Skip to content

fix(gen2-migration): refactor breaks when auth triggers are placed outside of the auth stack in gen2#14786

Merged
iliapolo merged 5 commits intogen2-migrationfrom
epolon/auth-trigger-refactor-fail
Apr 16, 2026
Merged

fix(gen2-migration): refactor breaks when auth triggers are placed outside of the auth stack in gen2#14786
iliapolo merged 5 commits intogen2-migrationfrom
epolon/auth-trigger-refactor-fail

Conversation

@iliapolo
Copy link
Copy Markdown
Contributor

@iliapolo iliapolo commented Apr 16, 2026
edited
Loading

Description of changes

Fixes a refactor failure when an auth trigger Lambda lives in a separate stack from the auth stack. When the trigger is co-located in the auth stack, the UserPool references it via Fn::GetAtt within the same stack — which our resolvers already handled. When the trigger is in a separate stack, CDK instead threads the Lambda ARN into the auth stack as a CloudFormation parameter. resolveTarget() was not running parameter resolution, so that {"Ref": "referencetoamplify...Arn"} survived into the holding stack template as a dangling reference, causing CloudFormation to reject it with "Unresolved resource dependencies."

The fix applies resolveParameters to the Gen2 target template before resolveDependencies, consistent with how resolveSource() already works. The reason we didn't see this before in fitness tracker (which has an auth trigger) is because we manually forced the trigger to placed in the auth stack (using resourceGroupName) to avoid circular dependency issues - but those issues were not actually caused by the auth trigger, so its not needed.

Core fix

resolveTarget() in ForwardCategoryRefactorer now runs resolveParameters before resolveDependencies, consistent with resolveSource().

Migration app cleanup

Removed the setResourceGroupName workaround for the pre-signup trigger from fitness-tracker/migration/post-generate.ts.

Snapshot regeneration

Snapshots updated to reflect the corrected template resolution output.

Issue #, if available

Fixes #14746

Description of how you validated changes

  • Snapshots regenerated and reviewed to confirm cross-stack parameter
    references are resolved in the Gen2 target template before dependency
    stripping.
  • The fitness-tracker migration app no longer requires the manual
    resource group workaround.

Checklist

  • PR description included
  • yarn test passes
  • Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@iliapolo iliapolo changed the title fix: resolve parameters on target fix(gen2-migration): refactor breaks for auth triggers placed outside of the auth stack Apr 16, 2026
@iliapolo iliapolo marked this pull request as ready for review April 16, 2026 03:28
@iliapolo iliapolo requested a review from a team as a code owner April 16, 2026 03:28
@iliapolo iliapolo enabled auto-merge (squash) April 16, 2026 03:28
@iliapolo iliapolo changed the title fix(gen2-migration): refactor breaks for auth triggers placed outside of the auth stack fix(gen2-migration): refactor breaks when auth triggers are placed outside of the auth stack in gen2 Apr 16, 2026
@iliapolo iliapolo merged commit 2afcd18 into gen2-migration Apr 16, 2026
4 checks passed
@iliapolo iliapolo deleted the epolon/auth-trigger-refactor-fail branch April 16, 2026 22:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@9pace 9pace 9pace approved these changes

Assignees

@9pace 9pace

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@iliapolo @9pace