amplify-cli: cloudformation fails after auth migration
Before opening, please confirm:
- I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
- I have searched for duplicate or closed issues.
- I have read the guide for submitting bug reports.
- I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
How did you install the Amplify CLI?
yarn
If applicable, what version of Node.js are you using?
v16.10.0
Amplify CLI Version
7.3.3
What operating system are you using?
Mac
Amplify Categories
auth
Amplify Commands
pull, push, update
Describe the bug
Receiving cloudformation errors after a ‘do nothing’ auth update.
Expected behavior
amplify push -y should succeed
Reproduction steps
I do not have exact steps to reproduce. Setup:
- Upgrade an amplify-cli v6.4.0 generated project to v7.3.3
- add/remove auth groups
amplify push -ychanges- … later…
- update CLI to v7.3.3
Steps to reproduce:
amplify pull -yamplify push -yamplify auth update<-- A migration is needed to support latest updates on auth resources.- … accept all defaulted prompts, no changes
amplify push -y
GraphQL schema(s)
No response
Log output
# Put your logs below this line
➜ iwpk-portal git:(dev) ✗ amplify pull -y
Pre-pull status:
Current Environment: dev
┌──────────┬────────────────────────────────────────────┬───────────┬───────────────────┐
│ Category │ Resource name │ Operation │ Provider plugin │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkportal2735839927358399PostConfirmation │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkportal2735839927358399PreSignup │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkGQLResolver │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ S3Trigger8d374d54 │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Auth │ userPoolGroups │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Auth │ iwpkportal2735839927358399 │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Api │ iwpkportal │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Storage │ s3iwpkassets │ No Change │ awscloudformation │
└──────────┴────────────────────────────────────────────┴───────────┴───────────────────┘
✔ Successfully pulled backend environment dev from the cloud.
Post-pull status:
Current Environment: dev
┌──────────┬────────────────────────────────────────────┬───────────┬───────────────────┐
│ Category │ Resource name │ Operation │ Provider plugin │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkportal2735839927358399PostConfirmation │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkportal2735839927358399PreSignup │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkGQLResolver │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ S3Trigger8d374d54 │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Auth │ userPoolGroups │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Auth │ iwpkportal2735839927358399 │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Api │ iwpkportal │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Storage │ s3iwpkassets │ No Change │ awscloudformation │
└──────────┴────────────────────────────────────────────┴───────────┴───────────────────┘
➜ iwpk-portal git:(dev) ✗ amplify push -y
✔ Successfully pulled backend environment dev from the cloud.
Current Environment: dev
┌──────────┬────────────────────────────────────────────┬───────────┬───────────────────┐
│ Category │ Resource name │ Operation │ Provider plugin │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkportal2735839927358399PostConfirmation │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkportal2735839927358399PreSignup │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkGQLResolver │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ S3Trigger8d374d54 │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Auth │ userPoolGroups │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Auth │ iwpkportal2735839927358399 │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Api │ iwpkportal │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Storage │ s3iwpkassets │ No Change │ awscloudformation │
└──────────┴────────────────────────────────────────────┴───────────┴───────────────────┘
No changes detected
➜ iwpk-portal git:(dev) ✗ amplify auth update
Please note that certain attributes may not be overwritten if you choose to use defaults settings.
You have configured resources that might depend on this Cognito resource. Updating this Cognito resource could have unintended side effects.
✔ A migration is needed to support latest updates on auth resources.
Recommended to try in a non-production environment first. Run "amplify env add" to create or clone an environment.
