Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
amplify push fails after adding new function
See original GitHub issueDescribe the bug
After running amplify add function ,and adding permissions for auth and api, when I run amplify push I get the following error:
Resource Name: CustomLambdaFunction-sfm2sj7uxzeinds73omh5lu4ci (AWS::IAM::Role)
Event Type: create
Reason: Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 3fcf3bf7-0d51-4b4b-b9e4-99830f4c9a08)
Here’s the Cloudformation file:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Lambda Function resource stack creation using Amplify CLI",
"Parameters": {
"CloudWatchRule": {
"Type": "String",
"Default": "NONE",
"Description": " Schedule Expression"
},
"env": {
"Type": "String"
},
"authmyAppAuthUserPoolId": {
"Type": "String",
"Default": "authmyAppAuthUserPoolId"
},
"apimyAppGraphQLAPIIdOutput": {
"Type": "String",
"Default": "apimyAppGraphQLAPIIdOutput"
},
"apimyAppGraphQLAPIEndpointOutput": {
"Type": "String",
"Default": "apimyAppGraphQLAPIEndpointOutput"
}
},
"Conditions": {
"ShouldNotCreateEnvResources": {
"Fn::Equals": [
{
"Ref": "env"
},
"NONE"
]
}
},
"Resources": {
"LambdaFunction": {
"Type": "AWS::Lambda::Function",
"Metadata": {
"aws:asset:path": "./src",
"aws:asset:property": "Code"
},
"Properties": {
"Handler": "index.handler",
"FunctionName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"CustomLambdaFunctionCustom",
{
"Fn::Join": [
"",
[
"CustomLambdaFunctionCustom",
"-",
{
"Ref": "env"
}
]
]
}
]
},
"Environment": {
"Variables": {
"ENV": {
"Ref": "env"
},
"REGION": {
"Ref": "AWS::Region"
},
"AUTH_myAppAUTH_USERPOOLID": {
"Ref": "authmyAppAuthUserPoolId"
},
"API_myApp_GRAPHQLAPIIDOUTPUT": {
"Ref": "apimyAppGraphQLAPIIdOutput"
},
"API_myApp_GRAPHQLAPIENDPOINTOUTPUT": {
"Ref": "apimyAppGraphQLAPIEndpointOutput"
}
}
},
"Role": {
"Fn::GetAtt": [
"LambdaExecutionRole",
"Arn"
]
},
"Runtime": "nodejs12.x",
"Layers": [],
"Timeout": "25",
"Code": {
"S3Bucket": "amplify-myApp-stag-131810-deployment",
"S3Key": "amplify-builds/CustomLambdaFunctionCustom-366e7661746c6d325765-build.zip"
}
}
},
"LambdaExecutionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Fn::If": [
"ShouldNotCreateEnvResources",
"myAppLambdaRole1064e612",
{
"Fn::Join": [
"",
[
"myAppLambdaRole1064e612",
"-",
{
"Ref": "env"
}
]
]
}
]
},
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"lambda.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
}
},
"lambdaexecutionpolicy": {
"DependsOn": [
"LambdaExecutionRole"
],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "lambda-execution-policy",
"Roles": [
{
"Ref": "LambdaExecutionRole"
}
],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": {
"Fn::Sub": [
"arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
{
"region": {
"Ref": "AWS::Region"
},
"account": {
"Ref": "AWS::AccountId"
},
"lambda": {
"Ref": "LambdaFunction"
}
}
]
}
}
]
}
}
},
"AmplifyResourcesPolicy": {
"DependsOn": [
"LambdaExecutionRole"
],
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "amplify-lambda-execution-policy",
"Roles": [
{
"Ref": "LambdaExecutionRole"
}
],
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-idp:ConfirmSignUp",
"cognito-idp:AdminCreateUser",
"cognito-idp:CreateUserImportJob",
"cognito-idp:AdminSetUserSettings",
"cognito-idp:AdminLinkProviderForUser",
"cognito-idp:CreateIdentityProvider",
"cognito-idp:AdminConfirmSignUp",
"cognito-idp:AdminDisableUser",
"cognito-idp:AdminRemoveUserFromGroup",
"cognito-idp:SetUserMFAPreference",
"cognito-idp:SetUICustomization",
"cognito-idp:SignUp",
"cognito-idp:VerifyUserAttribute",
"cognito-idp:SetRiskConfiguration",
"cognito-idp:StartUserImportJob",
"cognito-idp:AdminSetUserPassword",
"cognito-idp:AssociateSoftwareToken",
"cognito-idp:CreateResourceServer",
"cognito-idp:RespondToAuthChallenge",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:AdminUserGlobalSignOut",
"cognito-idp:GlobalSignOut",
"cognito-idp:AddCustomAttributes",
"cognito-idp:CreateGroup",
"cognito-idp:CreateUserPool",
"cognito-idp:AdminForgetDevice",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminRespondToAuthChallenge",
"cognito-idp:ForgetDevice",
"cognito-idp:CreateUserPoolDomain",
"cognito-idp:AdminEnableUser",
"cognito-idp:AdminUpdateDeviceStatus",
"cognito-idp:StopUserImportJob",
"cognito-idp:InitiateAuth",
"cognito-idp:AdminInitiateAuth",
"cognito-idp:AdminSetUserMFAPreference",
"cognito-idp:ConfirmForgotPassword",
"cognito-idp:SetUserSettings",
"cognito-idp:VerifySoftwareToken",
"cognito-idp:AdminDisableProviderForUser",
"cognito-idp:SetUserPoolMfaConfig",
