Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

referenceAuth overrides Auth and unAuth storage access policy #2256

Open
ykethan opened this issue Nov 20, 2024 · 0 comments
Open

referenceAuth overrides Auth and unAuth storage access policy #2256

ykethan opened this issue Nov 20, 2024 · 0 comments
Labels
auth Issue pertaining to Amplify Auth bug Something isn't working storage Related to the storage experience

Comments

@ykethan
Copy link
Member

ykethan commented Nov 20, 2024
edited
Loading

Environment information

npx ampx info
System:
  OS: macOS 14.7.1
  CPU: (8) arm64 Apple M1
  Memory: 171.45 MB / 16.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 20.2.0 - ~/.nvm/versions/node/v20.2.0/bin/node
  Yarn: 1.22.21 - ~/.nvm/versions/node/v20.2.0/bin/yarn
  npm: 9.6.6 - ~/.nvm/versions/node/v20.2.0/bin/npm
  pnpm: 9.13.2 - ~/.nvm/versions/node/v20.2.0/bin/pnpm
NPM Packages:
  @aws-amplify/auth-construct: 1.5.0
  @aws-amplify/backend: 1.8.0
  @aws-amplify/backend-auth: 1.4.1
  @aws-amplify/backend-cli: 1.4.2
  @aws-amplify/backend-data: 1.2.1
  @aws-amplify/backend-deployer: 1.1.9
  @aws-amplify/backend-function: 1.8.0
  @aws-amplify/backend-output-schemas: 1.4.0
  @aws-amplify/backend-output-storage: 1.1.3
  @aws-amplify/backend-secret: 1.1.5
  @aws-amplify/backend-storage: 1.2.3
  @aws-amplify/cli-core: 1.2.0
  @aws-amplify/client-config: 1.5.2
  @aws-amplify/deployed-backend-client: 1.4.2
  @aws-amplify/form-generator: 1.0.3
  @aws-amplify/model-generator: 1.0.9
  @aws-amplify/platform-core: 1.2.1
  @aws-amplify/plugin-types: 1.5.0
  @aws-amplify/sandbox: 1.2.6
  @aws-amplify/schema-generator: 1.2.5
  aws-amplify: 6.8.2
  aws-cdk: 2.168.0
  aws-cdk-lib: 2.168.0
  typescript: 5.6.3
No AWS environment variables
No CDK environment variables

Describe the bug

https://discord.com/channels/705853757799399426/1308582280293515324/1308582280293515324

When using referenceAuth to reference an user pool created on a different Amplify app(containing auth and storage).
Adding storage to the app will override the auth and unauth roles storage access policy

to summarize:
app1 -> new auth and storage
app2 -> reference app1 auth and add new storage

Reproduction steps

simple repo steps

  1. create a sandbox with auth and storage
  2. verify the roles
  3. use referenceAuth to use the previously created user pool and identity pool
  4. add storage
  5. switch to different --identifier on sandbox deploy
  6. verify the roles and observe the policy was overridden
@ykethan ykethan added the pending-triage Incoming issues that need categorization label Nov 20, 2024
@josefaidt josefaidt added bug Something isn't working and removed pending-triage Incoming issues that need categorization labels Nov 20, 2024
@ykethan ykethan added auth Issue pertaining to Amplify Auth storage Related to the storage experience labels Nov 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Issue pertaining to Amplify Auth bug Something isn't working storage Related to the storage experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@josefaidt @ykethan