Learn more about this migration: https://docs.amplify.aws/cli/migration/override
Do you want to migrate auth resource "iwpkportal2735839927358399"? (Y/n) · yes
Using service: Cognito, provided by: awscloudformation
What do you want to do? Walkthrough all the auth configurations
Select the authentication/authorization services that you want to use: User Sign-Up, Sign-In, connected with AWS IAM controls (Enables per-user Storage features
for images or other content, Analytics, and more)
Allow unauthenticated logins? (Provides scoped down permissions that you can control via AWS IAM) No
Do you want to enable 3rd party authentication providers in your identity pool? No
Do you want to add User Pool Groups? No
Do you want to add an admin queries API? No
Multifactor authentication (MFA) user login options: OFF
Email based user registration/forgot password: Enabled (Requires per-user email entry at registration)
Specify an email verification subject: IWPK KIT PORTAL: verification code
Specify an email verification message: Your verification code is {####}
Do you want to override the default password policy for this User Pool? No
Specify the app's refresh token expiration period (in days): 30
Do you want to specify the user attributes this app can read and write? No
Do you want to enable any of the following capabilities? Email Domain Filtering (allowlist)
Do you want to use an OAuth flow? No
? Do you want to configure Lambda Triggers for Cognito? Yes
? Which triggers do you want to enable for Cognito Post Confirmation, Pre Sign-up
? What functionality do you want to use for Post Confirmation Create your own module
? What functionality do you want to use for Pre Sign-up Sign-Up email filtering (allowlist)
Successfully updated the Cognito trigger locally
Successfully updated the Cognito trigger locally
✅ Successfully updated auth resource iwpkportal2735839927358399 locally
✅ Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud
✅ Successfully updated resource update locally
✅ Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud
➜ iwpk-portal git:(dev) ✗ amplify push -y
✔ Successfully pulled backend environment dev from the cloud.
Current Environment: dev
┌──────────┬────────────────────────────────────────────┬───────────┬───────────────────┐
│ Category │ Resource name │ Operation │ Provider plugin │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkportal2735839927358399PostConfirmation │ Update │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkportal2735839927358399PreSignup │ Update │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Auth │ userPoolGroups │ Update │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Auth │ iwpkportal2735839927358399 │ Update │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ iwpkGQLResolver │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Function │ S3Trigger8d374d54 │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Api │ iwpkportal │ No Change │ awscloudformation │
├──────────┼────────────────────────────────────────────┼───────────┼───────────────────┤
│ Storage │ s3iwpkassets │ No Change │ awscloudformation │
└──────────┴────────────────────────────────────────────┴───────────┴───────────────────┘
⠴ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-iwpkportal-dev-204518 AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:52 GMT-0500 (Eastern Standard Time) User Initiated
UPDATE_IN_PROGRESS functionS3Trigger8d374d54 AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:57 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS functioniwpkportal2735839927358399PostConfirmation AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:57 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS authiwpkportal2735839927358399 AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:57 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-iwpkportal-dev-204518-functioniwpkportal2735839927358399PostConfirmation-1H9QYQ0TAGKLF AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:57 GMT-0500 (Eastern Standard Time) User Initiated
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS functioniwpkportal2735839927358399PreSignup AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:57 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE functionS3Trigger8d374d54 AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:57 GMT-0500 (Eastern Standard Time)
⠋ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-iwpkportal-dev-204518-authiwpkportal2735839927358399-1M9DUX26KRYQB AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:58 GMT-0500 (Eastern Standard Time) User Initiated
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE functioniwpkportal2735839927358399PreSignup AWS::CloudFormation::Stack Tue Nov 16 2021 10:36:58 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
CREATE_IN_PROGRESS SNSRole AWS::IAM::Role Tue Nov 16 2021 10:37:05 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS SNSRole AWS::IAM::Role Tue Nov 16 2021 10:37:06 GMT-0500 (Eastern Standard Time) Resource creation Initiated
UPDATE_IN_PROGRESS LambdaFunction AWS::Lambda::Function Tue Nov 16 2021 10:37:03 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE LambdaFunction AWS::Lambda::Function Tue Nov 16 2021 10:37:07 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE_CLEANUP_IN_PROGRESS amplify-iwpkportal-dev-204518-functioniwpkportal2735839927358399PostConfirmation-1H9QYQ0TAGKLF AWS::CloudFormation::Stack Tue Nov 16 2021 10:37:10 GMT-0500 (Eastern Standard Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE functioniwpkportal2735839927358399PostConfirmation AWS::CloudFormation::Stack Tue Nov 16 2021 10:37:19 GMT-0500 (Eastern Standard Time)
⠴ Updating resources in the cloud. This may take a few minutes...
