Amplify-cli: UPDATE_FAILED error: api [unauthRoleName, authRoleName] do not exist in the template

I added "AuthRoleName" and "UnauthRoleName" to customResources.json and parameters.json for now.

Umm, this issue is not solved by above workaround..

any updates? I did pull --restore today, changed minor thing in graphql then pushed and it failed with this problem. I changed nothing and it fails now, it must be some internal change to amplify/appsync. Can someone look at it?

I added this to parameters.json and it stopped failing:
"authRoleName": { "Ref": "AuthRoleName" }, "unauthRoleName": { "Ref": "UnauthRoleName" }

still testing to see if there are any issues with that

it succeeded the first time but now I did another update completely unrelated to API and push fails with same error

same issue here. In the build settings of the amplify console, I specified a package version override to 3.10.0 and my builds are working again.

Deleting the build folder inside: _backend / api / api_name/_
and running: amplify api gql-compile before pushing solved the issue for me.

It was too good to be true. I upgraded from 3.0.0 and landed on 3.11.0 after having upgraded to 3.14.0 but hit by #2550 — I'm using Amplify Console to deploy to production solely and development, but for development I also push manually sometimes.

I had a few successful deployments and suddenly started getting this error also. Tried the solution by @bastianbb in https://github.com/aws-amplify/amplify-cli/issues/2519#issuecomment-540580276 without result. No solution for the CLI besides downgrading to 3.10.0 it seems? I will now try pushing with 3.11.0 in the CLI and see if that fixes Console deployments.

Same problem here, with 3.14.0. When I added storage and then try to push, the following error occurs and the push is aborted:

Parameters: [unauthRoleName, authRoleName, additionalQuestions] do not exist in the template

When I added the above-referenced fields back manually to the respective config files, the amplify push finally succeeded. That was my "fix"

All these seems to be temporary fixes which may fix push once or twice, but it will eventually fail later on, especially when doing deployment with Amplify Console.

@UnleashedMind please advice what is either a permanent manually fix/workaround or if we can expect a new release that fixes this soon?

I am having same problem for the past week, using amplify CLI version 3.9.0. Problem has happened both with amplify CLI push and also with amplify console deployment. Should I try 3.10.0?

I also see the message "Could not read cloudformation template at path: C:\xxxxx\fa-console\amplify\backend\api\facilitiesconsole\build\cloudformation-template.json". This file does not exist. Is it supposed to exist? When should it be created?

Could not read cloudformation template at path: C:\xxxxx\fa-console\amplify\backend\api\facilitiesconsole\build\cloudformation-template.json
- Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS facilitiesconsole-dev-20190904015757 AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:18 GMT-0400 (Eastern Daylight Time) User Initiated
UPDATE_IN_PROGRESS authfacilitiesconsole934f5027        AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:22 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS storagefaservicedynamo               AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:22 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    storagefaservicedynamo               AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:23 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    authfacilitiesconsole934f5027        AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:23 GMT-0400 (Eastern Daylight Time)
\ Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS          apifacilitiesconsole                 AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:25 GMT-0400 (Eastern Daylight Time)                                                                                           
UPDATE_IN_PROGRESS          functionfaservicelambda              AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:25 GMT-0400 (Eastern Daylight Time)                                                                                           
UPDATE_FAILED               apifacilitiesconsole                 AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:26 GMT-0400 (Eastern Daylight Time) Parameters: [unauthRoleName, authRoleName] do not exist in the template                   
UPDATE_FAILED               functionfaservicelambda              AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:26 GMT-0400 (Eastern Daylight Time) Resource update cancelled                                                                 

update: I tried amplify cli 3.10.0, then amplify init and amplify push and it failed in the same way.
update: Same with 3.15.0, same failure.

@mrducky4
A few questions

• What was the update flow that was done?
• Is this a graphql api?
• Was IAM auth being used in the schema?

I am having same problem for the past week, using amplify CLI version 3.9.0. Problem has happened both with amplify CLI push and also with amplify console deployment. Should I try 3.10.0?

I also see the message "Could not read cloudformation template at path: C:\xxxxx\fa-console\amplify\backend\api\facilitiesconsole\build\cloudformation-template.json". This file does not exist. Is it supposed to exist? When should it be created?

