amplify-cli: Can't remove Cognito triggers/lambda with amplify update auth

Describe the bug I can’t remove trigger/lambda previously configured for adding Cognito group during amplify update auth.

To Reproduce

Update to Amplify CLI 3.10.0
Create a basic react amplify project
Run amplify add auth
Choose to add Cognito group during step by step configuration
Run amplify update auth
Choose to remove adding Cognito group during step by step configuration
See the error:

$ amplify update auth
Please note that certain attributes may not be overwritten if you choose to use defaults settings.

You have configured resources that might depend on this Cognito resource.  Updating this Cognito resource could have unintended side effects.

Using service: Cognito, provided by: awscloudformation
 What do you want to do? Walkthrough all the auth configurations
 Select the authentication/authorization services that you want to use: User Sign-Up, Sign-In, conne
cted with AWS IAM controls (Enables per-user Storage features for images or other content, Analytics
, and more)
 Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM) N
o
 Do you want to enable 3rd party authentication providers in your identity pool? No
 Multifactor authentication (MFA) user login options: OFF
 Email based user registration/forgot password: Enabled (Requires per-user email entry at registrati
on)
 Please specify an email verification subject: Your verification code
 Please specify an email verification message: Your verification code is {####}
 Do you want to override the default password policy for this User Pool? No
 Specify the app's refresh token expiration period (in days): 30
 Do you want to specify the user attributes this app can read and write? Yes
 Specify read attributes: (Press <space> to select, <a> to toggle all, <i> to invert selection)Email
, Name
 Specify write attributes: (Press <space> to select, <a> to toggle all, <i> to invert selection)
 Do you want to enable any of the following capabilities? 
 Do you want to use an OAuth flow? Yes
 What domain name prefix you want us to create for you? mydomain
 Which redirect signin URIs do you want to edit? (Press <space> to select, <a> to toggle all, <i> to
 invert selection)
 Do you want to add redirect signin URIs? No
 Which redirect signout URIs do you want to edit? (Press <space> to select, <a> to toggle all, <i> t
o invert selection)
 Do you want to add redirect signout URIs? No
 Select the OAuth flows enabled for this project. Authorization code grant
 Select the OAuth scopes enabled for this project. (Press <space> to select, <a> to toggle all, <i> 
to invert selection)Phone, Email, OpenID, Profile, aws.cognito.signin.user.admin
 Select the identity providers you want to configure for your user pool: (Press <space> to select, <
a> to toggle all, <i> to invert selection)
? Do you want to configure Lambda Triggers for Cognito? Yes
? Which triggers do you want to enable for Cognito (Press <space> to select, <a> to toggle all, <i> 
to invert selection)
Error: Function plugin not installed in the CLI. You need to install it to use this feature.
    at /Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/extensions/ampli
fy-helpers/trigger-flow.js:227:23
    at step (/Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/extensions
/amplify-helpers/trigger-flow.js:33:23)
    at Object.next (/Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/ext
ensions/amplify-helpers/trigger-flow.js:14:53)
    at /Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/extensions/amplify-helpers/trigger-flow.js:8:71
    at new Promise (<anonymous>)
    at __awaiter (/Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/extensions/amplify-helpers/trigger-flow.js:4:12)
    at AmplifyToolkit.deleteTrigger [as _deleteTrigger] (/Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/extensions/amplify-helpers/trigger-flow.js:215:60)
    at /Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/extensions/amplify-helpers/trigger-flow.js:204:54
    at step (/Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/extensions/amplify-helpers/trigger-flow.js:33:23)
    at Object.next (/Users/spi/.nvm/versions/node/v12.10.0/lib/node_modules/@aws-amplify/cli/lib/extensions/amplify-helpers/trigger-flow.js:14:53)
There was an error adding the auth resource

Expected behavior Removal of lambda/trigger after amplify update auth

Desktop

OS: macOS Mojave 10.14.6

Workaround Use Amplify CLI 3.2.0 to remove the lambda/trigger then switch back to 3.10.0.