CREATE_COMPLETE SNSRole AWS::IAM::Role Tue Nov 16 2021 10:37:20 GMT-0500 (Eastern Standard Time)
⠦ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS UserPool AWS::Cognito::UserPool Tue Nov 16 2021 10:37:24 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE UserPool AWS::Cognito::UserPool Tue Nov 16 2021 10:37:25 GMT-0500 (Eastern Standard Time)
⠧ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS UserPoolClientRole AWS::IAM::Role Tue Nov 16 2021 10:37:31 GMT-0500 (Eastern Standard Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE UserPoolClientRole AWS::IAM::Role Tue Nov 16 2021 10:37:44 GMT-0500 (Eastern Standard Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS UserPoolClientLambda AWS::Lambda::Function Tue Nov 16 2021 10:37:47 GMT-0500 (Eastern Standard Time)
⠧ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE UserPoolClientLambda AWS::Lambda::Function Tue Nov 16 2021 10:37:51 GMT-0500 (Eastern Standard Time)
⠴ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE_CLEANUP_IN_PROGRESS amplify-iwpkportal-dev-204518-authiwpkportal2735839927358399-1M9DUX26KRYQB AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:06 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE authiwpkportal2735839927358399 AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:16 GMT-0500 (Eastern Standard Time)
⠼ Updating resources in the cloud. This may take a few minutes...
CREATE_IN_PROGRESS AuthTriggerCustomLambdaStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:17 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS apiiwpkportal AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:17 GMT-0500 (Eastern Standard Time)
⠋ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-iwpkportal-dev-204518-apiiwpkportal-M02S4B9CQDNU AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:18 GMT-0500 (Eastern Standard Time) User Initiated
⠧ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS authuserPoolGroups AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:18 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS AuthTriggerCustomLambdaStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:18 GMT-0500 (Eastern Standard Time) Resource creation Initiated
⠏ Updating resources in the cloud. This may take a few minutes...
CREATE_IN_PROGRESS amplify-iwpkportal-dev-204518-AuthTriggerCustomLambdaStack-OIH4ZOFQ2H88 AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:18 GMT-0500 (Eastern Standard Time) User Initiated
CREATE_IN_PROGRESS UserPoolPreSignUpLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:38:21 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS UserPoolPostConfirmationLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:38:22 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS UserPoolPreSignUpLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:38:22 GMT-0500 (Eastern Standard Time) Resource creation Initiated
CREATE_IN_PROGRESS authTriggerFnServiceRole08093B67 AWS::IAM::Role Tue Nov 16 2021 10:38:22 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS UserPoolPostConfirmationLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:38:22 GMT-0500 (Eastern Standard Time) Resource creation Initiated
CREATE_IN_PROGRESS authTriggerFnServiceRole08093B67 AWS::IAM::Role Tue Nov 16 2021 10:38:22 GMT-0500 (Eastern Standard Time) Resource creation Initiated
⠸ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-iwpkportal-dev-204518-authuserPoolGroups-B5QY3G82Q3V8 AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:18 GMT-0500 (Eastern Standard Time) User Initiated
⠸ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS XXXXGroup AWS::Cognito::UserPoolGroup Tue Nov 16 2021 10:38:23 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS PROGRESSIVEGroupRole AWS::IAM::Role Tue Nov 16 2021 10:38:23 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS YYYYGroup AWS::Cognito::UserPoolGroup Tue Nov 16 2021 10:38:24 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS RoleMapFunction AWS::Lambda::Function Tue Nov 16 2021 10:38:24 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS PROGRESSIVEGroupRole AWS::IAM::Role Tue Nov 16 2021 10:38:24 GMT-0500 (Eastern Standard Time) Resource creation Initiated
UPDATE_FAILED XXXXGroup AWS::Cognito::UserPoolGroup Tue Nov 16 2021 10:38:25 GMT-0500 (Eastern Standard Time) User: arn:aws:iam::603415071357:user/amplify-cli is not authorized to perform: cognito-idp:UpdateGroup on resource: arn:aws:cognito-idp:us-east-2:603415071357:userpool/us-east-2_MGPal0u9x because no identity-based policy allows the cognito-idp:UpdateGroup action (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: AccessDeniedException; Request ID: 07f2c9e1-5b55-4fe8-b7d7-31d57dc1dce3; Proxy: null)
CREATE_FAILED PROGRESSIVEGroupRole AWS::IAM::Role Tue Nov 16 2021 10:38:25 GMT-0500 (Eastern Standard Time) Resource creation cancelled
UPDATE_FAILED YYYYGroup AWS::Cognito::UserPoolGroup Tue Nov 16 2021 10:38:25 GMT-0500 (Eastern Standard Time) User: arn:aws:iam::603415071357:user/amplify-cli is not authorized to perform: cognito-idp:UpdateGroup on resource: arn:aws:cognito-idp:us-east-2:603415071357:userpool/us-east-2_MGPal0u9x because no identity-based policy allows the cognito-idp:UpdateGroup action (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: AccessDeniedException; Request ID: 612abad6-c24f-4de7-adb5-c7165b9967ff; Proxy: null)
UPDATE_FAILED RoleMapFunction AWS::Lambda::Function Tue Nov 16 2021 10:38:26 GMT-0500 (Eastern Standard Time) Resource update cancelled
UPDATE_ROLLBACK_IN_PROGRESS amplify-iwpkportal-dev-204518-authuserPoolGroups-B5QY3G82Q3V8 AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:27 GMT-0500 (Eastern Standard Time) The following resource(s) failed to create: [PROGRESSIVEGroupRole]. The following resource(s) failed to update: [XXXXGroup, RoleMapFunction, YYYYGroup].