Could not read cloudformation template at path: C:\xxxxx\fa-console\amplify\backend\api\facilitiesconsole\build\cloudformation-template.json
- Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS facilitiesconsole-dev-20190904015757 AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:18 GMT-0400 (Eastern Daylight Time) User Initiated
UPDATE_IN_PROGRESS authfacilitiesconsole934f5027        AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:22 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS storagefaservicedynamo               AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:22 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    storagefaservicedynamo               AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:23 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    authfacilitiesconsole934f5027        AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:23 GMT-0400 (Eastern Daylight Time)
\ Updating resources in the cloud. This may take a few minutes...

UPDATE_IN_PROGRESS          apifacilitiesconsole                 AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:25 GMT-0400 (Eastern Daylight Time)                                                                                           
UPDATE_IN_PROGRESS          functionfaservicelambda              AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:25 GMT-0400 (Eastern Daylight Time)                                                                                           
UPDATE_FAILED               apifacilitiesconsole                 AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:26 GMT-0400 (Eastern Daylight Time) Parameters: [unauthRoleName, authRoleName] do not exist in the template                   
UPDATE_FAILED               functionfaservicelambda              AWS::CloudFormation::Stack Wed Oct 16 2019 19:45:26 GMT-0400 (Eastern Daylight Time) Resource update cancelled                                                                 

update: I tried amplify cli 3.10.0, then amplify init and amplify push and it failed in the same way.
update: Same with 3.15.0, same failure.

@mrducky4 look at my previous comment.
My problem was the same, no CF template in the build folder.

@SwaySway I'll answer the best I can.

• What was the update flow that was done?
  I don't really know what was relevant. I have been switching back and forth between a test branch and a dev branch, and switching the corresponding amplify environments between test and dev. The thing I'm working on is a lambda function (functionfaservicelambda) for a REST API (facilitiesservice) added with amplify. But I'm just changing the .js source code, not trying to make changes with amplify api update or anything like that. amplify status shows this:

| Category | Resource name             | Operation | Provider plugin   |
| -------- | ------------------------- | --------- | ----------------- |
| Function | faservicelambda           | Update    | awscloudformation |
| Auth     | facilitiesconsole934f5027 | No Change | awscloudformation |
| Api      | facilitiesconsole         | No Change | awscloudformation |
| Api      | facilitiesservice         | No Change | awscloudformation |
| Storage  | faservicedynamo           | No Change | awscloudformation |

• Is this a graphql api?
  facilitesconsole is a graphql API. facilitiesservice is a REST API.

• Was IAM auth being used in the schema?
  I don't think so, but I'm new to all this so I'm not completely sure. I am using a Cognito user pool, and using @auth in the graphql schema. I know the graphql API authorization has been working properly based on the Cognito user login, with a custom tenantID field associated with the cognito user, and also in some cases based on which cognito group the user is a member of. So my understanding is all this is using Cognito and not using IAM.

@bastianbb thank you for the suggestion. I did amplify api gql-compile, and it created the cloudformation-template.json file that was missing before.
Then during amplify push I get different errors now.

UPDATE_IN_PROGRESS facilitiesconsole-dev-20190904015757 AWS::CloudFormation::Stack Thu Oct 17 2019 07:10:55 GMT-0400 (Eastern Daylight Time) User Initiated
UPDATE_IN_PROGRESS storagefaservicedynamo               AWS::CloudFormation::Stack Thu Oct 17 2019 07:10:59 GMT-0400 (Eastern Daylight Time)
UPDATE_IN_PROGRESS authfacilitiesconsole934f5027        AWS::CloudFormation::Stack Thu Oct 17 2019 07:10:59 GMT-0400 (Eastern Daylight Time)
UPDATE_COMPLETE    storagefaservicedynamo               AWS::CloudFormation::Stack Thu Oct 17 2019 07:10:59 GMT-0400 (Eastern Daylight Time)
UPDATE_FAILED      authfacilitiesconsole934f5027        AWS::CloudFormation::Stack Thu Oct 17 2019 07:11:00 GMT-0400 (Eastern Daylight Time) Parameters: [hostedUI, thirdPartyAuth] must have values

Those parameters hostedUI and thirdPartyAuth are things that did change recently in some files managed by amplify as I was trying different things to work around the push problem. When I tried something that didn't work, I then tried to revert all the changes to get back to the original state with original problem. Maybe I missed reverting something. I don't have a good understanding of the overall amplify workflow, every time I do anything it breaks the deployment process, so I may open a separate issue to ask about that.