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 5
Comments: 36 (14 by maintainers)

Commits related to this issue

fix(cli): fixes cognito trigger removal bug forceRemoveResource was left out of the amplify-toolkit lazy-loader. This commit adds the function. fix(#2458) — committed to haverchuck/amplify-cli by deleted user 5 years ago
fix(cli): fixes cognito trigger removal bug (#3063) forceRemoveResource was left out of the amplify-toolkit lazy-loader. This commit adds the function. fix(#2458) — committed to aws-amplify/amplify-cli by haverchuck 5 years ago

Most upvoted comments

Yea, that is my general experience with Amplify. Once I start using it seriously enough for a production app, I find myself in one of two positions which are rather bad…

I must delete a category and re-add it to fix something.

or…

I find that I cannot deploy due to a failure in Amplify-Console.

I find myself in one of those 2 positions quite frequently. Neither of those situations is a good place to be once we land in production.

We love the idea of Amplify, but we will probably need to see substantial work done on Amplify before we would feel comfortable taking it to production. It’s just not ready for our needs quite yet.

+14

KidSysco on Nov 5, 2019

I solved it with the following steps:

Execute amplify update auth

? What do you want to do? Walkthrough all the auth configurations
...

On the next step, you choose “yes” and unselect all triggers from that list

? Do you want to configure Lambda Triggers for Cognito? Yes     
? Which triggers do you want to enable for Cognito (Press <space> to select, <a> to toggle all, <i> to invert selection)
 ◯ Create Auth Challenge
 ◯ Custom Message
 ◯ Define Auth Challenge
 ◯ Post Authentication
 ◯ Post Confirmation

Then you can run amplify push and the triggers should be removed.

fernandotimm on Jul 26, 2020

still there on version 4.2.0

tw1t611 on Dec 3, 2019

Same problem, why is this closed? amplify update auth does not work. Deselect trigger, do an “amplify push” and it insists there’s been “no change” to Auth. This is just one of many issues with dependencies, I’m noticing. Using layers is also pretty broken. I’ve lost count of how many times I’ve had to tear down and reinstall everything from scratch.

Same here (cli version 4.40.0). Triggers are not actually removed when deselecting them in the amplify auth update walkthrough. No changes are made to local (tracked) files.

They are removed if you add a new trigger at the same time. Although you’re then stuck with a different redundant trigger and manually removing the trigger from the yaml/json doesn’t get picked up as a change by the cli.

Does this need to be reopened @kaustavghosh06 ?

ApeOnFire on Dec 17, 2020

This is still an issue. Why is it closed?

ataravati on Mar 6, 2020

I think I ran into a similar issue with trying to remove the capability: “Email Verification Link with Redirect”. Which I believe is just trying to remove a Lambda from Cognito.

I am trying to disable the Email verification link after having already pushed and deployed it.

Do you want to enable any of the following capabilities? (Press <space> to select, <a> to toggle all, <i> to invert selection)
❯◯ Add Google reCaptcha Challenge
 ◉ Email Verification Link with Redirect
 ◯ Add User to Group
 ◯ Email Domain Filtering (blacklist)
 ◯ Email Domain Filtering (whitelist)
 ◯ Custom Auth Challenge Flow (basic scaffolding - not for production)
 ◯ Override ID Token Claims

KidSysco on Oct 16, 2019

It happened the same to me. I tried to reinstall @aws-amplify/cli globally and it didn’t work. I only get this solved by re-adding auth category.

rfpedrosa on Oct 7, 2019

I had trigger CustomMessage in auth. What worked was go to amplify/backend/auth/authFolder/authFolder-cloudformation-template.yml Search for LambdaConfig Manually delete the entire line of trigger you dont want to use for your project

But the resource will be present, however cognito will not trigger those triggers

then you can use amplify remove function to delete the functions as well or any other methods as some have mentioned above or keep the resources idle if you don’t have any issue keeping them

mir1198yusuf on Mar 8, 2021

@bmilesp Did you try amplify function remove?

kaustavghosh06 on Apr 15, 2020

I get this too while trying to remove Google reCaptcha Challenge

This is preventing me from removing DefineAuthChallenge, CreateAuthChallenge, and VerifyAuthChallengeResponse lambda functions that Amplify auth created. If I try to remove them manually with amplify function remove I get Resource cannot be removed because it has a dependency on another resource. 🚒

patspam on Oct 18, 2019