Reputation: 163
AWS Amplify SNSRole error when trying to do an amplify push
My company has a Amplify project with 2 different environments (prod, dev) with Cognito and some lambdas and apis. Everything was working fine until I tried to do an amplify pushcommand to update one lambda function.
Here is the error from CloudFormation on AWS dashboard:
Invalid principal in policy: "SERVICE":"cognito-.amazonaws.com" (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 169462d5-58fb-40af-9c2d-69178442ecd6)
And here's the error from the amplify push output:
UPDATE_FAILED SNSRole
AWS::IAM::Role Thu Jan 30 2020 13:46:08 GMT-0200 (Brasilia Summer Time) Invalid principal in policy: "SERVICE":"cognito-.amazonaws.com" (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 56f492a2-c40e-4827-8c53-07cdf44bc780)
As you can see, theres is an error with the cloud formation file of the Cognito, but there's the current SNSRole configuration:
# BEGIN SNS ROLE RESOURCE
SNSRole:
# Created to allow the UserPool SMS Config to publish via the Simple Notification Service during MFA Process
Type: AWS::IAM::Role
Properties:
RoleName: !Ref roleName
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: ""
Effect: "Allow"
Principal:
Service: "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Condition:
StringEquals:
sts:ExternalId: !Ref roleExternalId
Policies:
-
PolicyName: !Ref policyName
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "sns:Publish"
Resource: "*"
Upvotes: 0
Views: 530
Answers (1)
Reputation: 91
Did you check the content of the S3 bucket that manages your environment? We had a similar problem, and we discovered that although our local SNSRole Configuration was right, the CloudFormation template file of the S3 bucket was old and still had the 'cognito-.amazon...' issue.
Try to change correct this locally, then push to the cloud, and it'll overwrite the remote CloudFormation template file with the correct one.
Hopefully it works out!
Upvotes: 1
Related Questions
- AWS Amplify Unauthorized Error - Not Authorized to access [...] on type [...]
- AWS Amplify Access Denied when Pushing to Cloud
- An error occurred during the push operation: Resource is not in the state stackUpdateComplete
- Amplify error on push after latest update to CLI
- Amplify publish causes AccessDenied error
- `amplify push` failing - Attribute: StreamArn was not found for resource
- AWS Amplify SDK fail on amplify push ([unauthRoleName, authRoleName] missing)
- AWS Amplify CLI: An error occurred when pushing the resources to the cloud
- amplify push yields "The AWS Access Key Id you provided does not exist in our records."
- OptInRequired Error when trying to init AWS Amplify