Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lambda function additional access permissions to authgroups and auth throws error #11664

Open
2 tasks done
ykethan opened this issue Dec 27, 2022 · 7 comments
Open
2 tasks done

Lambda function additional access permissions to authgroups and auth throws error #11664

ykethan opened this issue Dec 27, 2022 · 7 comments
Labels
auth Issues tied to the auth category of the CLI bug Something isn't working functions Issues tied to the functions category good first issue Good for newcomers p2

Comments

@ykethan
Copy link
Member

ykethan commented Dec 27, 2022
edited
Loading

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

10.5.2

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

no

Describe the bug

related to #11260

Creating a Lambda function and providing additional access permissions to auth and auth groups throws the following error:

Could not get policies for auth: userPoolGroups
Policies cannot be added for auth
TypeError: Cannot destructure property 'serviceWalkthroughFilename' of 'getSupportedServices(...)[service]' as it is undefined.

Full stack error in 10.5.2

? Select the categories you want this function to have access to. auth
? Auth has 2 resources in this project. Select the one you would like your Lambda to access test9b389920, userPoolGroups
? Select the operations you want to permit on test9b389920 create, read, update, delete
? Select the operations you want to permit on userPoolGroups create, read, update, delete
Could not get policies for auth: userPoolGroups
Policies cannot be added for auth
TypeError: Cannot destructure property 'serviceWalkthroughFilename' of 'getSupportedServices(...)[service]' as it is undefined.
    at Object.getPermissionPolicies (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/provider-utils/awscloudformation/index.js:359:13)
    at /snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:319:67
    at Array.forEach (<anonymous>)
    at getPermissionPolicies (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-auth/lib/index.js:314:37)
    at AmplifyToolkit.invokePluginMethod [as _invokePluginMethod] (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/extensions/amplify-helpers/invoke-plugin-method.js:39:12)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async getResourcesForCfn (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:183:56)
    at async askExecRolePermissionsQuestions (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:113:66)
    at async Object.createWalkthrough (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/lambda-walkthrough.js:53:83)
    at async addFunctionResource (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/index.js:78:9)
    at async Object.executeAmplifyCommand (/snapshot/repo/build/node_modules/amplify-category-function/lib/index.js:267:5)
    at async executePluginModuleCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:142:5)
    at async executeCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:40:9)
    at async Object.run (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/index.js:153:5)

Stack error in 11.0.0-beta.3

Could not get policies for auth: userPoolGroups
PluginPolicyAddError: Policies cannot be added for auth
    at askExecRolePermissionsQuestions (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:129:23)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async Object.createWalkthrough (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/lambda-walkthrough.js:53:83)
    at async addFunctionResource (/snapshot/repo/build/node_modules/amplify-category-function/lib/provider-utils/awscloudformation/index.js:78:9)
    at async Object.executeAmplifyCommand (/snapshot/repo/build/node_modules/amplify-category-function/lib/index.js:268:5)
    at async executePluginModuleCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:142:5)
    at async executeCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:40:9)
    at async Object.run (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/index.js:119:5)
There was an error adding the function resource

additionally, observed that in 10.5.2 the command line moves to the next steps. In 11.0.0.beta.3 it fails and ends the prompt.

Expected behavior

provide access permissions.

Reproduction steps

  1. create auth resource and user pool groups
  2. create a lambda function and select additional permissions with the following prompts
? Select the categories you want this function to have access to. auth
? Auth has 2 resources in this project. Select the one you would like your Lambda to access <auth_resource_name>, userPoolGroups
? Select the operations you want to permit on <auth_resource_name> create, read, update, delete
? Select the operations you want to permit on userPoolGroups create, read, update, delete

Project Identifier

8afb68f0e5003cc86406734346d70352

Log output

# Put your logs below this line

Additional information

No response

Before submitting, please confirm:

  • I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
  • I have removed any sensitive information from my code snippets and submission.
@ykethan ykethan added pending-triage Issue is pending triage functions Issues tied to the functions category auth Issues tied to the auth category of the CLI bug Something isn't working and removed pending-triage Issue is pending triage labels Dec 27, 2022
@ykethan ykethan mentioned this issue Dec 27, 2022
Closed
5 tasks
@josefaidt josefaidt added the p2 label Jan 3, 2023
@pridapablo
Copy link

How did you install the Amplify CLI?
npm

If applicable, what version of Node.js are you using?
No response

Amplify CLI Version
node -v
v18.16.0

What operating system are you using?
macOS 13.4 (22F66)

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
no

Describe the bug:
I'm having the same issue as @ykethan when attempting to add update cognito groups permissions in my lambda.