Update: In my whole project, there was no mention of the terms hostedUI or thirdPartyAuth in any .yml or .json file. So I don't understand why amplify (or cloudformation?) was saying the must have values, because as far as I can tell they didn't exist at all. Could it be related to something that was (partially) deployed in the cloud during a previous attempt at amplify push?

I upgraded (again) to amplify version 3.15.0. Then I did amplify init and then amplify auth update. I didn't really want to update anything, so I answered the questions the same as before, trying not to make any changes. But things did change, such as adding hostedUI and thirdPartyAuth elements into the auth parameters.json and xxx-cloudformation-template.yml files. Then amplify push finally succeeded.

Later on I will open a separate issue with questions about amplify workflow for multiple environments and multiple development machines.

i tried to push a new update over the newest CLI: 3.15

Get this error:
UPDATE_FAILED authaivyusers AWS::CloudFormation::Stack Thu Oct 24 2019 20:08:16 GMT+0200 (GMT+02:00) Parameters: [unauthRoleName, allowUnauthenticatedIdentities, thirdPartyAuth, mfaLambdaLogPolicy, openIdLambdaRoleName, policyName, userpoolClientName, mfaLambdaIAMPolicy, mfaPassRolePolicy, authRoleName, PostConfirmation, roleName, userpoolClientLogPolicy, identityPoolName, userpoolClientLambdaPolicy, mfaLambdaRole] do not exist in the template

So tried:
amplify update auth.

Than i get this error:

So at the moment i cant push.

i just updated a function.

So i did an --restore, but the same error

So i tried again update auth with some other settings:

Create a new ENV and push my Production env is working, so maybe this is a problem in my cloudFormation?

Is there any progress here?
Or Workarounds?
So i have this in my develop, i could create a new ENV, but i dont know if i merge my project to production, that i have the same problem again with production env. Would be bad.

@davidbiller So have you fixed the no values error? And you're stuck with the API Key error? This error comes in when you have an expired API Key. You can follow these steps - https://github.com/aws-amplify/amplify-cli/issues/242#issuecomment-546733822 to update your API Key.

@davidbiller So have you fixed the no values error? And you're stuck with the API Key error? This error comes in when you have an expired API Key. You can follow these steps - #242 (comment) to update your API Key.

@kaustavghosh06

Hey.
Ja, but i cant deploy.
"APIKeyExpirationEpoch": "-1",
is there since the first day, 1 year ago :)

But still get this error.

@davidbiller So have you fixed the no values error? And you're stuck with the API Key error? This error comes in when you have an expired API Key. You can follow these steps - #242 (comment) to update your API Key.

@kaustavghosh06

Hey.
Ja, but i cant deploy.
"APIKeyExpirationEpoch": "-1",
is there since the first day, 1 year ago :)

But still get this error.

Delete this line:
"APIKeyExpirationEpoch": "-1",
and all is working now.

So yes:
amplify update auth
and delete the "APIKeyExpirationEpoch": "-1" is working.

this error still persists :(

As usual, things break regurlaly with aws amplify, and after repairing something, this error reappears

All these seems to be temporary fixes which may fix push once or twice, but it will eventually fail later on, especially when doing deployment with Amplify Console.

@UnleashedMind please advice what is either a permanent manually fix/workaround or if we can expect a new release that fixes this soon?

Did you find a permanent solution for this?

Another here with the same problem. I can push to a development environment locally, but as soon as I push to git and allow it to be built in the console using Amplify's built-in CI/CD pipeline, I am seeing this error.

The fix mentioned earlier in this thread and in this issue https://github.com/aws-amplify/amplify-cli/issues/4814 seems to resolve it, but for how long!?

Completely agreed with @Bulletninja. I love the concept, but it feels like everything is one step forwards, two steps back with Amplify and I spend half of my time fighting with this rather than writing code. I'm really beginning to reconsider whether this is ready for prime-time.

@samputer can you open a new issue with your stack details for a team member to troubleshoot?

