Amplify-cli: Template error: instance of Fn::GetAtt references undefined resource authcognito... when creating GraphQL API

@hagiosofori - When this occurred had you already created an auth resource for the project with a userpool?

@haverchuck nope... I initially created the API with the API key as authorization type... now I want to change it to the User Pool authorization type, and I'm encountering this..

@hagiosofori ok thanks - we will investigate.

@hagiosofori - Is there any additional output in the Cloudformation console's Events pane (in either the project's parent stack, the api stack, or the auth stack)?

this is what I see on the Events pane..

anything noteworthy?

@hagiosofori - thanks - that looks like the api stack. Looks good as far as I can see. Is there anything in the auth stack?

@haverchuck any help finding the auth stack? I did a little searching in the console, didn't see anything that looked like it..

@hagiosofori - based on the steps you describe taking, the auth stack should be created at approxmiately same time as your api stack (within minutes of it). It will be similiarly named but will contain the string 'authcognito'. If you aren't seeing an auth stack, well... that would certinaly explain the error you're seeing. It could be that you are hitting some of sort of resource limit issue on your account.

Can you try looking for errors in the parent stack (i.e. the one that is not tagged with the 'nested' label)?

This suffices..?

@hagiosofori - It looks like the Auth stack isn’t being created. In your project directory, please check ./amplify/backend. Do you see an auth directory in there?

Also- when you see selected Cognito User Pool during the api creation process, how did you answer the subsequent questions?

@haverchuck there's a cognito94... folder under the backend subfolder in amplify, my project directory.

regarding my choices after selecting Cognito User Pool, :

@hagiosofori We are working on this, please stay tuned.

I have this problem also. In my case I'm trying to delete the auth. Is there a workaround to clear this pending auth deletion and get back to being able to push?

Just restart using Amplify CLI and hit this error. What's the work around to get the auth push?

Are you doing an ‘amplify push’ or ‘amplify api push’? This error happens if you haven’t pushed/pushing auth when pushing API.

@kaustavghosh06 it’s a clean project so amplify init then amplify api add and then amplify api push. When you amplify api add, part of the questions is to setup cognito. Never realise can not just use amplify api push. what’s the use of amplify api push?

@jaxondu amplify api push would only create an API if you don't want to deploy any other added services.

Quick question - Are you using windows? as a workaround for windows, can you execute amplify auth push followed by amplify api push and let me know if that fixes the issue?

@kaustavghosh06 so using cognito user pool is added service? What other added services are there?

So is this a bug or I’m not using CLI the right way? Is it possible to display instructions to run amplify push rather than showing the error message?

I use Mac.

@jaxondu I've seen this issue pop up for windows, but if you're using Mac it shouldn't be an issue.
Can you do an amplify status and check what services are added to your project?

@kaustavghosh06 It listed api and auth. As I told you it’s a clean project with just amplify init and api add. You can replicate the error by creating a test project.

Refer to this page https://github.com/aws-amplify/amplify-cli/blob/master/graphql-transform-tutorial.md

“There is currently a bug with the user pool creation. To make this work you need to have your own user pool and then pass the id via a CloudFormation parameter. The Amplify CLI user pool with the default setting doesn't work (a fix is in the works).”

May I know if it’s related at all?

@jaxondu No, that comment is wrong and we'll remove it.
I was able to successfully add an api (with cognito) for a new project using v 0.1.27 of the CLI. Below is the flow and the stacktrace. Did you do anything differently from me?

f45c89966b0d:test89 kaustavg$ amplify init
Note: It is recommended to run this command from the root of your app directory
? Choose your default editor: Sublime Text
? Choose the type of app that you're building javascript
Please tell us about your project
? What javascript framework are you using none
? Source Directory Path:  src
? Distribution Directory Path: dist
? Build Command:  npm run-script build
? Start Command: npm run-script start
Using default provider awscloudformation

For more information on AWS Profiles, see:
https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html

? Do you want to use an AWS profile? Yes
? Please choose the profile you want to use default
⠼ Initializing project in the cloud...

CREATE_IN_PROGRESS test89-20181017133900 AWS::CloudFormation::Stack Wed Oct 17 2018 13:39:00 GMT-0700 (PDT) User Initiated
⠦ Initializing project in the cloud...

CREATE_IN_PROGRESS AuthRole   AWS::IAM::Role Wed Oct 17 2018 13:39:28 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UnauthRole AWS::IAM::Role Wed Oct 17 2018 13:39:28 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UnauthRole AWS::IAM::Role Wed Oct 17 2018 13:39:29 GMT-0700 (PDT) Resource creation Initiated
CREATE_IN_PROGRESS AuthRole   AWS::IAM::Role Wed Oct 17 2018 13:39:29 GMT-0700 (PDT) Resource creation Initiated
⠋ Initializing project in the cloud...

