Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't create new amplify env because MFALambdaRole already exists #13783

Open
2 tasks done
DevTGhosh opened this issue May 16, 2024 · 1 comment
Open
2 tasks done

Can't create new amplify env because MFALambdaRole already exists #13783

DevTGhosh opened this issue May 16, 2024 · 1 comment
Labels
auth Issues tied to the auth category of the CLI pending-response Issue is pending response from the issue author pending-triage Issue is pending triage

Comments

@DevTGhosh
Copy link

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v20.11.0

Amplify CLI Version

12.9.0

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Describe the bug

Try to create a new amplify env and when you try to amplify push it fails with the following error

🛑 The following resources failed to deploy:
Resource Name: MFALambdaRole (AWS::IAM::Role)
Event Type: create
Reason: The policy chedar678aa9d9_sns_pass_role_policy already exists on the role chedar678aa9d9_totp_lambda_role-dev.

🛑 Resource is not in the state stackUpdateComplete
Name: MFALambdaRole (AWS::IAM::Role), Event Type: create, Reason: The policy chedar678aa9d9_sns_pass_role_policy already exists on the role chedar678aa9d9_totp_lambda_role-dev., IsCustomResource: false

Expected behavior

To be able to create a new amplify env.

Reproduction steps

  1. Create a new amplify env
  2. amplify push

Project Identifier

Project Identifier: c1df5805dc85b2b52388558184e19166

Log output

# Put your logs below this line

Additional information

My auth cloudformation template

{ "Description": "{\"createdOn\":\"Mac\",\"createdBy\":\"Amplify\",\"createdWith\":\"12.9.0\",\"stackType\":\"auth-Cognito\",\"metadata\":{}}", "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "env": { "Type": "String" }, "functionchedarAuthTestPostConfirmationArn": { "Type": "String", "Default": "functionchedarAuthTestPostConfirmationArn" }, "functionchedarAuthTestPostConfirmationName": { "Type": "String", "Default": "functionchedarAuthTestPostConfirmationName" }, "identityPoolName": { "Type": "String" }, "allowUnauthenticatedIdentities": { "Type": "String" }, "resourceNameTruncated": { "Type": "String" }, "userPoolName": { "Type": "String" }, "autoVerifiedAttributes": { "Type": "CommaDelimitedList" }, "mfaConfiguration": { "Type": "String" }, "mfaTypes": { "Type": "CommaDelimitedList" }, "smsAuthenticationMessage": { "Type": "String" }, "smsVerificationMessage": { "Type": "String" }, "emailVerificationSubject": { "Type": "String" }, "emailVerificationMessage": { "Type": "String" }, "defaultPasswordPolicy": { "Type": "String" }, "passwordPolicyMinLength": { "Type": "String" }, "passwordPolicyCharacters": { "Type": "CommaDelimitedList" }, "requiredAttributes": { "Type": "CommaDelimitedList" }, "aliasAttributes": { "Type": "CommaDelimitedList" }, "userpoolClientGenerateSecret": { "Type": "String" }, "userpoolClientRefreshTokenValidity": { "Type": "String" }, "userpoolClientWriteAttributes": { "Type": "CommaDelimitedList" }, "userpoolClientReadAttributes": { "Type": "CommaDelimitedList" }, "userpoolClientLambdaRole": { "Type": "String" }, "userpoolClientSetAttributes": { "Type": "String" }, "authSelections": { "Type": "String" }, "resourceName": { "Type": "String" }, "serviceName": { "Type": "String" }, "useDefault": { "Type": "String" }, "sharedId": { "Type": "String" }, "userPoolGroupList": { "Type": "CommaDelimitedList" }, "userPoolGroups": { "Type": "String" }, "usernameCaseSensitive": { "Type": "String" }, "adminQueries": { "Type": "String" }, "hostedUI": { "Type": "String" }, "triggers": { "Type": "String" }, "authRoleArn": { "Type": "String" }, "unauthRoleArn": { "Type": "String" }, "breakCircularDependency": { "Type": "String" }, "useEnabledMfas": { "Type": "String" }, "dependsOn": { "Type": "CommaDelimitedList" }, "permissions": { "Type": "CommaDelimitedList" }, "authTriggerConnections": { "Type": "CommaDelimitedList" }, "parentStack": { "Type": "String" }, "authProviders": { "Type": "CommaDelimitedList" }, "thirdPartyAuth": { "Type": "String" } }, "Conditions": { "ShouldNotCreateEnvResources": { "Fn::Equals": [ { "Ref": "env" }, "NONE" ] } }, "Resources": { "SNSRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "cognito-idp.amazonaws.com" }, "Action": [ "sts:AssumeRole" ], "Condition": { "StringEquals": { "sts:ExternalId": "chedar678aa9d9_role_external_id" } } } ] }, "Policies": [ { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "*" } ] }, "PolicyName": "chedar678aa9d9-sns-policy" } ], "RoleName": { "Fn::If": [ "ShouldNotCreateEnvResources", "chedar678aa9d9_sns-role", { "Fn::Join": [ "", [ "sns678aa9d9", { "Fn::Select": [ 3, { "Fn::Split": [ "-", { "Ref": "AWS::StackName" } ] } ] }, "-", { "Ref": "env" } ] ] } ] } } }, "UserPool": { "Type": "AWS::Cognito::UserPool", "Properties": { "AdminCreateUserConfig": { "InviteMessageTemplate": { "EmailMessage": "<title></title><style type=\"text/css\">#outlook a{padding:0}body{margin:0;padding:0;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}table,td{border-collapse:collapse;mso-table-lspace:0;mso-table-rspace:0}img{border:0;height:auto;line-height:100%;outline:0;text-decoration:none;-ms-interpolation-mode:bicubic}p{display:block;margin:0}</style><style type=\"text/css\"></style><style type=\"text/css\">@media only screen and (min-width:599px){.xc536{width:536px!important;max-width:536px}.xc600{width:600px!important;max-width:600px}.xc568{width:568px!important;max-width:568px}}</style><style media=\"screen and (min-width:599px)\">.moz-text-html .xc536{width:536px!important;max-width:536px}.moz-text-html .xc600{width:600px!important;max-width:600px}.moz-text-html .xc568{width:568px!important;max-width:568px}</style><style type=\"text/css\">@media only screen and (max-width:599px){table.fwm{width:100%!important}td.fwm{width:auto!important}}</style><style type=\"text/css\">#MessageViewBody a,a[x-apple-data-detectors],u+.emailify a{color:inherit!important;text-decoration:none!important;font-size:inherit!important;font-family:inherit!important;font-weight:inherit!important;line-height:inherit!important}span.MsoHyperlink{mso-style-priority:99;color:inherit}span.MsoHyperlinkFollowed{mso-style-priority:99;color:inherit}u+.emailify .glist{margin-left:0!important}@media only screen and (max-width:599px){.emailify{height:100%!important;margin:0!important;padding:0!important;width:100%!important}u+.emailify .glist{margin-left:25px!important}td.x{padding-left:0!important;padding-right:0!important}.fwm img{max-width:100%!important;height:auto!important}td.stk{border:0!important}br.sb{display:none!important}.thd-1 .i-thumbnail{display:inline-block!important;height:auto!important;overflow:hidden!important}.hd-1{display:block!important;height:auto!important;overflow:visible!important}.ht-1{display:table!important;height:auto!important;overflow:visible!important}.hr-1{display:table-row!important;height:auto!important;overflow:visible!important}.hc-1{display:table-cell!important;height:auto!important;overflow:visible!important}div.r.pr-16>div>table>tbody>tr>td,div.r.pr-16>table>tbody>tr>td{padding-right:16px!important}div.r.pl-16>div>table>tbody>tr>td,div.r.pl-16>table>tbody>tr>td{padding-left:16px!important}div.r.pt-0>div>table>tbody>tr>td,div.r.pt-0>table>tbody>tr>td{padding-top:0!important}div.r.pr-0>div>table>tbody>tr>td,div.r.pr-0>table>tbody>tr>td{padding-right:0!important}div.r.pb-0>div>table>tbody>tr>td,div.r.pb-0>table>tbody>tr>td{padding-bottom:0!important}div.r.pl-0>div>table>tbody>tr>td,div.r.pl-0>table>tbody>tr>td{padding-left:0!important}}</style>

Clap!