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS PromotionalKit AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:23 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS FunctionDirectiveStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:24 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE PromotionalKit AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:24 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE FunctionDirectiveStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:24 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS CustomResourcesjson AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:27 GMT-0500 (Eastern Standard Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE CustomResourcesjson AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:28 GMT-0500 (Eastern Standard Time)
⠦ Updating resources in the cloud. This may take a few minutes...
UPDATE_FAILED authuserPoolGroups AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:29 GMT-0500 (Eastern Standard Time) Embedded stack arn:aws:cloudformation:us-east-2:603415071357:stack/amplify-iwpkportal-dev-204518-authuserPoolGroups-B5QY3G82Q3V8/83837570-43cd-11ec-8524-06e5faa2db76 was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to create: [PROGRESSIVEGroupRole]. The following resource(s) failed to update: [XXXXGroup, RoleMapFunction, YYYYGroup].
CREATE_FAILED AuthTriggerCustomLambdaStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:30 GMT-0500 (Eastern Standard Time) Resource creation cancelled
⠇ Updating resources in the cloud. This may take a few minutes...
CREATE_COMPLETE UserPoolPreSignUpLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:38:32 GMT-0500 (Eastern Standard Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_IN_PROGRESS amplify-iwpkportal-dev-204518-apiiwpkportal-M02S4B9CQDNU AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:30 GMT-0500 (Eastern Standard Time) Initiated by parent stack
⠇ Updating resources in the cloud. This may take a few minutes...
CREATE_COMPLETE UserPoolPostConfirmationLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:38:32 GMT-0500 (Eastern Standard Time)
⠋ Updating resources in the cloud. This may take a few minutes...
CREATE_COMPLETE authTriggerFnServiceRole08093B67 AWS::IAM::Role Tue Nov 16 2021 10:38:36 GMT-0500 (Eastern Standard Time)
⠸ Updating resources in the cloud. This may take a few minutes...
CREATE_IN_PROGRESS authTriggerFnServiceRoleDefaultPolicyEC9285A8 AWS::IAM::Policy Tue Nov 16 2021 10:38:38 GMT-0500 (Eastern Standard Time)
⠧ Updating resources in the cloud. This may take a few minutes...
UPDATE_FAILED apiiwpkportal AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:40 GMT-0500 (Eastern Standard Time) Resource update cancelled
UPDATE_ROLLBACK_IN_PROGRESS amplify-iwpkportal-dev-204518 AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:41 GMT-0500 (Eastern Standard Time) The following resource(s) failed to create: [AuthTriggerCustomLambdaStack]. The following resource(s) failed to update: [authuserPoolGroups, apiiwpkportal].
⠹ Updating resources in the cloud. This may take a few minutes...
CREATE_IN_PROGRESS authTriggerFnServiceRoleDefaultPolicyEC9285A8 AWS::IAM::Policy Tue Nov 16 2021 10:38:39 GMT-0500 (Eastern Standard Time) Resource creation Initiated
⠹ Updating resources in the cloud. This may take a few minutes...
