amplify-backend icon indicating copy to clipboard operation
amplify-backend copied to clipboard
verified publisher icon aws-amplify

The role with name undefined cannot be found when using existing Cognito and existing data source.

Open marcomilon opened this issue 1 year ago • 2 comments

Environment information

System:
  OS: macOS 14.5
  CPU: (16) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
  Memory: 44.37 MB / 16.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 20.13.1 - /usr/local/bin/node
  Yarn: 1.22.19 - /usr/local/bin/yarn
  npm: 10.5.2 - /usr/local/bin/npm
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/backend: 1.0.3
  @aws-amplify/backend-cli: 1.0.4
  aws-amplify: Not Found
  aws-cdk: Not Found
  aws-cdk-lib: Not Found
  typescript: 5.4.5
AWS environment variables:
  AWS_STS_REGIONAL_ENDPOINTS = regional
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables

Description

How to reproduce

  1. Manually install AWS Amplify following this instructions https://docs.amplify.aws/react/start/manual-installation/
  2. Connect to existing AWS cognito following this instructions https://docs.amplify.aws/react/build-a-backend/auth/use-existing-cognito-resources/#use-auth-resources-with-an-amplify-backend
  3. Connect to an existing Mysql Database inside RDS following this instructions https://docs.amplify.aws/react/build-a-backend/data/connect-to-existing-data-sources/connect-postgres-mysql-database/
  4. run npx ampx sandbox

The Sandbox failed to build with this error. See Your CloudFormation for details.

data/amplifyData/AuthRolePolicy01 (amplifyDataAuthRolePolicy01567A5654) Resource handler returned message: "The role with name undefined cannot be found. (Service: Iam, Status Code: 404, Request ID: xxxx" (RequestToken: xxxxxxx, HandlerErrorCode: NotFound)

and

data/amplifyData/UnauthRolePolicy01 (amplifyDataUnauthRolePolicy01355B9DCF) Resource handler returned message: "The role with name undefined cannot be found. (Service: Iam, Status Code: 404, Request ID: xxx)" (RequestToken:xxxx, HandlerErrorCode: NotFound)

and more...

Expected result Sandbox builds successfully and uses existing datasource and existing Cognito.

Note If a define a new Cognito resource with defineAuth( inside amplify/auth/resources.ts everything works as expected.

marcomilon avatar Jun 20 '24 21:06 marcomilon

Update

If i use a custom authorization rule with a Lambda function. see https://docs.amplify.aws/react/build-a-backend/data/customize-authz/custom-data-access-patterns/

Everything works as expected.

marcomilon avatar Jun 21 '24 00:06 marcomilon

Hey @marcomilon, thank you for reaching out. Connecting an existing auth resource to the backend is currently not yet supported and is being tracked on https://github.com/aws-amplify/amplify-backend/issues/1548 RFC(request for comment) But i do think we could add a callout on the documentation on this behavior. Marking this as documentation.

ykethan avatar Jun 24 '24 18:06 ykethan

Closing this as a callout had been adding to the documentation referencing the RFC: https://docs.amplify.aws/react/build-a-backend/auth/use-existing-cognito-resources/#use-auth-resources-with-an-amplify-backend

ykethan avatar Aug 27 '24 15:08 ykethan