amplify-cli icon indicating copy to clipboard operation
amplify-cli copied to clipboard
verified publisher icon aws-amplify

Upgrade UpdateRolesWithIDPFuncti funtions to node last LTS

Open CGarces opened this issue 8 months ago • 2 comments

Amplify CLI Version

12.14.4

Question

How can I upgrade the functions amplify-*-UpdateRolesWithIDPFuncti-*?

That functions are internally created by amplify and not are part of the source code at git.

There is manual approach for amplify-login-* https://docs.amplify.aws/gen1/react/tools/console/adminui/access-management/#troubleshooting

But nothing about amplify-*-UpdateRolesWithIDPFuncti-*

Related to #7469 the said

Closing this issue as the migration for the latest node version is covered as a part of the latest version of the CLI But I can't see any reference of how LTS node versions are updated.

There is any migration process in the CLI or it's a manual process?

CGarces avatar Apr 16 '25 10:04 CGarces

Hey @CGarces, thank you for reaching out. Wanted to provide some information on the Lambda function named amplify-*-UpdateRolesWithIDPFuncti-*. The function is deployed as a Inline function by Amplify CLI when you run amplify add auth and is managed by Amplify CLI. https://github.com/aws-amplify/amplify-cli/blob/dev/packages/amplify-provider-awscloudformation/resources/update-idp-roles-cfn.json The function is to used to create and update the Auth and unAuth roles with trust policies to allow connection through the IDP.

  1. With the recent release Amplify CLI v13.0.0 the function does support node.js 22 as default runtime. You would need to update the Amplify CLI to latest by running amplify upgrade.
  2. Then invoke an update on the function, you could try invoking a update on the Auth resource by running amplify update auth. you may need to reselect existing auth options to trigger an update.
  3. Running amplify status to verify the change status or amplify build then verify the generated CloudFormation in the build folder.
  4. Run amplify push

Do let us if you require any additional clarification on the above information.

ykethan avatar Apr 22 '25 17:04 ykethan

Current vs Expected Behavior

flowchart TD
    A["User runs amplify add auth"] --> B["CLI generates UpdateRolesWithIDPFunction"]
    B --> C["Function deployed with current runtime"]
    C --> D["User wants to upgrade Node.js runtime"]
    D --> E["No clear upgrade path available"]
    
    subgraph "Problem"
        E --> F["Function runtime remains outdated"]
        F --> G["Potential security/performance issues"]
    end
    
    subgraph "Expected Fix"
        H["CLI upgrade updates function runtime"] --> I["amplify update auth triggers runtime update"]
        I --> J["Function deployed with latest Node.js LTS"]
    end

Hi @CGarces,

Thank you for bringing up this important question about upgrading the UpdateRolesWithIDPFunction to the latest Node.js LTS runtime.

You're correct that this function is internally managed by the Amplify CLI and not directly accessible in your source code. Based on the team member's response, the function should support Node.js 22 as the default runtime in CLI v13.0.0+.

Here's the recommended approach:

  1. Upgrade your CLI: Run amplify upgrade to ensure you have the latest version
  2. Trigger an update: Run amplify update auth and reselect your existing auth options to trigger an update
  3. Verify changes: Run amplify status to verify the change status
  4. Deploy: Run amplify push to deploy the updated function

The UpdateRolesWithIDPFunction is defined in the CLI's internal CloudFormation template and should automatically use the updated runtime when the auth stack is updated.

If you continue to experience issues with the runtime not updating, this might indicate a bug in the update mechanism. In that case, please share:

  • Your current CLI version (amplify --version)
  • The Node.js runtime version shown in your Lambda console for this function
  • Any error messages during the update process

We encourage community contributions to improve this update mechanism! The relevant code is in the push-resources.ts file where the function template is injected into the root stack.

Related Issues

  • Issue #13509: "Support for Node 20 for UpdateRolesWithIDPFunction and UserPoolClientLambda function" - This is the main feature request for the same functionality
  • Issue #13687: Reports throttling issues with UpdateRolesWithIDPFunction during deployment
  • Issue #7469: Referenced in the original issue as being closed with claims that migration is covered in latest CLI versions

While these issues share the same root cause (outdated Node.js runtime in CLI-generated functions), they represent different aspects of the problem and would require the same underlying fix.

pahud avatar Aug 20 '25 17:08 pahud