I have a similar issue, but the error is in domainName
I added a new endpoint to api using amplity update api, but when I try to push I receive this error message:

UPDATE_FAILED myAmplifyApi
AWS::CloudFormation::Stack Thu Oct 22 2020 12:28:44 GMT-0300 (GMT-03:00) Parameters: [domainName, domainCertificateArn, myenvDomainCertificateArn] do not exist in the template

And the last error message is:

Following resources failed

✖ An error occurred when pushing the resources to the cloud

Resource is not in the state stackUpdateComplete
An error occurred during the push operation: Resource is not in the state stackUpdateComplete

Someone may help me?

@mrducky4's suggestion of rerunning amplify auth upgrade and trying to adhere to the already configured options did the trick for me.

I upgraded (again) to amplify version 3.15.0. Then I did amplify init and then amplify auth update. I didn't really want to update anything, so I answered the questions the same as before, trying not to make any changes. But things did change, such as adding hostedUI and thirdPartyAuth elements into the auth parameters.json and xxx-cloudformation-template.yml files. Then amplify push finally succeeded.
https://github.com/aws-amplify/amplify-cli/issues/2519#issuecomment-543134455

I have to agree with @samputer — I'm not sure Amplify is production ready. I find myself continually having to trawl through the @aws-amplify/cli issues in order to find a _temporary_ solution to another bug in this library. There is so much promise but such little attention to detail across so many parts of Amplify which culminates in a less than enjoyable development experience.

This error occurred for me today after amplify add api. I have an imported Cognito user pool (amplify import auth) and maybe that new feature is causing the problem?

• @aws-amplicy/cli version is 4.38.2 (but I get the same error with 4.36.2)
• My API is a REST API with public access
• auth is an imported Cognito user pool WITHOUT any identity pool (might be important due to https://github.com/aws-amplify/amplify-cli/issues/2096#issuecomment-523746110)

My paramters.json already has the references mentioned in some workarounds (probably due to the recent #4814 fix):

{
    "authRoleName": {
        "Ref": "AuthRoleName"
    },
    "unauthRoleName": {
        "Ref": "UnauthRoleName"
    }
}

I even tried to paste the role names (instead of the ref) into parameters.json, but I get the same error.

The thing is, that my API is not even protected by Cognito (I chose "Restrict API access" => No). And amplify update auth doesn't work either, because update is not supported for imported user pools. I'm stuck now.

Btw: After the attempted push the amplify cli hangs with the message All resources are updated in the cloud. I have to abort the process. But then on the next push it tells me, that the API was already pushed successfully (amplify status => No Changes). So to try another fix I always have to amplify remove api, amplify push and then amplify add api. Makes trying to fix this issue tedious.

And I sadly share the feeling of some people here that Amplify is not production-ready yet :(. Even after two years of development it still breaks in basic places. Amplify has improved, but it still doesn't feel reliable.

Ok so I experienced this and can tell you what's possibly happening. You or someone improperly merged your code or you/someone switched around environments or panic pulled an environment resulting in a lost file.

You probably committed later on, persisting that files removal or something of this nature.

The file(s) your projects have removed during a merge or amplify pull broke your cloudformation templates.

In most of the cases here I assume you are working with an API, most likely one resulting in a lambda function, and you removed your parameters.json as this contains the role map.

Pay attention to what you are merging, when you are switching environments, etc to what you are doing to the files in amplify directory and what the impact is going to be.

This isn't the case that the framework is making a mistake or isn't ready for prime time as much as it is is a continuation of the same pitfalls we are subject to anytime we are not paying as close enough attention as we should be. (sometimes a result of oversite, other times a lack of awareness of immediacy)

The tool is powerful but do not take it for granted by not paying as close enough attention to detail as needed or looking past the deeper awareness you'll need of AWS/Amplify to be successful.

I am in the second large product built with it and blaming the tool is the first thing we jump to, but root cause often takes us in another direction.

Check it out - this is what broke ours - this was function for a REST API:

I have the same error adding a custom resource (with associated custom CloudFormation template) :

When I add a custom resource in the backend-config file : the generated root stack removes authRoleName and unauthRoleName from all apis parameters - I cannot understand why a custom resource as such side effect on apis, the custom resource is just used by a lambda