CREATE_COMPLETE authTriggerFnServiceRoleDefaultPolicyEC9285A8 AWS::IAM::Policy Tue Nov 16 2021 10:38:52 GMT-0500 (Eastern Standard Time)
⠧ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS functioniwpkportal2735839927358399PostConfirmation AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:56 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS functioniwpkportal2735839927358399PreSignup AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:56 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS functionS3Trigger8d374d54 AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:56 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS authiwpkportal2735839927358399 AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:56 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE functionS3Trigger8d374d54 AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:57 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE functioniwpkportal2735839927358399PreSignup AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:57 GMT-0500 (Eastern Standard Time)
⠋ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_IN_PROGRESS amplify-iwpkportal-dev-204518-authiwpkportal2735839927358399-1M9DUX26KRYQB AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:57 GMT-0500 (Eastern Standard Time) User Initiated
⠸ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_IN_PROGRESS amplify-iwpkportal-dev-204518-functioniwpkportal2735839927358399PostConfirmation-1H9QYQ0TAGKLF AWS::CloudFormation::Stack Tue Nov 16 2021 10:38:57 GMT-0500 (Eastern Standard Time) User Initiated
⠼ Updating resources in the cloud. This may take a few minutes...
CREATE_IN_PROGRESS authTriggerFn7FCFA449 AWS::Lambda::Function Tue Nov 16 2021 10:38:54 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS authTriggerFn7FCFA449 AWS::Lambda::Function Tue Nov 16 2021 10:38:56 GMT-0500 (Eastern Standard Time) Resource creation Initiated
CREATE_COMPLETE authTriggerFn7FCFA449 AWS::Lambda::Function Tue Nov 16 2021 10:38:57 GMT-0500 (Eastern Standard Time)
⠸ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS UserPool AWS::Cognito::UserPool Tue Nov 16 2021 10:39:00 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE UserPool AWS::Cognito::UserPool Tue Nov 16 2021 10:39:01 GMT-0500 (Eastern Standard Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS LambdaFunction AWS::Lambda::Function Tue Nov 16 2021 10:38:59 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE LambdaFunction AWS::Lambda::Function Tue Nov 16 2021 10:39:02 GMT-0500 (Eastern Standard Time)
⠦ Updating resources in the cloud. This may take a few minutes...
CREATE_IN_PROGRESS CustomAuthTriggerResource Custom::CustomAuthTriggerResourceOutputs Tue Nov 16 2021 10:38:58 GMT-0500 (Eastern Standard Time)
CREATE_IN_PROGRESS CustomAuthTriggerResource Custom::CustomAuthTriggerResourceOutputs Tue Nov 16 2021 10:39:02 GMT-0500 (Eastern Standard Time) Resource creation Initiated
CREATE_COMPLETE CustomAuthTriggerResource Custom::CustomAuthTriggerResourceOutputs Tue Nov 16 2021 10:39:02 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS UserPoolClientRole AWS::IAM::Role Tue Nov 16 2021 10:39:03 GMT-0500 (Eastern Standard Time)
⠇ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE functioniwpkportal2735839927358399PostConfirmation AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:07 GMT-0500 (Eastern Standard Time)
⠴ Updating resources in the cloud. This may take a few minutes...
CREATE_COMPLETE amplify-iwpkportal-dev-204518-AuthTriggerCustomLambdaStack-OIH4ZOFQ2H88 AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:04 GMT-0500 (Eastern Standard Time)
⠙ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE UserPoolClientRole AWS::IAM::Role Tue Nov 16 2021 10:39:16 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS UserPoolClientLambda AWS::Lambda::Function Tue Nov 16 2021 10:39:17 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE UserPoolClientLambda AWS::Lambda::Function Tue Nov 16 2021 10:39:20 GMT-0500 (Eastern Standard Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-iwpkportal-dev-204518-authiwpkportal2735839927358399-1M9DUX26KRYQB AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:24 GMT-0500 (Eastern Standard Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE authiwpkportal2735839927358399 AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:30 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS authuserPoolGroups AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:31 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS apiiwpkportal AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:31 GMT-0500 (Eastern Standard Time)
⠇ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS FunctionDirectiveStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:57 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE FunctionDirectiveStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:57 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS PromotionalKit AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:57 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE PromotionalKit AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:57 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE XXXGroup AWS::Cognito::UserPoolGroup Tue Nov 16 2021 10:39:57 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE YYYYGroup AWS::Cognito::UserPoolGroup Tue Nov 16 2021 10:39:57 GMT-0500 (Eastern Standard Time)
UPDATE_IN_PROGRESS RoleMapFunction AWS::Lambda::Function Tue Nov 16 2021 10:39:57 GMT-0500 (Eastern Standard Time)
⠇ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS CustomResourcesjson AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:58 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE CustomResourcesjson AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:58 GMT-0500 (Eastern Standard Time)
⠇ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE RoleMapFunction AWS::Lambda::Function Tue Nov 16 2021 10:39:59 GMT-0500 (Eastern Standard Time)
UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-iwpkportal-dev-204518-authuserPoolGroups-B5QY3G82Q3V8 AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:01 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-iwpkportal-dev-204518-apiiwpkportal-M02S4B9CQDNU AWS::CloudFormation::Stack Tue Nov 16 2021 10:39:59 GMT-0500 (Eastern Standard Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE apiiwpkportal AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:06 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE authuserPoolGroups AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:06 GMT-0500 (Eastern Standard Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-iwpkportal-dev-204518 AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:08 GMT-0500 (Eastern Standard Time)
DELETE_IN_PROGRESS AuthTriggerCustomLambdaStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:09 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE functionS3Trigger8d374d54 AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:09 GMT-0500 (Eastern Standard Time)
⠦ Updating resources in the cloud. This may take a few minutes...
