amplify-cli
amplify-cli copied to clipboard
aws-amplify
Ampilfy push or build gives me "Invalid AttributeDataType input" error after adding analytics to existing project auth that was building fine
Before opening, please confirm:
- [X] I have installed the latest version of the Amplify CLI (see above), and confirmed that the issue still persists.
- [X] I have searched for duplicate or closed issues.
- [X] I have read the guide for submitting bug reports.
- [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
How did you install the Amplify CLI?
npm
If applicable, what version of Node.js are you using?
14.17.3
Amplify CLI Version
7.6.5
What operating system are you using?
mac
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
No manual changes made
Amplify Categories
auth, analytics
Amplify Commands
push
Describe the bug
I can't push changes from amplify cli or deploy code. I am always getting error " Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException"
Expected behavior
I should be able to make changes and have my builds complete
Reproduction steps
Added analytics to an already existing project that had auth and api I believe this made some changes to my user pool but not exactly sure what it did. Now I can't build or push new changes
GraphQL schema(s)
# Put schemas below this line
Log output
# Put your logs below this line
`This will overwrite your current graphql queries, mutations and subscriptions Yes
⠙ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-recommendednext-dev-135335 AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:43 GMT-0600 (Central Standard Time) User Initiated
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:49 GMT-0600 (Central Standard Time)
UPDATE_IN_PROGRESS apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:50 GMT-0600 (Central Standard Time)
UPDATE_IN_PROGRESS authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:50 GMT-0600 (Central Standard Time)
UPDATE_COMPLETE analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:51 GMT-0600 (Central Standard Time)
⠦ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:51 GMT-0600 (Central Standard Time) User Initiated
⠧ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS amplify-recommendednext-dev-135335-apirecommendednext-IV5UBMFSEAPP AWS::CloudFormation::Stack Thu Jan 13 2022 12:52:50 GMT-0600 (Central Standard Time) User Initiated
⠴ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS hu Jan 13 2022 12:52:58 GMT-0600 (Central Standard Time)
UPDATE_IN_PROGRESS GraphQLAPITransformerSchema3CB2AE18 AWS::AppSync::GraphQLSchema Thu Jan 13 2022 12:52:58 GMT-0600 (Central Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE Thu Jan 13 2022 12:53:00 GMT-0600 (Central Standard Time)
⠸ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS UserPool AWS::Cognito::UserPool Thu Jan 13 2022 12:53:03 GMT-0600 (Central Standard Time)
⠏ Updating resources in the cloud. This may take a few minutes...
UPDATE_FAILED UserPool AWS::Cognito::UserPool Thu Jan 13 2022 12:53:07 GMT-0600 (Central Standard Time) Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: da231749-bcfb-4c6f-9aaa-80f13849794e; Proxy: null)
UPDATE_ROLLBACK_IN_PROGRESS amplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:08 GMT-0600 (Central Standard Time) The following resource(s) failed to update: [UserPool].
⠋ Updating resources in the cloud. This may take a few minutes...
UPDATE_FAILED authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:13 GMT-0600 (Central Standard Time) Embedded stack arn:aws:cloudformation:us-east-1:606803379457:stack/amplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB/e88b2a20-724f-11ec-a572-0a85688e4491 was not successfully updated. Currently in UPDATE_ROLLBACK_IN_PROGRESS with reason: The following resource(s) failed to update: [UserPool].
⠦ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_IN_PROGRESS amplify-recommendednext-dev-135335-apirecommendednext-IV5UBMFSEAPP AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:14 GMT-0600 (Central Standard Time) Initiated by parent stack
UPDATE_FAILED GraphQLAPITransformerSchema3CB2AE18 AWS::AppSync::GraphQLSchema Thu Jan 13 2022 12:53:14 GMT-0600 (Central Standard Time) Resource update cancelled
⠹ Updating resources in the cloud. This may take a few minutes...
UPDATE_FAILED apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:25 GMT-0600 (Central Standard Time) Resource update cancelled
⠙ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_IN_PROGRESS amplify-recommendednext-dev-135335 AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:26 GMT-0600 (Central Standard Time) The following resource(s) failed to update: [apirecommendednext, authrecommended].
⠇ Updating resources in the cloud. This may take a few minutes...
