: this.userPoolCognitoDomainPrefix
      }
    });
  }
}

What did you expect to happen?

The domain should update and remove the old one as it's no longer specified.

What actually happened?

identity:  1/3 | 7:55:51 AM | UPDATE_FAILED        | AWS::Cognito::UserPoolDomain | UserPool/UserPoolDomain (UserPoolUserPoolDomain9F01E991)
User pool already has a domain configured. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 8e2a6c6e-c9c3-443c-b09c-f95abc71843e; Proxy: null)

Environment

Other

identity: 1.61.1 (build 347918f)
identity: IdentityStack: deploying...
identity: IdentityStack: creating CloudFormation changeset...
identity:  0/3 | 7:55:44 AM | UPDATE_IN_PROGRESS   | AWS::CloudFormation::Stack   | IdentityStack User Initiated
identity:  0/3 | 7:55:49 AM | UPDATE_IN_PROGRESS   | AWS::Cognito::UserPoolClient | UserPool/UserPoolClient (UserPoolUserPoolClient40176907) 
identity:  1/3 | 7:55:50 AM | UPDATE_COMPLETE      | AWS::Cognito::UserPoolClient | UserPool/UserPoolClient (UserPoolUserPoolClient40176907) 
identity:  1/3 | 7:55:50 AM | UPDATE_IN_PROGRESS   | AWS::Cognito::UserPoolDomain | UserPool/UserPoolDomain
(UserPoolUserPoolDomain9F01E991)
Requested update requires the creation of a new physical resource; hence creating one.
identity:  1/3 | 7:55:51 AM | UPDATE_FAILED        | AWS::Cognito::UserPoolDomain | UserPool/UserPoolDomain (UserPoolUserPoolDomain9F01E991)
User pool already has a domain configured. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 8e2a6c6e-c9c3-443c-b09c-f95abc71843e; Proxy: null)

This is :bug: Bug Report

nija-at commented 4 years ago

It seems like this is a limitation of the Cognito backend service that does not let user pool domain be updated.

Can you try a 2-stage deploy? First, remove the addDomain() method call from your CDK app and deploy, then, add the addDomain() back but with the new settings and deploy again.

niklaswallerstedt commented 4 years ago

Yeah, I tried that workaround when I was trying to update the domain and it works.

I was posting the bug report because I felt that it didn't behave as I was expecting it to.

nija-at commented 4 years ago

Internal tracking: i/CFN-33216

calebvarghese commented 3 years ago

It seems like this is a limitation of the Cognito backend service that does not let user pool domain be updated.

Can you try a 2-stage deploy? First, remove the addDomain() method call from your CDK app and deploy, then, add the addDomain() back but with the new settings and deploy again.

The 2 stage deployment worked with me, weird that the cdk has this issue

peterwoodworth commented 2 years ago

I've reached out on the original ticket posted by niranjan. Hopefully will get a response soon

sobolk commented 1 year ago

The inability to update domainPrefix is blocking us (AWS Amplify) from replacing our custom lambda callout with proper CFN resource. The workaround in form of 2 deployments is not feasible for us. Can we get this bug fixed ?