DELETE_IN_PROGRESS amplify-iwpkportal-dev-204518-AuthTriggerCustomLambdaStack-OIH4ZOFQ2H88 AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:10 GMT-0500 (Eastern Standard Time) User Initiated
DELETE_IN_PROGRESS UserPoolPostConfirmationLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:40:12 GMT-0500 (Eastern Standard Time)
DELETE_IN_PROGRESS CustomAuthTriggerResource Custom::CustomAuthTriggerResourceOutputs Tue Nov 16 2021 10:40:12 GMT-0500 (Eastern Standard Time)
DELETE_IN_PROGRESS UserPoolPreSignUpLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:40:12 GMT-0500 (Eastern Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
DELETE_COMPLETE CustomAuthTriggerResource Custom::CustomAuthTriggerResourceOutputs Tue Nov 16 2021 10:40:15 GMT-0500 (Eastern Standard Time)
DELETE_IN_PROGRESS authTriggerFn7FCFA449 AWS::Lambda::Function Tue Nov 16 2021 10:40:16 GMT-0500 (Eastern Standard Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE authuserPoolGroups AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:20 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE apiiwpkportal AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:20 GMT-0500 (Eastern Standard Time)
⠴ Updating resources in the cloud. This may take a few minutes...
DELETE_COMPLETE UserPoolPostConfirmationLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:40:22 GMT-0500 (Eastern Standard Time)
⠋ Updating resources in the cloud. This may take a few minutes...
DELETE_COMPLETE UserPoolPreSignUpLambdaInvokePermission AWS::Lambda::Permission Tue Nov 16 2021 10:40:23 GMT-0500 (Eastern Standard Time)
⠴ Updating resources in the cloud. This may take a few minutes...
DELETE_COMPLETE authTriggerFn7FCFA449 AWS::Lambda::Function Tue Nov 16 2021 10:40:24 GMT-0500 (Eastern Standard Time)
DELETE_IN_PROGRESS authTriggerFnServiceRoleDefaultPolicyEC9285A8 AWS::IAM::Policy Tue Nov 16 2021 10:40:25 GMT-0500 (Eastern Standard Time)
DELETE_COMPLETE authTriggerFnServiceRoleDefaultPolicyEC9285A8 AWS::IAM::Policy Tue Nov 16 2021 10:40:25 GMT-0500 (Eastern Standard Time)
DELETE_IN_PROGRESS authTriggerFnServiceRole08093B67 AWS::IAM::Role Tue Nov 16 2021 10:40:26 GMT-0500 (Eastern Standard Time)
DELETE_COMPLETE authTriggerFnServiceRole08093B67 AWS::IAM::Role Tue Nov 16 2021 10:40:27 GMT-0500 (Eastern Standard Time)
⠙ Updating resources in the cloud. This may take a few minutes...
DELETE_COMPLETE amplify-iwpkportal-dev-204518-AuthTriggerCustomLambdaStack-OIH4ZOFQ2H88 AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:28 GMT-0500 (Eastern Standard Time)
⠸ Updating resources in the cloud. This may take a few minutes...