UPDATE_IN_PROGRESS apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:47 GMT-0600 (Central Standard Time)
UPDATE_IN_PROGRESS analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:47 GMT-0600 (Central Standard Time)
UPDATE_IN_PROGRESS authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:48 GMT-0600 (Central Standard Time)
UPDATE_COMPLETE analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:53:48 GMT-0600 (Central Standard Time)
⠼ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE UserPool AWS::Cognito::UserPool Thu Jan 13 2022 12:54:18 GMT-0600 (Central Standard Time)
UPDATE_IN_PROGRESS GraphQLAPITransformerSchema3CB2AE18 AWS::AppSync::GraphQLSchema Thu Jan 13 2022 12:54:17 GMT-0600 (Central Standard Time)
UPDATE_IN_PROGRESS GraphQLAPIDefaultApiKey215A6DD7 AWS::AppSync::ApiKey Thu Jan 13 2022 12:54:17 GMT-0600 (Central Standard Time)
UPDATE_COMPLETE GraphQLAPIDefaultApiKey215A6DD7 AWS::AppSync::ApiKey Thu Jan 13 2022 12:54:19 GMT-0600 (Central Standard Time)
⠇ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:22 GMT-0600 (Central Standard Time)
⠸ Updating resources in the cloud. This may take a few minutes...
UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:29 GMT-0600 (Central Standard Time)
⠧ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:35 GMT-0600 (Central Standard Time)
UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS amplify-recommendednext-dev-135335 AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:38 GMT-0600 (Central Standard Time)
⠧ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE analyticsrecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:40 GMT-0600 (Central Standard Time)
⠙ Updating resources in the cloud. This may take a few minutes...
UPDATE_COMPLETE authrecommended AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:50 GMT-0600 (Central Standard Time)
UPDATE_COMPLETE apirecommendednext AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:50 GMT-0600 (Central Standard Time)
UPDATE_ROLLBACK_COMPLETE amplify-recommendednext-dev-135335 AWS::CloudFormation::Stack Thu Jan 13 2022 12:54:50 GMT-0600 (Central Standard Time)
⠦ Updating resources in the cloud. This may take a few minutes...
Following resources failed
Resource Name: us-east-1_90zp5zw6q (AWS::Cognito::UserPool)
Event Type: update
Reason: Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: da231749-bcfb-4c6f-9aaa-80f13849794e; Proxy: null)
URL: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/arn%3Aaws%3Acloudformation%3Aus-east-1%3A606803379457%3Astack%2Famplify-recommendednext-dev-135335-authrecommended-1WZ8ZJT8ZUTMB%2Fe88b2a20-724f-11ec-a572-0a85688e4491/events
Resource Name: xedizi2s55fctk4dhw2ufv7rwmGraphQLSchema (AWS::AppSync::GraphQLSchema)
Event Type: update
Reason: Resource update cancelled
URL: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/arn%3Aaws%3Acloudformation%3Aus-east-1%3A606803379457%3Astack%2Famplify-recommendednext-dev-135335-apirecommendednext-IV5UBMFSEAPP%2F3b188f00-7253-11ec-8e7c-0a492b04931b/events
Additional information
exact same issue as https://github.com/aws-amplify/amplify-cli/issues/2309 but it appears this has come back. Also seems like some else is having the same issue but they closed their issue https://github.com/aws-amplify/amplify-cli/issues/9510
Customers in https://github.com/aws-amplify/amplify-cli/issues/9532 are reporting downgrade to CLI v7.6.8 works around this issue
Can you please share your user pool configuration? Also your cli-inputs.json contents?