CREATE_IN_PROGRESS DeploymentBucket AWS::S3::Bucket Wed Oct 17 2018 13:39:35 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS DeploymentBucket AWS::S3::Bucket Wed Oct 17 2018 13:39:36 GMT-0700 (PDT) Resource creation Initiated
⠇ Initializing project in the cloud...

CREATE_COMPLETE DeploymentBucket AWS::S3::Bucket Wed Oct 17 2018 13:39:57 GMT-0700 (PDT) 
CREATE_COMPLETE UnauthRole       AWS::IAM::Role  Wed Oct 17 2018 13:39:58 GMT-0700 (PDT) 
CREATE_COMPLETE AuthRole         AWS::IAM::Role  Wed Oct 17 2018 13:39:59 GMT-0700 (PDT) 
⠧ Initializing project in the cloud...

CREATE_COMPLETE test89-20181017133900 AWS::CloudFormation::Stack Wed Oct 17 2018 13:40:09 GMT-0700 (PDT) 
✔ Successfully created initial AWS cloud resources for deployments.

Your project has been successfully initialized and connected to the cloud!

Some next steps:
"amplify status" will show you what you've added already and if it's locally configured or deployed
"amplify <category> add" will allow you to add features like user login or a backend API
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

Pro tip:
Try "amplify add api" to create a backend API and then "amplify publish" to deploy everything

f45c89966b0d:test89 kaustavg$ amplify api add
? Please select from one of the below mentioned services GraphQL
? Provide API name: test89
? Choose an authorization type for the API Amazon Cognito User Pool
Using service: Cognito, provided by: awscloudformation
 The current configured provider is Amazon Cognito. 
 Do you want to use the default authentication and security configuration? Yes, use the default configuration.
Successfully added auth resource
? Do you have an annotated GraphQL schema? No
? Do you want a guided schema creation? true
? What best describes your project: (Use arrow keys)
? What best describes your project: Single object with fields (e.g., “Todo” with ID, name, description)
? Do you want to edit the schema now? (Y/n) n
? Do you want to edit the schema now? No

GraphQL schema compiled successfully. Edit your schema at /Users/kaustavg/test89/amplify/backend/api/test89/schema.graphql
Successfully added resource test89 locally

Some next steps:
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

f45c89966b0d:test89 kaustavg$ amplify push
| Category | Resource name   | Operation | Provider plugin   |
| -------- | --------------- | --------- | ----------------- |
| Auth     | cognito8138d20c | Create    | awscloudformation |
| Api      | test89          | Create    | awscloudformation |
? Are you sure you want to continue? true

