Search code examples
aws-cloudformationamazon-cognitoaws-amplifyaws-amplify-cli

How to make Amplify CloudFormation aware of changes made outside of it

I ended up on a point that Amplify fails to push any change I made, with a non existent UserPool clientId exception.

Something like

Resource Name: XXXXXXXXXXX (AWS::Cognito::UserPoolClient) Event Type: update Reason: User pool client does not exist. (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: ResourceNotFoundException; Request ID: YYYYYYYYYYYYYYYYYY URL: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/xxxxxxxxxxx

I have explained my whole journey on a Github issue for Amplify Cli that you can see here, unfortunately, I'm not getting much support from Amplify team, as you can see there.

I also have created a StackOverflow question with the initial problem I was facing, that you can check here

After digging more into this issue for 3-4 long days, as this issue is blocking my deployment, I came to a guess to what happened:

  • I have added auth to my amplify project months ago
  • Eventually, I noticed one of the created clients were not being used, so I have deleted it, using the Cognito console.
  • I had not updated the auth during months
  • Now that I have introduced the social authentication Amplify tried to update it and because of the client Id not existing anymore, it can't and raises the mentioned error.

Now, anything I try to update it fails, and I guess the reason is this out of sync between what Amplify expects and what actually is the infra.

Every time I pull --restore my environment, I get my amplify-meta.json updated with this invalid client Id (and yes, I have tried changing it on the local amplify-meta.json and pushing it), something like:

"auth": {
    "myproject": {
        "service": "Cognito",
        "providerPlugin": "awscloudformation",
        "output": {
            "GoogleWebClient": "111111111.apps.googleusercontent.com",
            "AppClientSecret": "aaaaaaaaaaa",
            "UserPoolId": "region-pooId",
            "AppClientIDWeb": "VALID ID",
            "AppClientID": "INVALID ID",
            "FacebookWebClient": "2222222222",
            "IdentityPoolId": "region:Id",
            "IdentityPoolName": "myproject__env",
            "UserPoolName": "mypoolname"
        },
        "lastPushTimeStamp": "2020-05-13T20:48:29.797Z",
        "providerMetadata": {
            "s3TemplateURL": "https://s3.amazonaws.com/myproject-deployment/amplify-cfn-templates/auth/lexis-cloudformation-template.yml",
            "logicalId": "authmyproject"
        },
        "lastPushDirHash": "XXXXXXXXXXXXXX="
    }
},

I have a different valid ClientId on my Cognito, so on my last resort, what I have tried is going direct to the S3TemplateURL pointed on this code and updating it there to the valid one, my guess was that this file was the single point of truth for Amplify. But no success, still getting the same wrong Id after pull restore.

Any idea how can I make Amplify in sync again? Making it aware that this ClientId doesn't exist anymore and just getting rid of it on the CloudFormation/Templates?

Solution

  • Amplify Cli is not supporting this feature.

    I had the same problem. I updated Appsync and Cognitor in the cloud and I cannot pull the changes to my project.

    When I run amplify status, it said no changes.

    So I contacted AWS support and they said this is coming feature.

    The solution is to change everything in amplify cli and manage amplify in the console. Don't change anything in the cloud.