Custom Message Trigger set in override.ts not applying

[ChadyG]

How did you install the Amplify CLI?

homebrew

If applicable, what version of Node.js are you using?

v20.3.0

Amplify CLI Version

12.1.1, 12.2.3

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

Existing Custom Message Lambda and trigger.

Describe the bug

I'm attempting to configure our custom message lambda and trigger from the auth override.ts, however it is not applying. Tried in our dev and test cognito backends with no luck, having the custom message set before deploy and without, and removing other overrides. I can confirm that the override is being parsed since I'm getting warnings when incorrectly setting the customMessage parameter.

See override.ts code below.

Expected behavior

Setting UserPool LambdaConfig CustomMessage to a lambda ARN should set the custom mesage trigger in Cognito.

Reproduction steps

1. Enable auth overrides.
2. Add config for resources.userPool.lambdaConfig where customMessage is set to a valid lambda arn.
3. Deploy to amplify backend
4. Custom message trigger is not set on cognito backend after successful deploy.

Project Identifier

No response

Log output

# Put your logs below this line

Additional information

import { AmplifyAuthCognitoStackTemplate, AmplifyProjectInfo } from '@aws-amplify/cli-extensibility-helper';

export function override(resources: AmplifyAuthCognitoStackTemplate, amplifyProjectInfo: AmplifyProjectInfo) {
    resources.userPool.emailVerificationMessage = undefined
    resources.userPool.emailVerificationSubject = undefined
    resources.userPool.policies = {
        passwordPolicy: {
            ...resources.userPool.policies['passwordPolicy'],
        }
    }
    // Auth Tokens
    resources.userPoolClient.accessTokenValidity = 1
    resources.userPoolClient.idTokenValidity = 60
    resources.userPoolClient.refreshTokenValidity = 90
    resources.userPoolClient.tokenValidityUnits = {
        accessToken: 'days',
        idToken: 'minutes',
        refreshToken: 'days'
    }
    // Preserve verified attributes
    resources.userPool.addPropertyOverride('UserAttributeUpdateSettings', {
        AttributesRequireVerificationBeforeUpdate: ['email']
    })
    // Email verify configuration
    resources.userPool.addPropertyOverride('EmailConfiguration', {
        ConfigurationSet: 'fullswingapps_com-configuration-set',
        EmailSendingAccount: 'DEVELOPER',
        From: '[email protected]',
        ReplyToEmailAddress: '[email protected]',
        SourceArn: 'arn:aws:ses:us-east-1:xxx:identity/[email protected]'
    })
    //  Default Email template used in dev
    resources.userPool.addPropertyOverride('VerificationMessageTemplate', {
        DefaultEmailOption: 'CONFIRM_WITH_LINK',
        EmailMessageByLink: 'Please click the link below to verify your email address. {##Verify Email##}',
        EmailSubjectByLink: 'Confirmation'
    })
    // Custom Message Lambda
    if (amplifyProjectInfo.envName == 'test') {
        resources.userPool.lambdaConfig = {
            ...resources.userPool.lambdaConfig,
            customMessage: 'arn:aws:lambda:us-east-1:xxx:function:staging--custom-message-trigger--lambda'
        }
    }
    if (amplifyProjectInfo.envName == 'live') {
        resources.userPool.lambdaConfig = {
            ...resources.userPool.lambdaConfig,
            customMessage: 'arn:aws:lambda:us-east-1:xxx:function:prod--custom-message-trigger--lambda'
        }
    }
}

Before submitting, please confirm:

• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• I have removed any sensitive information from my code snippets and submission.

[josefaidt]

Hey @ChadyG 👋 thanks for raising this! I believe the issue here stems from the fact that the auth triggers are defined in a separate stack, where there is a custom resource setting the triggers directly on Cognito. Despite this, you can set a custom message Lambda through the CLI in the amplify update auth flow. What use case are you looking to address by setting the trigger via the override?

[ChadyG]

Thank you @josefaidt!

I was able to set up the custom message with redirect via the CLI. However, we don't need the redirect functionality. I'm also unsure if we can swap the existing function to one created by the Amplify CLI as there is another team and project which we share the Cognito resource with and the custom message lambda is from that team. So I was hoping the override would be the right way to ensure that configuration isn't lost whenever we need to push changes to the auth stack.

[josefaidt]

Hey @ChadyG thanks for clarifying! There should be an option to generate a "custom module" after enabling the "custom message" Cognito trigger, which will attach it to your auth resource and enable you to write your own custom logic. Additionally, you can modify the Function's CloudFormation template directly to suit your needs

[ChadyG]

Hello @josefaidt, sorry for the delayed response.

When I tried your suggested workaround, I may have gotten confused on where the CloudFormation template code is. I saw the template configuration and parameters, but these assume we are using Amplify styled function names with the environment suffixed on. Unfortunately we currently have the functions named differently (and they only exist in two environments).

Is there a cleaner alternative other than pulling these functions into the Amplify project/configuration directly?

[josefaidt]

Hey @ChadyG apologies for the delay here! You can use a post-push command hook and the AWS SDK to manually set the triggers defined outside the project on your auth resource, however unfortunately we do not currently support importing Functions

[ChadyG]

Thanks @josefaidt! That makes perfect sense as a solution.
For some reason it didn't occur to me to combine those hooks and the SDK. That makes a pretty powerful combination!

[ykethan]

Closing the issue, please feel free in reaching out us if you require any assistance.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.