GraphQL schema compiled successfully. Edit your schema at /Users/kaustavg/test89/amplify/backend/api/test89/schema.graphql
? Do you want to generate code for your newly created GraphQL API (Y/n) y
? Do you want to generate code for your newly created GraphQL API Yes
? Choose the code generation language target (Use arrow keys)
? Choose the code generation language target javascript
? Enter the file name pattern of graphql queries, mutations and subscriptions (src/graphql/**/*.js) 
? Enter the file name pattern of graphql queries, mutations and subscriptions src/graphql/**/*.js
? Do you want to generate/update all possible GraphQL operations - queries, mutations and subscriptions (Y/n) 
? Do you want to generate/update all possible GraphQL operations - queries, mutations and subscriptions Yes
⠦ Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS test89-20181017133900 AWS::CloudFormation::Stack Wed Oct 17 2018 13:41:10 GMT-0700 (PDT) User Initiated
⠼ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS authcognito8138d20c AWS::CloudFormation::Stack Wed Oct 17 2018 13:41:20 GMT-0700 (PDT) 
⠙ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS test89-20181017133900-authcognito8138d20c-1LDDVS8KM0VMP AWS::CloudFormation::Stack Wed Oct 17 2018 13:41:21 GMT-0700 (PDT) User Initiated             
CREATE_IN_PROGRESS authcognito8138d20c                                     AWS::CloudFormation::Stack Wed Oct 17 2018 13:41:22 GMT-0700 (PDT) Resource creation Initiated
⠋ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS SNSRole AWS::IAM::Role Wed Oct 17 2018 13:41:47 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS SNSRole AWS::IAM::Role Wed Oct 17 2018 13:41:50 GMT-0700 (PDT) Resource creation Initiated
⠙ Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE SNSRole AWS::IAM::Role Wed Oct 17 2018 13:42:20 GMT-0700 (PDT) 
⠋ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS UserPool AWS::Cognito::UserPool Wed Oct 17 2018 13:42:27 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPool AWS::Cognito::UserPool Wed Oct 17 2018 13:42:31 GMT-0700 (PDT) Resource creation Initiated
⠙ Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE    UserPool          AWS::Cognito::UserPool       Wed Oct 17 2018 13:42:31 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClient    AWS::Cognito::UserPoolClient Wed Oct 17 2018 13:42:38 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClientWeb AWS::Cognito::UserPoolClient Wed Oct 17 2018 13:42:38 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClient    AWS::Cognito::UserPoolClient Wed Oct 17 2018 13:42:40 GMT-0700 (PDT) Resource creation Initiated
CREATE_COMPLETE    UserPoolClient    AWS::Cognito::UserPoolClient Wed Oct 17 2018 13:42:40 GMT-0700 (PDT)                            
⠙ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS UserPoolClientWeb  AWS::Cognito::UserPoolClient Wed Oct 17 2018 13:42:41 GMT-0700 (PDT) Resource creation Initiated
CREATE_COMPLETE    UserPoolClientWeb  AWS::Cognito::UserPoolClient Wed Oct 17 2018 13:42:41 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClientRole AWS::IAM::Role               Wed Oct 17 2018 13:42:45 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClientRole AWS::IAM::Role               Wed Oct 17 2018 13:42:49 GMT-0700 (PDT) Resource creation Initiated
⠙ Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE    UserPoolClientRole   AWS::IAM::Role        Wed Oct 17 2018 13:43:43 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClientLambda AWS::Lambda::Function Wed Oct 17 2018 13:43:49 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClientLambda AWS::Lambda::Function Wed Oct 17 2018 13:43:49 GMT-0700 (PDT) Resource creation Initiated
CREATE_COMPLETE    UserPoolClientLambda AWS::Lambda::Function Wed Oct 17 2018 13:43:49 GMT-0700 (PDT)                            
⠼ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS UserPoolClientLambdaPolicy AWS::IAM::Policy Wed Oct 17 2018 13:43:58 GMT-0700 (PDT) 
⠼ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS UserPoolClientLambdaPolicy AWS::IAM::Policy Wed Oct 17 2018 13:44:03 GMT-0700 (PDT) Resource creation Initiated
⠴ Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE UserPoolClientLambdaPolicy AWS::IAM::Policy Wed Oct 17 2018 13:44:56 GMT-0700 (PDT) 
⠙ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS UserPoolClientLogPolicy AWS::IAM::Policy Wed Oct 17 2018 13:45:02 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClientLogPolicy AWS::IAM::Policy Wed Oct 17 2018 13:45:06 GMT-0700 (PDT) Resource creation Initiated
⠋ Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE UserPoolClientLogPolicy AWS::IAM::Policy Wed Oct 17 2018 13:46:17 GMT-0700 (PDT) 
⠇ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS UserPoolClientInputs Custom::LambdaCallout Wed Oct 17 2018 13:46:22 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS UserPoolClientInputs Custom::LambdaCallout Wed Oct 17 2018 13:46:28 GMT-0700 (PDT) Resource creation Initiated
CREATE_COMPLETE    UserPoolClientInputs Custom::LambdaCallout Wed Oct 17 2018 13:46:29 GMT-0700 (PDT)                            
⠏ Updating resources in the cloud. This may take a few minutes...

CREATE_IN_PROGRESS IdentityPool AWS::Cognito::IdentityPool Wed Oct 17 2018 13:46:35 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS IdentityPool AWS::Cognito::IdentityPool Wed Oct 17 2018 13:46:40 GMT-0700 (PDT) Resource creation Initiated
⠏ Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE    IdentityPool        AWS::Cognito::IdentityPool               Wed Oct 17 2018 13:46:42 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS IdentityPoolRoleMap AWS::Cognito::IdentityPoolRoleAttachment Wed Oct 17 2018 13:46:48 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS IdentityPoolRoleMap AWS::Cognito::IdentityPoolRoleAttachment Wed Oct 17 2018 13:46:50 GMT-0700 (PDT) Resource creation Initiated
CREATE_COMPLETE    IdentityPoolRoleMap AWS::Cognito::IdentityPoolRoleAttachment Wed Oct 17 2018 13:46:51 GMT-0700 (PDT)                            
⠇ Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE test89-20181017133900-authcognito8138d20c-1LDDVS8KM0VMP AWS::CloudFormation::Stack Wed Oct 17 2018 13:47:00 GMT-0700 (PDT) 
⠙ Updating resources in the cloud. This may take a few minutes...

