amplify-cli
amplify-cli copied to clipboard
aws-amplify
Amplify Auth Update fails with "Group already exists in Construct" error
Before opening, please confirm:
- [X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
- [X] I have searched for duplicate or closed issues.
- [X] I have read the guide for submitting bug reports.
- [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
- [X] I have removed any sensitive information from my code snippets and submission.
How did you install the Amplify CLI?
npm
If applicable, what version of Node.js are you using?
v16.13.0
Amplify CLI Version
7.6.26
What operating system are you using?
Mac
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
No manual changes made
Amplify Categories
auth, storage, function, api
Amplify Commands
push, update
Describe the bug
I am attempting to run amplify auth update so I can setup a new PreToken & PreSignup Lambda trigger, however, it prompts me to migrate our auth resource.
Selecting 'Y' throws the following error
Error: Error: There is already a Construct with name 'CustomGroup' in AmplifyUserPoolGroupStack [AmplifyUserPoolGroupStack]
at generateUserPoolGroupStackTemplate (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/utils/generate-user-pool-group-stack-template.js:11:15)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async updateUserPoolGroups (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/utils/synthesize-resources.js:215:9)
at async AmplifyAuthTransform.transform (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/auth-stack-builder/auth-stack-transform.js:326:13)
at async generateAuthStackTemplate (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/utils/generate-auth-stack-template.js:7:12)
at async checkAuthResourceMigration (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/utils/check-for-auth-migration.js:21:17)
at async Object.run (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/commands/auth/update.js:77:5)
at async Object.executeAmplifyCommand (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:340:5)
at async executePluginModuleCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:142:5)
at async executeCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:40:9)
at async Object.run (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/index.js:165:13)
and selecting 'N' & going through the update flow eventually throws
Error: Error: File at path: '~./cli-inputs.json' does not exist
I've gotten this error while using amplify versions 7.6.26 & 9.1.0.
Even after I select 'Y' to the migration (& see the error), I notice the following git changes, however, amplify push still fails with the same error as above
Changes not staged for commit:
(use "git add/rm <file>..." to update what will be committed)
(use "git restore <file>..." to discard changes in working directory)
deleted: amplify/backend/auth/userPoolGroups/parameters.json
deleted: amplify/backend/auth/userPoolGroups/template.json
modified: amplify/backend/auth/userPoolGroups/user-pool-group-precedence.json
deleted: amplify/backend/auth/www/parameters.json
deleted: amplify/backend/auth/www/www-cloudformation-template.yml
modified: amplify/cli.json
Untracked files:
(use "git add <file>..." to include in what will be committed)
amplify/backend/auth/www/cli-inputs.json
This is blocking our ability to use the amplify auth features, which are required for some crucial projects. Any guidance on how to move forward?
Expected behavior
We are successfully able to migrate auth without breaking our current auth system. As a note, we do use custom attributes.
Reproduction steps
- Migrate GraphQL transformer from v1 to v2
- Attempt to amplify auth update
- Answer 'y' or 'n' to migration and amplify push fails
Note we have a few custom attributes
For reference, this is what our auth structure looks like before migration:
.
GraphQL schema(s)
# Put schemas below this line
Project Identifier
No response
Log output
# Put your logs below this line
Additional information
No response
Hey @dhruvbansal2 :wave: thanks for raising this! I see you're using Amplify CLI v7.6.26, do you also experience this behavior with the latest version of the CLI v9.1.0? Since the release of 7.x several enhancements and bug fixes have been applied to assist with resource migrations.
Hey @dhruvbansal2 thanks for the clarification. I have a few additional follow-up questions:
- can you clarify how you've applied custom attributes prior to migrating?
- are you able to push after migrating (but before making further updates)?
- when migrating your GraphQL resource, does the CLI also prompt you to migrate auth?
