amplify-cli
amplify-cli copied to clipboard
Published
20 hours ago •
aws-amplify
aws-amplify
Lambda function additional access permissions to authgroups and auth throws error
How did you install the Amplify CLI?
npm
If applicable, what version of Node.js are you using?
No response
Amplify CLI Version
10.5.2
What operating system are you using?
Mac
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
no
Describe the bug
related to https://github.com/aws-amplify/amplify-cli/issues/11260
Creating a Lambda function and providing additional access permissions to auth and auth groups throws the following error:
Could not get policies for auth: userPoolGroups
Policies cannot be added for auth
TypeError: Cannot destructure property 'serviceWalkthroughFilename' of 'getSupportedServices(...)[service]' as it is undefined.
Full stack error in 10.5.2
? Select the categories you want this function to have access to. auth
? Auth has 2 resources in this project. Select the one you would like your Lambda to access test9b389920, userPoolGroups
? Select the operations you want to permit on test9b389920 create, read, update, delete
? Select the operations you want to permit on userPoolGroups create, read, update, delete
Could not get policies for auth: userPoolGroups
Policies cannot be added for auth
TypeError: Cannot destructure property 'serviceWalkthroughFilename' of 'getSupportedServices(...)[service]' as it is undefined.
at Object.getPermissionPolicies (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/index.js:359:13)
at /snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:319:67
at Array.forEach (<anonymous>)
at getPermissionPolicies (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:314:37)
at AmplifyToolkit.invokePluginMethod [as _invokePluginMethod] (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/extensions/amplify-helpers/invoke-plugin-method.js:39:12)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async getResourcesForCfn (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:183:56)
at async askExecRolePermissionsQuestions (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:113:66)
at async Object.createWalkthrough (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/lambda-walkthrough.js:53:83)
at async addFunctionResource (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/index.js:78:9)
at async Object.executeAmplifyCommand (/snapshot/repo/build/node_modules/amplify-category-function/lib/index.js:267:5)
at async executePluginModuleCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:142:5)
at async executeCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:40:9)
at async Object.run (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/index.js:153:5)
Stack error in 11.0.0-beta.3
Could not get policies for auth: userPoolGroups
PluginPolicyAddError: Policies cannot be added for auth
at askExecRolePermissionsQuestions (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:129:23)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async Object.createWalkthrough (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/lambda-walkthrough.js:53:83)
at async addFunctionResource (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/index.js:78:9)
at async Object.executeAmplifyCommand (/snapshot/repo/build/node_modules/amplify-category-function/lib/index.js:268:5)
at async executePluginModuleCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:142:5)
at async executeCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:40:9)
at async Object.run (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/index.js:119:5)
There was an error adding the function resource
additionally, observed that in 10.5.2 the command line moves to the next steps. In 11.0.0.beta.3 it fails and ends the prompt.
Expected behavior
provide access permissions.
Reproduction steps
- create auth resource and user pool groups
- create a lambda function and select additional permissions with the following prompts
? Select the categories you want this function to have access to. auth
? Auth has 2 resources in this project. Select the one you would like your Lambda to access <auth_resource_name>, userPoolGroups
? Select the operations you want to permit on <auth_resource_name> create, read, update, delete
? Select the operations you want to permit on userPoolGroups create, read, update, delete
Project Identifier
8afb68f0e5003cc86406734346d70352
Log output
# Put your logs below this line
Additional information
No response
Before submitting, please confirm:
- [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
- [X] I have removed any sensitive information from my code snippets and submission.
How did you install the Amplify CLI? npm
If applicable, what version of Node.js are you using? No response
Amplify CLI Version node -v v18.16.0
What operating system are you using? macOS 13.4 (22F66)
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made. no
Describe the bug: I'm having the same issue as @ykethan when attempting to add update cognito groups permissions in my lambda.
? Select the Lambda function you want to update signUp
General information
- Name: signUp
- Runtime: nodejs
Resource access permission
- api (Mutation)
Scheduled recurring invocation
- Not configured
Lambda layers
- Not configured
Environment variables:
- Not configured
Secrets configuration
- Not configured
? Which setting do you want to update? Resource access permissions
? Select the categories you want this function to have access to. api, auth
? Select the operations you want to permit on api Mutation
? Auth has 2 resources in this project. Select the one you would like your Lambda to access userPoolGroups
? Select the operations you want to permit on userPoolGroups update
Could not get policies for auth: userPoolGroups
PluginPolicyAddError: Policies cannot be added for auth
at askExecRolePermissionsQuestions (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:148:23)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Object.updateWalkthrough (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/lambda-walkthrough.js:197:38)
at async updateFunctionResource (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/index.js:158:22)
at async Object.executeAmplifyCommand (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-function/lib/index.js:277:5)
at async executePluginModuleCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:135:5)
at async executeCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:33:9)
at async Object.run (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/index.js:117:5)
There was an error adding the function resource```
Project Identifier: 85566697d07d4a2848190386e0d6007f
We've hit this too - there's no explanation for why.
And I'm amazed there's not even the semblance of a reply to it... :-\
Those issues that stay unanswered for years are starting to make me wonder if amplify really is worth the trouble
