amplify-cli icon indicating copy to clipboard operation
amplify-cli copied to clipboard

Published 20 hours ago verified publisher icon aws-amplify

authRole policies not overridden in CD

Open maxludovicohofer opened this issue 2 years ago • 2 comments

Before opening, please confirm:

  • [X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
  • [X] I have searched for duplicate or closed issues.
  • [X] I have read the guide for submitting bug reports.
  • [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
  • [X] I have removed any sensitive information from my code snippets and submission.

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

14.17.3

Amplify CLI Version

7.6.24

What operating system are you using?

Deployment OS

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

This is my project override (in folder awscloudformation):

import { AmplifyRootStackTemplate } from "@aws-amplify/cli-extensibility-helper";

export function override(resources: AmplifyRootStackTemplate) {
  const authRole = resources.authRole;

  const basePolicies = Array.isArray(authRole.policies)
    ? authRole.policies
    : [authRole.policies];

  authRole.policies = [
    ...basePolicies,
    {
      policyName: "amplify-permissions-custom-resources",
      policyDocument: {
        Version: "2012-10-17",
        Statement: [
          //? Route calculator
          {
            Resource: "arn:aws:geo:eu-central-1:*:*",
            Action: ["geo:CalculateRoute*"],
            Effect: "Allow",
          },
        ],
      },
    },
  ];
}

Amplify Categories

auth, custom

Amplify Commands

push

Describe the bug

When pushing the backend env using amplify push from my local machine, the override policies are correctly applied. When the CD pushes through amplifyPush -s, the policies are not applied. I must note that the override file is still read by the CD, as any console logs in the override file are printed to the screen.

Expected behavior

CD should apply the policies to authRole, as does the local amplify push command.

Reproduction steps

  1. amplify override project
  2. Add code that I have written above
  3. Push to CD with the following build options:
version: 1
backend:
  phases:
    build:
      commands:
        - amplifyPush -s
frontend:
  phases:
    preBuild:
      commands:
        - npm ci
    build:
      commands:
        - REACT_APP_ENV=$USER_BRANCH npm run build
  artifacts:
    baseDirectory: build
    files:
      - '**/*'
  cache:
    paths:
      - node_modules/**/*
  1. Check if the policies have been applied to the role

GraphQL schema(s)

No response

Log output

No response

Additional information

No response

maxludovicohofer avatar Mar 17 '22 15:03 maxludovicohofer

Thanks for reporting this issue @maxludovicohofer! @ykethan was able to reproduce this so I've added the bug label.

jhockett avatar Mar 18 '22 22:03 jhockett

Also encountering this issue.

hannahtwobulls avatar Aug 30 '22 18:08 hannahtwobulls

is there a workaround for the issue?

chejimmy avatar Nov 03 '22 08:11 chejimmy

This issue appears to be persistent, is there currently a known workaround? I think it could perhaps be done by creating auth as a custom resource, however, that may take away from the framework benefits provided by Amplify.

dominic-mallo avatar Jul 24 '23 04:07 dominic-mallo