Thank you for signing up to your first scene

\"\"

Bienvenue,

Votre compte Chedar a bien été créé.

Vous trouverez ci-dessous les accès à votre compte:

  • Lien:app.chedar.fr
  • Nom d'utilisateur: {username}
  • Mot de passe temporaire: {####}

Notre centre de formation est accessible ici:learn.chedar.io

Happy budgeting,

l'Equipe Chedar

 

Si vous avez des soucis à vous connectez, veuillez nous contacter àsupport@chedar.fr

\"\"
", "EmailSubject": "You're Invited to Chedar!" } }, "AutoVerifiedAttributes": [ "email" ], "EmailConfiguration": { "EmailSendingAccount": "DEVELOPER", "From": "support@chedar.fr", "ReplyToEmailAddress": "support@chedar.fr", "SourceArn": "arn:aws:ses:eu-west-1:251651594881:identity/support@chedar.fr" }, "EmailVerificationMessage": { "Ref": "emailVerificationMessage" }, "EmailVerificationSubject": { "Ref": "emailVerificationSubject" }, "LambdaConfig": { "PostConfirmation": { "Ref": "functionchedarAuthTestPostConfirmationArn" } }, "MfaConfiguration": { "Ref": "mfaConfiguration" }, "Policies": { "PasswordPolicy": { "MinimumLength": { "Ref": "passwordPolicyMinLength" }, "RequireLowercase": false, "RequireNumbers": false, "RequireSymbols": false, "RequireUppercase": false, "TemporaryPasswordValidityDays": 60 } }, "Schema": [ { "Mutable": true, "Name": "email", "Required": true }, { "AttributeDataType": "String", "DeveloperOnlyAttribute": false, "Mutable": true, "Name": "tenantid", "Required": false } ], "SmsAuthenticationMessage": { "Ref": "smsAuthenticationMessage" }, "SmsConfiguration": { "ExternalId": "chedar678aa9d9_role_external_id", "SnsCallerArn": { "Fn::GetAtt": [ "SNSRole", "Arn" ] } }, "SmsVerificationMessage": { "Ref": "smsVerificationMessage" }, "UserAttributeUpdateSettings": { "AttributesRequireVerificationBeforeUpdate": [ "email" ] }, "UsernameConfiguration": { "CaseSensitive": false }, "UserPoolName": { "Fn::If": [ "ShouldNotCreateEnvResources", { "Ref": "userPoolName" }, { "Fn::Join": [ "", [ { "Ref": "userPoolName" }, "-", { "Ref": "env" } ] ] } ] }, "VerificationMessageTemplate": { "EmailMessage": "Your verification code for Chedar is {####}", "EmailSubject": "Your verification code for Chedar" } } }, "UserPoolPostConfirmationLambdaInvokePermission": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:invokeFunction", "FunctionName": { "Ref": "functionchedarAuthTestPostConfirmationName" }, "Principal": "cognito-idp.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "UserPool", "Arn" ] } } }, "chedarAuthTestPostConfirmationAddToGroupCognito": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-idp:AdminAddUserToGroup", "cognito-idp:GetGroup", "cognito-idp:CreateGroup" ], "Resource": { "Fn::GetAtt": [ "UserPool", "Arn" ] } } ] }, "PolicyName": "chedarAuthTestPostConfirmationAddToGroupCognito", "Roles": [ { "Fn::Join": [ "", [ "chedarAuthTestPostConfirmation-", { "Ref": "env" } ] ] } ] } }, "UserPoolClientWeb": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { "UserPoolId": { "Ref": "UserPool" }, "ClientName": "chedar678aa9d9_app_clientWeb", "ReadAttributes": [ "email", "custom:tenantid" ], "RefreshTokenValidity": { "Ref": "userpoolClientRefreshTokenValidity" }, "TokenValidityUnits": { "RefreshToken": "days" }, "WriteAttributes": [ "email", "custom:tenantid" ] }, "DependsOn": [ "UserPool" ] }, "UserPoolClient": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { "UserPoolId": { "Ref": "UserPool" }, "ClientName": "chedar678aa9d9_app_client", "GenerateSecret": { "Ref": "userpoolClientGenerateSecret" }, "ReadAttributes": [ "email", "custom:tenantid" ], "RefreshTokenValidity": { "Ref": "userpoolClientRefreshTokenValidity" }, "TokenValidityUnits": { "RefreshToken": "days" }, "WriteAttributes": [ "email", "custom:tenantid" ] }, "DependsOn": [ "UserPool" ] }, "UserPoolClientRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "RoleName": { "Fn::If": [ "ShouldNotCreateEnvResources", { "Ref": "userpoolClientLambdaRole" }, { "Fn::Join": [ "", [ "upClientLambdaRole678aa9d9", { "Fn::Select": [ 3, { "Fn::Split": [ "-", { "Ref": "AWS::StackName" } ] } ] }, "-", { "Ref": "env" } ] ] } ] } } }, "MFALambdaRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": { "Fn::If": [ "ShouldNotCreateEnvResources", "arn:aws:iam:::role/chedar678aa9d9_totp_lambda_role", { "Fn::Join": [ "", [ "arn:aws:iam:::role/chedar678aa9d9__totp_lambda_role-", { "Ref": "env" } ] ] } ] } } ] }, "PolicyName": "chedar678aa9d9_totp_pass_role_policy" }, { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": { "Fn::GetAtt": [ "SNSRole", "Arn" ] } } ] }, "PolicyName": "chedar678aa9d9_sns_pass_role_policy" } ], "RoleName": { "Fn::If": [ "ShouldNotCreateEnvResources", "chedar678aa9d9_totp_lambda_role", { "Fn::Join": [ "", [ "chedar678aa9d9_totp_lambda_role-", { "Ref": "env" } ] ] } ] } }, "DependsOn": [ "SNSRole" ] }, "MFALambda": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "ZipFile": "const response = require('cfn-response');\nconst { CognitoIdentityProviderClient, SetUserPoolMfaConfigCommand } = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n // Don't return promise, response.send() marks context as done internally\n void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n try {\n await handleEvent(event);\n response.send(event, context, response.SUCCESS, {});\n } catch (e) {\n response.send(event, context, response.FAILED, { e });\n }\n}\n\nasync function handleEvent(event) {\n if (event.RequestType === 'Update' || event.RequestType === 'Create') {\n const totpParams = {\n UserPoolId: event.ResourceProperties.userPoolId,\n MfaConfiguration: event.ResourceProperties.mfaConfiguration,\n SmsMfaConfiguration: {\n SmsAuthenticationMessage: event.ResourceProperties.smsAuthenticationMessage,\n SmsConfiguration: {\n SnsCallerArn: event.ResourceProperties.smsConfigCaller,\n ExternalId: event.ResourceProperties.smsConfigExternalId,\n },\n },\n SoftwareTokenMfaConfiguration: { Enabled: event.ResourceProperties.totpEnabled.toLowerCase() === 'true' },\n };\n console.log(totpParams);\n\n await identity.send(new SetUserPoolMfaConfigCommand(totpParams));\n }\n}\n" }, "Role": { "Fn::GetAtt": [ "MFALambdaRole", "Arn" ] }, "Handler": "index.handler", "Runtime": "nodejs18.x", "Timeout": 300 }, "DependsOn": [ "MFALambdaRole" ] }, "MFALambdaPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-idp:SetUserPoolMfaConfig" ], "Resource": { "Fn::GetAtt": [ "UserPool", "Arn" ] } } ] }, "PolicyName": "chedar678aa9d9_totp_lambda_iam_policy", "Roles": [ { "Fn::If": [ "ShouldNotCreateEnvResources", "chedar678aa9d9_totp_lambda_role", { "Fn::Join": [ "", [ "chedar678aa9d9_totp_lambda_role-", { "Ref": "env" } ] ] } ] } ] }, "DependsOn": [ "MFALambda" ] }, "MFALogPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": { "Fn::Sub": [ "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*", { "region": { "Ref": "AWS::Region" }, "account": { "Ref": "AWS::AccountId" }, "lambda": { "Ref": "MFALambda" } } ] } } ] }, "PolicyName": "chedar678aa9d9_totp_lambda_log_policy", "Roles": [ { "Fn::If": [ "ShouldNotCreateEnvResources", "chedar678aa9d9_totp_lambda_role", { "Fn::Join": [ "", [ "chedar678aa9d9_totp_lambda_role-", { "Ref": "env" } ] ] } ] } ] }, "DependsOn": [ "MFALambdaPolicy" ] }, "MFALambdaInputs": { "Type": "Custom::LambdaCallout", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "MFALambda", "Arn" ] }, "mfaConfiguration": { "Ref": "mfaConfiguration" }, "totpEnabled": true, "smsConfigCaller": { "Fn::GetAtt": [ "SNSRole", "Arn" ] }, "smsAuthenticationMessage": { "Ref": "smsAuthenticationMessage" }, "smsConfigExternalId": "chedar678aa9d9_role_external_id", "userPoolId": { "Ref": "UserPool" } }, "DependsOn": [ "MFALogPolicy" ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, "IdentityPool": { "Type": "AWS::Cognito::IdentityPool", "Properties": { "AllowUnauthenticatedIdentities": { "Ref": "allowUnauthenticatedIdentities" }, "CognitoIdentityProviders": [ { "ClientId": { "Ref": "UserPoolClient" }, "ProviderName": { "Fn::Sub": [ "cognito-idp.${region}.amazonaws.com/${client}", { "region": { "Ref": "AWS::Region" }, "client": { "Ref": "UserPool" } } ] } }, { "ClientId": { "Ref": "UserPoolClientWeb" }, "ProviderName": { "Fn::Sub": [ "cognito-idp.${region}.amazonaws.com/${client}", { "region": { "Ref": "AWS::Region" }, "client": { "Ref": "UserPool" } } ] } } ], "IdentityPoolName": { "Fn::If": [ "ShouldNotCreateEnvResources", "chedarv2678aa9d9_identitypool_678aa9d9", { "Fn::Join": [ "", [ "chedarv2678aa9d9_identitypool_678aa9d9__", { "Ref": "env" } ] ] } ] } } }, "IdentityPoolRoleMap": { "Type": "AWS::Cognito::IdentityPoolRoleAttachment", "Properties": { "IdentityPoolId": { "Ref": "IdentityPool" }, "RoleMappings": { "UserPoolClientRoleMapping": { "AmbiguousRoleResolution": "AuthenticatedRole", "IdentityProvider": { "Fn::Sub": [ "cognito-idp.${region}.amazonaws.com/${userPool}:${client}", { "region": { "Ref": "AWS::Region" }, "userPool": { "Ref": "UserPool" }, "client": { "Ref": "UserPoolClient" } } ] }, "Type": "Token" }, "UserPoolWebClientRoleMapping": { "AmbiguousRoleResolution": "AuthenticatedRole", "IdentityProvider": { "Fn::Sub": [ "cognito-idp.${region}.amazonaws.com/${userPool}:${webClient}", { "region": { "Ref": "AWS::Region" }, "userPool": { "Ref": "UserPool" }, "webClient": { "Ref": "UserPoolClientWeb" } } ] }, "Type": "Token" } }, "Roles": { "unauthenticated": { "Ref": "unauthRoleArn" }, "authenticated": { "Ref": "authRoleArn" } } }, "DependsOn": [ "IdentityPool", "UserPoolClient", "UserPoolClientWeb" ] } }, "Outputs": { "IdentityPoolId": { "Description": "Id for the identity pool", "Value": { "Ref": "IdentityPool" } }, "IdentityPoolName": { "Value": { "Fn::GetAtt": [ "IdentityPool", "Name" ] } }, "UserPoolId": { "Description": "Id for the user pool", "Value": { "Ref": "UserPool" } }, "UserPoolArn": { "Description": "Arn for the user pool", "Value": { "Fn::GetAtt": [ "UserPool", "Arn" ] } }, "UserPoolName": { "Value": { "Ref": "userPoolName" } }, "AppClientIDWeb": { "Description": "The user pool app client id for web", "Value": { "Ref": "UserPoolClientWeb" } }, "AppClientID": { "Description": "The user pool app client id", "Value": { "Ref": "UserPoolClient" } }, "CreatedSNSRole": { "Description": "role arn", "Value": { "Fn::GetAtt": [ "SNSRole", "Arn" ] } } } }
Before submitting, please confirm:
  • I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
  • I have removed any sensitive information from my code snippets and submission.
@DevTGhosh DevTGhosh added the pending-triage Issue is pending triage label May 16, 2024
@ykethan
Copy link
Contributor