Just started getting this issue today. cli-inputs.json:
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "identitypool",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "tradif124df7d7",
"userPoolName": "userpool",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OPTIONAL",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"email",
"name",
"phone_number"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"email"
],
"userpoolClientReadAttributes": [
"email"
],
"userpoolClientLambdaRole": "auth124df7d7_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"sharedId": "124df7d7",
"resourceName": "auth",
"authSelections": "identityPoolAndUserPool",
"useDefault": "manual",
"thirdPartyAuth": false,
"usernameAttributes": [
"email, phone_number"
],
"userPoolGroups": false,
"adminQueries": false,
"triggers": {},
"hostedUI": false,
"userPoolGroupList": [],
"serviceName": "Cognito",
"usernameCaseSensitive": false,
"useEnabledMfas": true
}
}
Can also confirm pinning CLI to 7.6.8 resolves the issue
Same... Literally just started happening now ... i am using v 7.5.0
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "snip3r2c20128c_identitypool_2c20128c",
"allowUnauthenticatedIdentities": true,
"resourceNameTruncated": "snip3r2c20128c",
"userPoolName": "snip3r2c20128c_userpool_2c20128c",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Snip3r Bot - Verification Code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"address",
"email",
"locale"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"nickname",
"address",
"email",
"locale"
],
"userpoolClientReadAttributes": [
"address",
"email",
"locale"
],
"userpoolClientLambdaRole": "snip3r2c20128c_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"sharedId": "2c20128c",
"resourceName": "snip3rAuth",
"authSelections": "identityPoolAndUserPool",
"useDefault": "manual",
"thirdPartyAuth": false,
"usernameAttributes": [
"email"
],
"userPoolGroups": false,
"adminQueries": false,
"triggers": {
"PostConfirmation": [
"add-to-group"
]
},
"hostedUI": false,
"userPoolGroupList": [],
"serviceName": "Cognito",
"usernameCaseSensitive": false,
"useEnabledMfas": true,
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"dependsOn": [
{
"category": "function",
"resourceName": "snip3rAuthPostConfirmation",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
}
],
"permissions": [
"{\n \"policyName\": \"AddToGroupCognito\",\n \"trigger\": \"PostConfirmation\",\n \"effect\": \"Allow\",\n \"actions\": [\n \"cognito-idp:AdminAddUserToGroup\",\n \"cognito-idp:GetGroup\",\n \"cognito-idp:CreateGroup\"\n ],\n \"resource\": {\n \"paramType\": \"!GetAtt\",\n \"keys\": [\n \"UserPool\",\n \"Arn\"\n ]\n }\n}"
],
"authTriggerConnections": "[\n {\n \"triggerType\": \"PostConfirmation\",\n \"lambdaFunctionName\": \"snip3rAuthPostConfirmation\"\n }\n]",
"authProviders": [],
"parentStack": {
"Ref": "AWS::StackId"
}
}
}
Hi,
I'm having the same issue even after being on amplify version 7.6.8. This seemed to happen to me after adding a new api
Error when running amplify push
Resource Name: ap-southeast-2_53aQwmrr9 (AWS::Cognito::UserPool)
Event Type: update
Reason: Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 69f5a5c3-19fa-4d9f-aad4-ea98766820dc; Proxy: null)
URL: https://console.aws.amazon.com/cloudformation/home?region=ap-southeast-2#/stacks/arn%3Aaws%3Acloudformation%3Aap-southeast-2%3A158495622644%3Astack%2Famplify-vewwebapp-dev-134339-authvewwebapp5d8cc702-CIHHXDGWYD27%2F871233c0-65f6-11ec-a198-0abe9ed47e04/events
my cli-inputs.json for the new api is
{
"version": 1,
"paths": {
"/payment": {
"permissions": {
"setting": "open"
},
"lambdaFunction": "createPayment"
}
}
}
my cli-inputs.json for auth is
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "vewwebapp5d8cc702_identitypool_5d8cc702",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "vewweb5d8cc702",
"userPoolName": "vewwebapp5d8cc702_userpool_5d8cc702",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"email",
"family_name",
"given_name"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"email"
],
"userpoolClientReadAttributes": [
"email"
],
"userpoolClientLambdaRole": "vewweb5d8cc702_userpoolclient_lambda_role",
"userpoolClientSetAttributes": false,
"authSelections": "identityPoolAndUserPool",
"resourceName": "vewwebapp5d8cc702",
"serviceName": "Cognito",
"useDefault": "defaultSocial",
"sharedId": "5d8cc702",
"userPoolGroupList": [],
"usernameAttributes": [
"email"
],
"usernameCaseSensitive": false,
"hostedUI": true,
"triggers": {},
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"useEnabledMfas": true,
"dependsOn": [],
"parentStack": {
"Ref": "AWS::StackId"
},
"permissions": [],
"hostedUIDomainName": "vewwebappa599d801-a599d801",
"authProvidersUserPool": [
"Facebook",
"Google"
],
"hostedUIProviderMeta": "[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"last_name\",\"given_name\":\"first_name\",\"username\":\"id\"}},{\"ProviderName\":\"Google\",\"authorize_scopes\":\"openid email profile\",\"AttributeMapping\":{\"email\":\"email\",\"family_name\":\"family_name\",\"given_name\":\"given_name\",\"username\":\"sub\"}}]",
"oAuthMetadata": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"https://localhost:3000/signout/\"]}",
"authProviders": []
}
}
Hi, we are facing the exactly same issue when we try to amplify push or build. We tried to downgrade the cli version but it's not fixing the issue.