DELETE_COMPLETE AuthTriggerCustomLambdaStack AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:31 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE functioniwpkportal2735839927358399PreSignup AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:32 GMT-0500 (Eastern Standard Time)
⠦ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE authiwpkportal2735839927358399 AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:43 GMT-0500 (Eastern Standard Time)
UPDATE_COMPLETE functioniwpkportal2735839927358399PostConfirmation AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:43 GMT-0500 (Eastern Standard Time)
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_COMPLETE amplify-iwpkportal-dev-204518 AWS::CloudFormation::Stack Tue Nov 16 2021 10:40:43 GMT-0500 (Eastern Standard Time)
⠹ Updating resources in the cloud. This may take a few minutes...
Following resources failed
Resource Name: amplify-iwpkportal-204518-auth-RoleMapFunction-xBvlhenmobHe (AWS::Lambda::Function)
Event Type: update
Reason: Resource update cancelled
URL: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/arn%3Aaws%3Acloudformation%3Aus-east-2%3A603415071357%3Astack%2Famplify-iwpkportal-dev-204518-authuserPoolGroups-B5QY3G82Q3V8%2F83837570-43cd-11ec-8524-06e5faa2db76/events
Resource Name: YYYY (AWS::Cognito::UserPoolGroup)
Event Type: update
Reason: User: arn:aws:iam::603415071357:user/amplify-cli is not authorized to perform: cognito-idp:UpdateGroup on resource: arn:aws:cognito-idp:us-east-2:603415071357:userpool/us-east-2_MGPal0u9x because no identity-based policy allows the cognito-idp:UpdateGroup action (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: AccessDeniedException; Request ID: 612abad6-c24f-4de7-adb5-c7165b9967ff; Proxy: null)
URL: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/arn%3Aaws%3Acloudformation%3Aus-east-2%3A603415071357%3Astack%2Famplify-iwpkportal-dev-204518-authuserPoolGroups-B5QY3G82Q3V8%2F83837570-43cd-11ec-8524-06e5faa2db76/events
Resource Name: us-east-2_MGPal0u9x-PROGRESSIVEGroupRole (AWS::IAM::Role)
Event Type: create
Reason: Resource creation cancelled
Resource Name: XXXX (AWS::Cognito::UserPoolGroup)
Event Type: update
Reason: User: arn:aws:iam::603415071357:user/amplify-cli is not authorized to perform: cognito-idp:UpdateGroup on resource: arn:aws:cognito-idp:us-east-2:603415071357:userpool/us-east-2_MGPal0u9x because no identity-based policy allows the cognito-idp:UpdateGroup action (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: AccessDeniedException; Request ID: 07f2c9e1-5b55-4fe8-b7d7-31d57dc1dce3; Proxy: null)
URL: https://console.aws.amazon.com/cloudformation/home?region=us-east-2#/stacks/arn%3Aaws%3Acloudformation%3Aus-east-2%3A603415071357%3Astack%2Famplify-iwpkportal-dev-204518-authuserPoolGroups-B5QY3G82Q3V8%2F83837570-43cd-11ec-8524-06e5faa2db76/events
✖ An error occurred when pushing the resources to the cloud
🛑 An error occurred during the push operation: Resource is not in the state stackUpdateComplete
➜ iwpk-portal git:(dev) ✗
Additional information
CLI output provided in details above. GROUP names changed to XXXX and YYYY. There are more groups, it’s only complaining about 2 of them.
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 18 (5 by maintainers)
Commits related to this issue
- fix: update cognito stack builder to set case sensitivity based on aliasAttribute fix: #8895 — committed to yuth/amplify-cli by yuth 3 years ago
- fix: update cognito stack builder to set case sensitivity based on aliasAttribute fix: #8895 — committed to yuth/amplify-cli by yuth 3 years ago
- fix: update cognito stack builder to set case sensitivity based on aliasAttribute (#9339) * fix: update cognito stack builder to set case sensitivity based on aliasAttribute fix: #8895 * fix: s... — committed to aws-amplify/amplify-cli by yuth 2 years ago
@michaelw90 Would you be able to provide us with the contents of your ‘amplify/backend/auth’ folder before the upgrade? That’ll help us repro the issue on our end. Thank you!
You can send it to amplify-cli@amazon.com