Hi @josefaidt
- I'm not entirely sure how we initially set the attributes but I'm seeing the custom attributes set in the
www-cloudformation-template.ymlfile underschemainUserPoolas follows
- Name: custom_field_name
AttributeDataType: String
Required: 'false'
Mutable: 'true'
StringAttributeConstraints:
MinLength: '1'
MaxLength: '256'
This is a file we commit into our codebase as well.
-
After I run
amplify auth update& attempt toamplify push, I get the same error mentioned above (i.e. There is already a construct with name 'CustomGroup' etc.). -
We migrated our GraphQL resource (from transformer v1 to v2) a couple months ago. Since then, we have been prompted to also migrate auth but saw different errors when attempting to migrate auth & amplify push at that time. More specifically, in the past, the amplify auth migrate command wouldn't fail but amplify push would fail with the following error (note we were still on amplify 7.6.26 at that time).
Old error:
UPDATE_FAILED UserPool AWS::Cognito::UserPool Tue Apr 12 2022 17:36:41 GMT-0700
(Pacific Daylight Time) Existing schema attributes cannot be modified or deleted. (Service: AWSCognitoIdentityProvider;
Status Code: 400; Error Code: InvalidParameterException; Request ID: null; Proxy: null)
Now, re-visiting the issue, amplify auth update & amplify push now fail with the "There is already a construct with name CustomGroup..." error.
Hey @dhruvbansal2 :wave: thank you for the clarification and apologies for the delay! The "old error" mentioned in your previously reply is associated with #9525, however after migrating the resource we are no longer able to apply custom modifications to the CloudFormation templates and instead are recommended to use overrides, which has an example for Cognito custom attributes. Have you already ported these manual modifications or are you running into this issue after attempting to modify the CFN template in amplify/backend/auth/<resource-name>/build/cloudformation-template.json?
Hi @josefaidt - I was going to attempt using overrides (since we had created an AWS support ticket for this and they mentioned the same) but I couldn't get past the "new" error (i.e. Construct with name 'CustomGroup' already exists).
I can attempt to use overrides and see if it solves the "new" error but I don't see how that is the cause for the new error?
Hi @dhruvbansal2
From the error it seems that , if found a construct in userPool groups CFN template with name "CustomGroup".
Can you check in auth cli-inputs.json/parameters.json if you have two groups defined with same name ?
Thanks @akshbhu - that worked for the first error (silly error on my end - apologies).
Hi @josefaidt! Apologies for the delay
I ranamplify auth override and added the custom attributes in the override.ts file. I also temporarily removed the cloudformation-template.yml and ran amplify push but saw the same error below.
UPDATE_FAILED UserPool AWS::Cognito::UserPool Tue Apr 12 2022 17:36:41 GMT-0700
(Pacific Daylight Time) Existing schema attributes cannot be modified or deleted. (Service: AWSCognitoIdentityProvider;
Status Code: 400; Error Code: InvalidParameterException; Request ID: null; Proxy: null)
Going through the issue you linked, I verified my required attributes match what is currently set in Cognito. I also saw other suggestions to go back to an older version of amplify, however, that won't work as we have already migrated our API schema to the new transformer.
Hi @josefaidt - do you have any additional suggestions on how I can get around this?
Hey, apologies for a delay in a response. checking in to see if you are experiencing this issue.
Hi @ykethan! Yup, unfortunately still seeing the same issue (even after moving to amplify cli 9.2.0)
hey @dhruvbansal2, could you please run amplify diagnose --send-report and provide us the Project Identifier. This would enable us to dive deeper into the project.
hey @dhruvbansal2 , following up on this issue. Please do let us know if you require any assistance.
Hi @ykethan - thanks for following up & apologies for the delay!
We are still running into this issue & I'm in the process of running amplify diagnose --send-report.
Where can I get the project identifier (is that provided after running the command above)? Additionally, is there an email you would like me to send the identifier to or should I post it here?
@dhruvbansal2 , pasting the identifier here should be fine. On running the command the Amplify CLI should output the identifier.
Closing the issue as stale. Please feel free in reopening the issue and tagging us or create a new issue linking this issue. We would be happy in diving deeper.