amplify-cli
amplify-cli copied to clipboard
aws-amplify
How to repair UserPool drift caused by #9525
Before opening, please confirm:
- [X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
- [X] I have searched for duplicate or closed issues.
- [X] I have read the guide for submitting bug reports.
- [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
- [X] I have removed any sensitive information from my code snippets and submission.
How did you install the Amplify CLI?
npm
If applicable, what version of Node.js are you using?
v14.18.1
Amplify CLI Version
7.6.8
What operating system are you using?
Mac
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
No manual changes made
Amplify Categories
auth
Amplify Commands
push
Describe the bug
Hello!
My prod userpool was affected by this bug:
https://github.com/aws-amplify/amplify-cli/issues/9525#issuecomment-1017668783
Essentially, I had setup that I duplicated into a new amplify env prod. This prod userpool was created with only 1 of the required attributes from my repo.
I pushed with:
"requiredAttributes": [
"email",
"family_name",
"given_name",
"picture"
],
But the userpool was only created with "picture" as a required attribute. This has blocked us from upgrading the CLI, and I thought that I could get away with just upgrading the attributes to only include picture (Since that's what was going on in prod the whole time anyway).
So I changed cli-inputs.json to have:
"requiredAttributes": [
"picture"
],
This seems to have fixed our production pipeline on latest CLI as we are able to push to prod with latest CLI version.
However, now the repo doesn't match the rest of the environments we've created (sandboxes, internal, etc.) as they all have the 4 required attributes, and attempting to push gets this error:
Cognito configuration in the cloud has drifted from local configuration. Present changes cannot be pushed until drift is fixed. requiredAttributes requested is ["picture"], but ["email","family_name","given_name","picture"] is required by Cognito configuration. Update /Users/artdiniz/workspace/ruso/amplify/backend/auth/lighthall/cli-inputs.json to continue.
How can we get around this?
Expected behavior
Would love to be able to consolidate this issue either by removing attributes across the board or being able to have consistency between repo and all the userpools. It's our production userpool so we need to keep the user data and all.
Reproduction steps
Create 1st userpool and push it Grab version https://github.com/aws-amplify/amplify-cli/issues/9525#issuecomment-1017668783 Create new amplify env and push, creating 2nd userpool with drift Upgrade CLI, now unable to push
GraphQL schema(s)
# Put schemas below this line
Log output
# Put your logs below this line
Additional information
No response
@SaileshKumar if the auth resource in your sandbox / internal environments doesn't contain any user data that you need to retain, the simplest solution would be to delete and recreate those resources with the same config as the production auth resource.
If recreating those user pools is not an option, you may be able to export / import the users into a new pool with the correct config or set up a pre-push hook to swap out the config when pushing in your dev environments.
The sandbox environments don't have any user data that need to be retained, just production.
Is the solution here to do something like:
- Keep cli-inputs.json as :
"requiredAttributes": [
"picture"
],
- amplify remove auth
- amplify add auth
- amplify push
Hey @SaileshKumar I believe you will want to remove and re-add the auth resource using the configuration from your other environments that match the rest of repo. From your original post the required attributes would be:
"requiredAttributes": [
"email",
"family_name",
"given_name",
"picture"
],
It's our production userpool so we need to keep the user data and all.
Given this note and your affected user pool is in your production environment, I would recommend following @edwardfoyle 's recommendation of exporting and importing your users into the new pool. If you would not like to go that route we can swap the configuration for the other environments to match production.
@josefaidt I am having this issue with my production environment. I have user data that I cannot afford to lose. I am on CLI 8.1.0.
Could you open this back up? I already commented on #9525 ("Invalid AttributeDataType input" error), but I believe that as a separate issue. This issue tracks the drift error message specifically.
It seems to me the drift warning is not a bug, it is in fact a safeguard to prevent the questionable solution people are using to fix the Invalid AttributeDataType error.
@josefaidt +1 to re-open I am experiencing this on my prod environment as well and it is preventing me from doing any updates 😥. I am on version 8.5.1 but was on 7.6.5 when this issues started occurring. I had a work around by manually updating templates every time I was on 7.6.5 but now I have moved to 8 this doesn't work anymore.
Hey @djsjr and @bobalucard apologies for the delay! I've re-opened this issue to investigate further 🙂
Hey @SaileshKumar @bobalucard and @djsjr following up on this one, and we will aim to add documentation regarding backing up and migrating Cognito User Pools, as well as closely track this feature request for adding a user migration trigger in the auth category flows https://github.com/aws-amplify/amplify-cli/issues/4577
@josefaidt sounds good. Awaiting those docs so I can migrate. Any timeframe for those?