MFALambdaInputs keeps getting stuck

[gusmd01]

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

node16

Amplify CLI Version

12.10.1

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No manual changes made

Describe the bug

I have added a new ENV to the existing Amplify app, which has auth. While creating the resources for this new env, cloudformation keeps getting stuck at "MFALambdaInputs". I checked the logs for MFALambda, and found the following error -

{
    "errorType": "Runtime.ImportModuleError",
    "errorMessage": "Error: Cannot find module '@aws-sdk/client-cognito-identity-provider'\nRequire stack:\n- /var/task/index.js\n- /var/runtime/index.mjs",
    "stack": [
        "Runtime.ImportModuleError: Error: Cannot find module '@aws-sdk/client-cognito-identity-provider'",
        "Require stack:",
        "- /var/task/index.js",
        "- /var/runtime/index.mjs",
        "    at _loadUserApp (file:///var/runtime/index.mjs:1087:17)",
        "    at async Object.UserFunction.js.module.exports.load (file:///var/runtime/index.mjs:1119:21)",
        "    at async start (file:///var/runtime/index.mjs:1282:23)",
        "    at async file:///var/runtime/index.mjs:1288:1"
    ]
}

I have also run "amplify update auth", but doesn't fix the issue. Another point to note is that I am overriding the node version for this lambda, since Node 14 support is no longer available.

Override code -

import { AmplifyAuthCognitoStackTemplate, AmplifyProjectInfo } from '@aws-amplify/cli-extensibility-helper';

export function override(resources: AmplifyAuthCognitoStackTemplate, amplifyProjectInfo: AmplifyProjectInfo) {
    if(resources.userPoolClientLambda)
        resources.userPoolClientLambda.runtime = 'nodejs16.x';
    if(resources.mfaLambda)
        resources.mfaLambda.runtime = 'nodejs16.x';
}

Expected behavior

New env creation should happen without any issues.

Reproduction steps

1. Create a new Amplify project
2. Add auth
3. Add override as mentioned above
4. Amplify push

Project Identifier

c9d297d589ce09db4f602aab2288ba1d

Log output

# Put your logs below this line

Additional information

No response

Before submitting, please confirm:

• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• I have removed any sensitive information from my code snippets and submission.

[ykethan]

Hey @gusmd01, thank you for reaching out. From the project identifier provided the logs provided the push failed with an error message.

snsa3b1d67f235312-pafcone already exists in stack arn:aws:cloudformation:eu-west-1:***:stack/amplify-phokusuitest-pafcone-235312-authphokusuitesta3b1d67f-JPLOSN5ZJT2T/384156c0-cf55-11ee-98a7-0ae5187fcdf9

Do observe the error in the auth CloudFormation stack on AWS CloudFormation console events?
was the auth resource recently migrated?
additionally, noticed the auth resource did not have MFA enabled did the error occur after enabling the MFA on amplify update auth?

Additionally, from the Cannot find module '@aws-sdk/client-cognito-identity-provider' error it appears the function utilizes AWS SDK V3 for javascript which is currently supported by default on Node 18 runtime on Lambda function. Could you remove the override, run amplify build and run amplify push --debug.

[gusmd01]

@ykethan Thanks for replying. I did get this error snsa3b1d67f235312-pafcone already exists initially, but was able to resolve by deleting the env and creating it again. Please mind that snsa3b1d67f235312-pafcone - this role actually didn't exist in the account, but still got the error.

For the auth error, yes I did get the error after amplify update auth and enabling MFA. I have disabled MFA in the cli-inputs and pushed to get the env creation successful. But I want to understand why the MFALambda code uses Node18 code when I am enforcing a Node16 build? Although I did get Cannot find module aws-sdk error when I had tried to override with Node18.

[ykethan]

@gusmd01 Amplify CLI ties the Lambda function in the auth CFN template to a specific node version. To upgrade the NodeJS runtime version, the expected behavior is to upgrade the Amplify CLI version and run amplify update auth.

Although I did get Cannot find module aws-sdk error when I had tried to override with Node18.

was this on a older version of Amplify CLI?
Could you check the auth CloudFormation template to verify if the embedded Lambda imports AWS SDK v3 with the NodeJs 18 or the AWS SDK v2 with NodeJS 16 by checking the AWS SDK imports.

[ykethan]

Closing the issue due to inactivity. Do reach out to us if you require any assistance.

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.