ykethan commented May 23, 2024

Hey @DevTGhosh, thank you for reaching out. From the project identifier noticed the the cli.json present in the amplify folder sees to be missing some feature flags. Were these intentionally removed?

{
  "features": {
    "graphqltransformer": {
      "addmissingownerfields": true,
      "improvepluralization": false,
      "validatetypenamereservedwords": true,
      "useexperimentalpipelinedtransformer": true,
      "enableiterativegsiupdates": true,
      "secondarykeyasgsi": true,
      "skipoverridemutationinputtypes": true,
      "transformerversion": 2,
      "suppressschemamigrationprompt": true,
      "securityenhancementnotification": false,
      "showfieldauthnotification": false,
      "usesubusernamefordefaultidentityclaim": true,
      "usefieldnameforprimarykeyconnectionfield": false,
      "enableautoindexquerynames": true,
      "respectprimarykeyattributesonconnectionfield": true,
      "shoulddeepmergedirectiveconfigdefaults": false,
      "populateownerfieldforstaticgroupauth": true
    },
    "frontend-ios": {
      "enablexcodeintegration": true
    },
    "auth": {
      "enablecaseinsensitivity": true,
      "useinclusiveterminology": true,
      "breakcirculardependency": true,
      "forcealiasattributes": false,
      "useenabledmfas": true
    },
    "codegen": {
      "useappsyncmodelgenplugin": true,
      "usedocsgeneratorplugin": true,
      "usetypesgeneratorplugin": true,
      "cleangeneratedmodelsdirectory": true,
      "retaincasestyle": true,
      "addtimestampfields": true,
      "handlelistnullabilitytransparently": true,
      "emitauthprovider": true,
      "generateindexrules": true,
      "enabledartnullsafety": true,
      "generatemodelsforlazyloadandcustomselectionset": false
    },
    "appsync": {
      "generategraphqlpermissions": true
    },
    "latestregionsupport": {
      "pinpoint": 1,
      "translate": 1,
      "transcribe": 1,
      "rekognition": 1,
      "textract": 1,
      "comprehend": 1
    },
    "project": {
      "overrides": true
    }
  },
  "debug": {}
}

the feature flag useenabledmfas when set as false does add a MFALambdaRole. setting the flag to true and running through the update auth flow should remove the role from the cloudformation template.

@ykethan ykethan added auth Issues tied to the auth category of the CLI pending-response Issue is pending response from the issue author labels May 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Issues tied to the auth category of the CLI pending-response Issue is pending response from the issue author pending-triage Issue is pending triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DevTGhosh @ykethan