See below the push issue :
UPDATE_FAILED
UserPool
AWS::Cognito::UserPool Mon Jan 17 2022 08:54:31 GMT+0100 (heure normale d’Europe centrale) Invalid AttributeDataType input, consider using the provided AttributeDataType enum. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: 4c47012b-d2b9-487b-969d-511499ef33d8; Proxy: null)
Our cli-inputs.json for auth is :
{
"version": "1",
"cognitoConfig": {
"identityPoolName": "xxxxxxx",
"allowUnauthenticatedIdentities": false,
"resourceNameTruncated": "xxxxxx",
"userPoolName": "xxxxx",
"autoVerifiedAttributes": [
"email"
],
"mfaConfiguration": "OFF",
"mfaTypes": [
"SMS Text Message"
],
"smsAuthenticationMessage": "Your authentication code is {####}",
"smsVerificationMessage": "Your verification code is {####}",
"emailVerificationSubject": "Your verification code",
"emailVerificationMessage": "Your verification code is {####}",
"defaultPasswordPolicy": false,
"passwordPolicyMinLength": 8,
"passwordPolicyCharacters": [],
"requiredAttributes": [
"email",
"name"
],
"aliasAttributes": [],
"userpoolClientGenerateSecret": false,
"userpoolClientRefreshTokenValidity": 30,
"userpoolClientWriteAttributes": [
"email"
],
"userpoolClientReadAttributes": [
"email"
],
"userpoolClientLambdaRole": "xxxxxx",
"userpoolClientSetAttributes": false,
"sharedId": "xxxx",
"resourceName": "xxxxx",
"authSelections": "identityPoolAndUserPool",
"useDefault": "default",
"usernameAttributes": [
"email"
],
"triggers": {
"PostConfirmation": [
"add-to-group"
],
"PreSignup": [
"email-filter-denylist"
]
},
"userPoolGroupList": [],
"serviceName": "Cognito",
"usernameCaseSensitive": false,
"useEnabledMfas": true,
"authRoleArn": {
"Fn::GetAtt": [
"AuthRole",
"Arn"
]
},
"unauthRoleArn": {
"Fn::GetAtt": [
"UnauthRole",
"Arn"
]
},
"breakCircularDependency": true,
"dependsOn": [
{
"category": "function",
"resourceName": "xxxxx",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
},
{
"category": "function",
"resourceName": "xxxx",
"triggerProvider": "Cognito",
"attributes": [
"Arn",
"Name"
]
}
],
"permissions": [
"{\n \"policyName\": \"AddToGroupCognito\",\n \"trigger\": \"PostConfirmation\",\n \"effect\": \"Allow\",\n \"actions\": [\n \"cognito-idp:AdminAddUserToGroup\",\n \"cognito-idp:GetGroup\",\n \"cognito-idp:CreateGroup\"\n ],\n \"resource\": {\n \"paramType\": \"!GetAtt\",\n \"keys\": [\n \"UserPool\",\n \"Arn\"\n ]\n }\n}"
],
"authTriggerConnections": "[\n {\n \"triggerType\": \"PostConfirmation\",\n \"lambdaFunctionName\": \"xxxxxx\"\n },\n {\n \"triggerType\": \"PreSignUp\",\n \"lambdaFunctionName\": \"xxxxxxx\"\n }\n]",
"adminQueryGroup": "adminQueries",
"parentStack": {
"Ref": "AWS::StackId"
}
}
}
The issue is bloking us for deploying our new version.. Did you identify which is the invalid attributeDataType ? thanks for your help
Hi, I have fixed my issue => Pushing only my auth again have fixed the issue my steps:
- Modify something inside cli-inputs.json of backend auth (positon of attributes etc..) (to be able to update the auth with amplify push)
- Amplify push After the Amplify update, I was able to push and build again... It's works for me but i can't explain what was the issue.
+1. I was experiencing this in the Amplify build console. Locking the version to 7.6.8 has resolved it temporarily.
same here but @julienlaurent-migsos solutlion did not work
I changed order of attributes in cli-inputs file amplify push recogniced a change but same error
anyone with another solution?