CREATE_COMPLETE    authcognito8138d20c                          AWS::CloudFormation::Stack Wed Oct 17 2018 13:47:22 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS apitest89                                    AWS::CloudFormation::Stack Wed Oct 17 2018 13:47:25 GMT-0700 (PDT)                            
CREATE_IN_PROGRESS test89-20181017133900-apitest89-2CCRXUZFW1M4 AWS::CloudFormation::Stack Wed Oct 17 2018 13:47:27 GMT-0700 (PDT) User Initiated             
CREATE_IN_PROGRESS apitest89                                    AWS::CloudFormation::Stack Wed Oct 17 2018 13:47:27 GMT-0700 (PDT) Resource creation Initiated
⠙ Updating resources in the cloud. This may take a few minutes...

@kaustavghosh06 as I said I use amplify api push. You use amplify push.

@jaxondu Can you use amplify push? amplify api push won't deploy the auth resources which is a dependency. amplify push would deploy both the auth and api resources. We'll have a validation check for this so that it fails before even deploying to Cloudformation.

@kaustavghosh06 sure will use just amplify push. A message explaining what to do next would be useful when amplify api push detect a not valid auth stack. This thread shows that I’m not the only one confused by it.

We published a new version of the CLI to npm, version -> 0.1.32 with fixes for windows. Feel free to re-open the issue if the problem still persists.

This is happening to me with the newest amplify cli on MacBook Pro. I do amplify add auth and its email address as username so I want to delete it and redo it so I do amplify remove auth and it says successfully removed resource but get that error on amplify push

✖ An error occurred when pushing the resources to the cloud

Template error: instance of Fn::GetAtt references undefined resource authcognito4d934e5d

@24jr Do you have a GraphQL API which is using Cognito as an auth mode?

@kaustavghosh06 Yeah I do! since you knew that somehow you must be onto the problem

So the issue here is that your GraphQL API is referencing the older Cognito User Pool which you've removed. Can you go through the amplify update api flow and update the user pool and see if the issue still exists?

@kaustavghosh06 ohhh in fact I think I see the problem you're saying. I can't get rid of the auth because its mandatory for the graphql. I already deleted auth locally so not sure if I can update now. maybe if I do amplify pull or something idk let me mess around with it rn and get back to you. Thank you for this

Exactly. If you had done an amplify auth remove the amplify api has still an reference to the old auth one.
In my opinion this is a bug

I had the same problem but running amplify update api followed by amplify push seemed to get the project back on track just fine. I agree it would be great if the API updated without user intervention but the above does work where you delete an auth resource and create a new one when using a graphql api.

This update+push solution worked to get my project back on track. However, now I have a useless Congito userpool sitting in Amplify, which I will not use. I created my own Cognito userpool for managing access to my api, so how can I just remove the userpool from Amplify while STILL keeping my api working in Amplify?

I don't mean to be rude but why has there been no update to resolve this issue on Amazons end. I have to remove my api, remove my auth, and redo my auth just to change 1 field in the signup. Now when I remove the shit amplify complains that about An error occured during the push operation: Resource is not in the state stackUpdateComplete because I ruined 2 things. Wtf

I'm back at taking a shot at Amplify, because version numbers have jumped quite significantly. Yet I find myself having the same issue: I want to use amplify api with an existing (i.e. NOT created by amplify) Cognito user pool. How can I configure that? Each time I try amplify update api I only have the chance to create new user pool :(.

Just ran into this same error and the same issues faced by the commenters. I followed the amplify update api and added a 'dummy` authorization role to delete the old one, but now I have a dummy in there and face the same error when trying to delete it (even though it's not being used)...

__EDIT__:

I think I figured out how to delete it...

When the prompt asks: ? Do you want to update code for your updated GraphQL API. I answered No and it seemed to clear everything up...

SUMMARY for those might run to this issue
I got the same error after running:
amplify remove auth
then I added new auth amplify add auth
then tried to push amplify push here I got the mentioned error.
As explained above the api is still referencing to the OLD _cognito-user-pool ID_. so here what I did:
1- amplify update api
2- For ? Select from the options below choose Update auth settings
3- For ? Choose the default authorization type for the API choose Amazon Cognito User Pool
4- For ? Configure additional auth types? choose No
You will notice that the OLD _cognito-user-pool ID_ is updated with the new one in your backEnd folder.
Now you are ready to push by amplify push
Problem solved