"cognito-idp:ChangePassword",
"cognito-idp:ConfirmDevice",
"cognito-idp:AdminResetUserPassword",
"cognito-idp:ResendConfirmationCode",
"cognito-identity:Describe*",
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-idp:Describe*",
"cognito-idp:AdminGetDevice",
"cognito-idp:AdminGetUser",
"cognito-idp:AdminList*",
"cognito-idp:List*",
"cognito-sync:Describe*",
"cognito-sync:Get*",
"cognito-sync:List*",
"iam:ListOpenIdConnectProviders",
"iam:ListRoles",
"sns:ListPlatformApplications",
"cognito-idp:ForgotPassword",
"cognito-idp:UpdateAuthEventFeedback",
"cognito-idp:UpdateResourceServer",
"cognito-idp:UpdateUserPoolClient",
"cognito-idp:AdminUpdateUserAttributes",
"cognito-idp:UpdateUserAttributes",
"cognito-idp:UpdateUserPoolDomain",
"cognito-idp:UpdateIdentityProvider",
"cognito-idp:UpdateGroup",
"cognito-idp:AdminUpdateAuthEventFeedback",
"cognito-idp:UpdateDeviceStatus",
"cognito-idp:UpdateUserPool",
"cognito-idp:DeleteUserPoolDomain",
"cognito-idp:DeleteResourceServer",
"cognito-idp:DeleteGroup",
"cognito-idp:AdminDeleteUserAttributes",
"cognito-idp:DeleteUserPoolClient",
"cognito-idp:DeleteUserAttributes",
"cognito-idp:DeleteUserPool",
"cognito-idp:AdminDeleteUser",
"cognito-idp:DeleteIdentityProvider",
"cognito-idp:DeleteUser"
],
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:cognito-idp:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":userpool/",
{
"Ref": "authmyAppAuthUserPoolId"
}
]
]
}
]
},
{
"Effect": "Allow",
"Action": [
"appsync:Create*",
"appsync:StartSchemaCreation",
"appsync:GraphQL",
"appsync:Get*",
"appsync:List*",
"appsync:Update*",
"appsync:Delete*"
],
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:appsync:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":apis/",
{
"Ref": "apimyAppGraphQLAPIIdOutput"
},
"/*"
]
]
}
]
}
]
}
}
}
},
"Outputs": {
"Name": {
"Value": {
"Ref": "LambdaFunction"
}
},
"Arn": {
"Value": {
"Fn::GetAtt": [
"LambdaFunction",
"Arn"
]
}
},
"Region": {
"Value": {
"Ref": "AWS::Region"
}
},
"LambdaExecutionRole": {
"Value": {
"Ref": "LambdaExecutionRole"
}
}
}
}
Amplify CLI Version 4.24.0
To Reproduce See Describe the bug
Expected behavior Being able to add the function, and push.
Desktop (please complete the following information):
- OS : Mac
- Node Version. 10.16.0
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (2 by maintainers)
Top Results From Across the Web
amplify push fails after adding new function #1577 - GitHub
Hello! Describe the bug. After adding two new functions using: "amplify add function", subsequent amplify push produces an error:.
Read more >Project-level configurations - Troubleshooting guide
Scenario 1: "amplify push" fails after manually updating DynamoDB tables and GSIs from the console. Assume you have an application with a GraphQL...
Read more >"amplify push function" error: Resource is not in the state ...
I've tried amplify remove function followed by amplify add function without significant result. The error log file doesn't really help either: { "message":...
Read more >Troubleshoot CloudFormation stack issues in AWS Amplify
1. Open the Amplify console. 2. Choose the Backend environments tab. Then choose your application's backend environment. 3. Choose the Overview ...
Read more >If you use Amplify and Git branches, you are going to have a ...
After you created a backend environment dev and deployed it, Amplify ... You then add the new lambda called bar and push it...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hey,
I have exactly the same problem with v4.26.0. I already had one function. And I added an other one. (so far all good.) After that I added some access with amplify function update to the old function so it can invoke the new function.
Previously I had this for the old function with some S3 and DynamoDB access already:
backend-config.json:
After adding the new access:
The error message I received was this: Resource storageccdbuploadsArn must be in ARN format or “*”. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument;
It looks like it removed the ccdbuploads resource. So I thought I add it back. Added it back but the same problem.
After checked the Resource configuration in the cloudformation template of the old function, I can see it added the policy here:
So I decided and added the exact ARN to Resource just to try it out but still the same issue.
Here is the mentioned lambdaexecutionpolicy:
Any help would be appreciated.
z
I’m having the same issue with 4.29.1
Here’s the amplify command I ran
Here’s the CloudFormation issue after
amplify push