We are having a lot of trouble reproducing this internally. We have tried creating various configurations on various previous versions of the cli, then upgrading and trying to push something in hopes we can recreate the issue and track down the root cause. So far, nothing has worked (meaning, all of our pushes have been successful).
Please continue to share any information you may have that could help us debug this issue.
Here is my CLI-inputs: { "version": "1", "cognitoConfig": { "identityPoolName": "recommendednext75871224_identitypool_75871224", "allowUnauthenticatedIdentities": true, "resourceNameTruncated": "recomm75871224", "userPoolName": "recommendedPool", "autoVerifiedAttributes": [ "email" ], "mfaConfiguration": "OFF", "mfaTypes": [ "SMS Text Message" ], "smsAuthenticationMessage": "Your authentication code is {####}", "smsVerificationMessage": "Your verification code is {####}", "emailVerificationSubject": "Your verification code", "emailVerificationMessage": "Your verification code is {####}", "defaultPasswordPolicy": false, "passwordPolicyMinLength": 8, "passwordPolicyCharacters": [], "requiredAttributes": [ "email", "family_name", "given_name", "picture" ], "aliasAttributes": [], "userpoolClientGenerateSecret": false, "userpoolClientRefreshTokenValidity": 30, "userpoolClientWriteAttributes": [ "email" ], "userpoolClientReadAttributes": [ "email" ], "userpoolClientLambdaRole": "recomm75871224_userpoolclient_lambda_role", "userpoolClientSetAttributes": false, "sharedId": "75871224", "resourceName": "recommended", "authSelections": "identityPoolAndUserPool", "useDefault": "manual", "thirdPartyAuth": true, "authProviders": [ "graph.facebook.com", "accounts.google.com" ], "usernameAttributes": [ "email" ], "userPoolGroups": false, "adminQueries": false, "triggers": {}, "hostedUI": true, "hostedUIDomainName": "recommended", "authProvidersUserPool": [ "Facebook", "Google" ], "hostedUIProviderMeta": "[{"ProviderName":"Facebook","authorize_scopes":"email,public_profile","AttributeMapping":{"email":"email","family_name":"last_name","given_name":"first_name","picture":"picture","username":"id"}},{"ProviderName":"Google","authorize_scopes":"openid email profile","AttributeMapping":{"email":"email","family_name":"family_name","given_name":"given_name","picture":"picture","username":"sub"}}]", "oAuthMetadata": "{"AllowedOAuthFlows":["code"],"AllowedOAuthScopes":["phone","email","openid","profile","aws.cognito.signin.user.admin"],"CallbackURLs":["https://www.gorecommended.com/"],"LogoutURLs":["https://www.gorecommended.com/"]}", "userPoolGroupList": [], "serviceName": "Cognito", "usernameCaseSensitive": false, "useEnabledMfas": true, "authRoleArn": { "Fn::GetAtt": [ "AuthRole", "Arn" ] }, "unauthRoleArn": { "Fn::GetAtt": [ "UnauthRole", "Arn" ] }, "breakCircularDependency": true, "dependsOn": [] } }
I am particularly interested in the requiredAttributes of your generated cloudformation - especially if there are discrepancies between those and what's in cli-inputs.json. https://github.com/aws-amplify/amplify-cli/pull/9251 changed the behavior around that and was released in 9.7.9 which is when this issue seems to have arisen. I also wonder whether most of you are doing automated deployments via amplify console.
@johnpc I am doing automated deployments based on pushes to a github branch if that is what you mean
Thank you that is helpful.
I am able to reproduce your error when I manually edit my requiredAttributes in cli-inputs.json (in my case, I manually added "locale" to the list of required attributes).
I assume pushes with this error would succeed if the requiredAttributes field is set so that it matches your deployed Cognito configuration in the cloud. Would you mind trying that and seeing if it fixes your issue? Or at least checking to see whether there is a difference between the two?
I am still not sure what has caused this drift for so many customers.
So everything was fine when I was just using auth and api. The issue appeared when I added analytics. After running add analytics, there were a few options in which I kind of mindlessly choose the first option and should have paid more attention into what was actually happening. I didn't think these changes would alter my userpool to make it unuseable. I know for a fact this made changes to my cognito user pool as I hadn't touched it for a while.
My required attributes appear different than what is listed in the cli-inputs where as before they were the same. The ones in the cli-inputs are correct.
