amplify-cli: Amplify API push fails

Describe the bug Amplify API push fails.

To Reproduce Steps to reproduce the behavior:

Make changes to /amplify/backend/api/myAPIname/schema.graphql
Run amplify api update
Run amplify api push
Push fails, privding the following error message: UPDATE_FAILED GraphQLAPIKey AWS::AppSync::ApiKey Mon Feb 04 2019 19:00:00 GMT+0100 (GMT+01:00) API key not found: [GraphQL API key went here] (Service: AWSAppSync; Status Code: 404; Error Code: NotFoundException; Request ID: [Request ID went here])

Expected behavior The push should g othrough, and update my API as prescribed in the schema.graphql file.

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: Windows 10, Ubuntu WSL
Visual Studio Code

Additional context The API is set to use Amazon Cognito user pool for authentication.

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 3
Comments: 23 (5 by maintainers)

Most upvoted comments

I also had trouble with amplify push. In my case "APIKeyExpirationEpoch": -1 did not help, neither did amplify api update or creating a new API key in AppSync and setting it in aws-exports.js. I was able to fix my problem with these steps:

go to amplify/backend/api/<api-name>/parameters.json and add: "CreateAPIKey": 0 and "APIKeyExpirationEpoch": -1
execute amplify push
now set: "CreateAPIKey": 1
execute amplify push
remove "CreateAPIKey": 0 and "APIKeyExpirationEpoch": -1 from parameters.json
execute amplify api update
execute amplify push

It’s a bit nasty having to wait three times for amplify push, so there might be a simpler way I could have fixed my problem.

+26

peerhenry on Feb 9, 2020

Hey thanks for the question. The AppSync service deletes out-dated keys when they expire which leads to an issue where CloudFormation cannot find a key that it expects to be there. You should be able to get around this by setting the “APIKeyExpirationEpoch” parameter to -1 in the parameters.json. When you push, it will remove the key from the template. You can then push again and set the “APIKeyExpirationEpoch” value to the epoch timestamp in seconds when you would like the API key expire.

+24

mikeparisstuff on Feb 4, 2019

Hey thanks for the question. The AppSync service deletes out-dated keys when they expire which leads to an issue where CloudFormation cannot find a key that it expects to be there. You should be able to get around this by setting the “APIKeyExpirationEpoch” parameter to -1 in the parameters.json. When you push, it will remove the key from the template. You can then push again and set the “APIKeyExpirationEpoch” value to the epoch timestamp in seconds when you would like the API key expire.

I’d like to note that the docs was wrong about this, it said

{
  "APIKeyExpirationEpoch": "-1"
}

when it should have been

{
  "APIKeyExpirationEpoch": -1
}
```.

Also in version `3.17.0` you'll get a deprecation warning.

+15

aprilmintacpineda on Nov 8, 2019

The docs now mention how to rotate or create a new key:

Follow these two steps when you need to rotate an API Key

Delete the existing API key by setting CreateAPIKey to 0 in the amplify/backend/api/<apiName>/parameters.json file and execute amplify push.
Create a new API key by setting CreateAPIKey to 1 in the amplify/backend/api/<apiName>/parameters.json file and execute amplify push.

berenddeboer on May 16, 2020

I also had trouble with amplify push. In my case "APIKeyExpirationEpoch": -1 did not help, neither did amplify api update or creating a new API key in AppSync and setting it in aws-exports.js. I was able to fix my problem with these steps:

go to amplify/backend/api/<api-name>/parameters.json and add: "CreateAPIKey": 0 and "APIKeyExpirationEpoch": -1

execute amplify push

now set: "CreateAPIKey": 1

execute amplify push

remove "CreateAPIKey": 0 and "APIKeyExpirationEpoch": -1 from parameters.json

execute amplify api update

execute amplify push

It’s a bit nasty having to wait three times for amplify push, so there might be a simpler way I could have fixed my problem.

Thank you so much for the fix. I was minutes from destroying the backend environment and recreating (again).

dbhagen on Feb 12, 2020

Hey thanks for the question. The AppSync service deletes out-dated keys when they expire which leads to an issue where CloudFormation cannot find a key that it expects to be there. You should be able to get around this by setting the “APIKeyExpirationEpoch” parameter to -1 in the parameters.json. When you push, it will remove the key from the template. You can then push again and set the “APIKeyExpirationEpoch” value to the epoch timestamp in seconds when you would like the API key expire.

This little bit of information should be in capital letters somewhere prominent in the quick start docs. Since Amplify/AppSync do not handle any sort of key rotation on their own it would be very good for this to feature – not only noting the fact that the API Key expires, but that there is a way to restore one without deploying a new env.

matthewbga on May 30, 2019

Thank you @mikeparisstuff, this seems to have solved my problem.

Is there any documentation regarding this API key? I have configured the API itself using the Amplify CLI to not allow unauthenticated access, which from what I can tell here is the main point of the API Key. Does the link refer to a different API key than the one I’ve now modified, or is this key mainly used by the CLI to modify the AWS resources? Or have I not properly configured my GraphQL API not to accept unauthenticated access the way I thought?

fabianjj on Feb 5, 2019

Unfortunately nothing solved my problem. I tried everything mentioned within this issue and the problem is still the same when going for an amplify push. It’s frustrating as hell

API key not found: xxxxx (Service: AWSAppSync; Status Code: 404; Error Code: NotFoundException;

Jmales on May 29, 2020