? Select the Lambda function you want to update signUp
General information
- Name: signUp
- Runtime: nodejs

Resource access permission
- api (Mutation)

Scheduled recurring invocation
- Not configured

Lambda layers
- Not configured

Environment variables:
- Not configured

Secrets configuration
- Not configured

? Which setting do you want to update? Resource access permissions
? Select the categories you want this function to have access to. api, auth
? Select the operations you want to permit on api Mutation
? Auth has 2 resources in this project. Select the one you would like your Lambda to access userPoolGroups
? Select the operations you want to permit on userPoolGroups update

Could not get policies for auth: userPoolGroups
PluginPolicyAddError: Policies cannot be added for auth
    at askExecRolePermissionsQuestions (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:148:23)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Object.updateWalkthrough (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/lambda-walkthrough.js:197:38)
    at async updateFunctionResource (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/index.js:158:22)
    at async Object.executeAmplifyCommand (/snapshot/repo/build/node_modules/@aws-amplify/amplify-category-function/lib/index.js:277:5)
    at async executePluginModuleCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:135:5)
    at async executeCommand (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:33:9)
    at async Object.run (/snapshot/repo/build/node_modules/@aws-amplify/cli-internal/lib/index.js:117:5)
There was an error adding the function resource```

Project Identifier: 85566697d07d4a2848190386e0d6007f

@ZalgirisKaunas
Copy link

any updates?

@YazidHamdi
Copy link

Also encountering this

@josefaidt josefaidt added the good first issue Good for newcomers label Aug 29, 2023
@armenr
Copy link

armenr commented Nov 30, 2023

We've hit this too - there's no explanation for why.

And I'm amazed there's not even the semblance of a reply to it... :-\

@LoveriusB
Copy link

Those issues that stay unanswered for years are starting to make me wonder if amplify really is worth the trouble

@tbelser
Copy link

tbelser commented May 31, 2024

Bueller .... Bueller ....

@charlieforward9
Copy link

charlieforward9 commented Jan 27, 2025
edited
Loading 

? Which setting do you want to update? Resource access permissions
? Select the categories you want this function to have access to. auth
? Auth has 2 resources in this project. Select the one you would like your Lambda to acce
ss agroview979b3ebf, userPoolGroups
? Select the operations you want to permit on agroview979b3ebf create, read, update, dele
te
? Select the operations you want to permit on userPoolGroups create, read, update, delete


Could not get policies for auth: userPoolGroups
PluginPolicyAddError: Policies cannot be added for auth
    at askExecRolePermissionsQuestions (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/execPermissionsWalkthrough.js:148:23)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Object.updateWalkthrough (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/service-walkthroughs/lambda-walkthrough.js:200:38)
    at async updateFunctionResource (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-function/lib/provider-utils/awscloudformation/index.js:158:22)
    at async Object.executeAmplifyCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/amplify-category-function/lib/index.js:277:5)
    at async executePluginModuleCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:139:5)
    at async executeCommand (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/execution-manager.js:37:9)
    at async Object.run (/snapshot/amplify-cli/build/node_modules/@aws-amplify/cli-internal/lib/index.js:121:5)

Attempting to add authgroup permissions to an existing lambda...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Issues tied to the auth category of the CLI bug Something isn't working functions Issues tied to the functions category good first issue Good for newcomers p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@josefaidt @armenr @YazidHamdi @ZalgirisKaunas @charlieforward9 @LoveriusB @ykethan @pridapablo @tbelser