So only "picture" is required in your deployed Cognito environment, but your desired configuration is:
"requiredAttributes": [
"email",
"family_name",
"given_name",
"picture"
],
The way this looks is, your deployment was bitten by the bug that https://github.com/aws-amplify/amplify-cli/pull/9251 attempted to fix - only one of your required attributes was set in reality. However, since requiredAttributes cannot be edited after the Cognito resource is deployed (a Cognito limitation), it is causing an error where your deployments are failing.
I think this makes sense why downgrading is working for so many people. They're re-pushing with missing requiredAttributes when they downgrade, so the push matches what's in the cloud. Another "fix" to unblock deploying new changes would be to update requiredAttributes in your cli-inputs.json to match what's in the cloud (aka, change it so only "picture" is required")
The real long term fix would be to remove your Cognito configuration and replace it with a new one. Of course, you do not want to lose existing user data, so you'd have to migrate your users to a new, properly configured Cognito resource and then import the new auth resource to your app.
Hi @johnpc
I had a look in my configuration:
I have in cli-inputs.json
"requiredAttributes": [ "email", "website", "given_name", "family_name" ],
but in Cognito I see:
So all the values are there. But I have the same problem.
Did I miss something here?
BR
I have fixed my issue by following these steps:
-
check the Required attributes in User Pools
-
look into cli-inputs.json file "requiredAttributes": [ "email", "family_name", "given_name" ]
-
remove both "email" and "family_name"
-
run "amplify push"
-
redeploy in the console again
-
done!
anyone of you with this problem even when the required attributes are in sync? I have a custom attribute added but it worked for months without problems.
anyone of you with this problem even when the required attributes are in sync? I have a custom attribute added but it worked for months without problems.
I am having the same issue
anyone of you with this problem even when the required attributes are in sync? I have a custom attribute added but it worked for months without problems.
I am having the same issue
Glad that I am not the only one. Anyone with a solution here?
@dbeck121 I've created #9590 to address what I believe to be the root cause of this issue for most users (required attributes are out of sync).
If you are still experiencing the same error message when required attributes are in sync, then it must be some other parameter that has drifted. Can you notice any other differences between your cli-inputs configuration and your Cognito user pool?
For customers impacted by this, I recommend adding a PreSignUp lambda trigger (documentation here: https://docs.amplify.aws/cli/usage/lambda-triggers/#set-up-lambda-triggers) for your Cognito user pool. This allows you to run validation during user sign up to ensure all required properties are included.
For example, @Shomari desired these required attributes:
"requiredAttributes": [
"email",
"family_name",
"given_name",
"picture"
],
but the UserPool is stuck in state where only picture is required.
Since this property on the UserPool is immutable, the best way to ensure all required attributes are present for new sign ups is to add validation logic in a PreSignUp lambda trigger.
Hi @johnpc,
might it be that it is the custom attribute custom:company that I added in Cognito? I tried to add it to requiredAttributes but still the same error.
BR
@johnpc have you all figured out how or why this happened and addressed that. To be clear, my userpool DID have all of the same attributes. After adding analytics, amplify somehow made changes to my userpool and overwrote the required attributes there (which I thought was impossible but I guess not), which caused this out of sync issue. The overall fix would be to prevent this from happening to begin with. The purpose of using amplify and congito is to simplify this process. Having to create a validation lambda for something that cognito can and should handle already because amplify might mess it up later isn't a great experience IMO
+1 to what Shomari added.
I have been banging my head to find the differences b/w cli-inputs & cognito but can't find anything.
@johnpc Couple of asks:
- Can I generate cli-inputs from my Cognito user pool?
- How can I set that email should be sent with Amazon SES in the cli-inputs?
@Shomari I believe the root cause of this issue was fixed by https://github.com/aws-amplify/amplify-cli/pull/9251. I believe your Cognito user pool was sadly created with desired required attributes missing, as that field is not modifiable after creation. When you added analytics, that requires updates to modifiable fields on your user pool. So when you tried to push those additive changes, your pushes started to fail because Amplify also tried to fix requiredAttributes which is not modifiable.
Unfortunately, during the time before https://github.com/aws-amplify/amplify-cli/pull/9251 was released (between v7.3.0 and v7.6.9) amplify spun up these Cognito user pools with unexpected requiredAttributes parameter, and there is nothing that can be done about that now.
Adding a presignup lambda trigger or migrating your users off that Cognito user pool and into a new one are the only paths available, and we cannot do those for you from the CLI. Since migration would be a painful process, the presignup lambda is what I would recommend.