By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

In Amplify, how do I recover from an expired AppSync key?

0

I went away for a little while and my AppSync API key expired in three of my four Amplify environments, and now I can't "amplify push" to any of them. There's a lot of chatter about the pain of this in various GitHub issues, and many work-arounds, but none of them have worked for me. The issues are as follows:

  • Every time I try to push, I get an "API key not found" error with a reference to a key that doesn't exist (has expired).
  • If I run "amplify status", I can see the bad key there.
  • If I start down the path of trying to use CreateAPIKey=0 (see https://docs.amplify.aws/javascript/tools/cli-legacy/config-params/), I get "Output 'GraphQLAPIKeyOutput' not found in stack" errors for all of my custom Lambda functions.

Stuff I've tried, to no avail:

  1. Removing "GraphQLAPIKeyOutput" from backend-config.json (it still keeps failing to update)
  2. Deleting my custom functions altogether (it still keeps failing to update)
  3. Creating a new key in AppSync and updating amplifyconfiguration.json to use it (stuff still keeps finding and using the old key)

I've spent an embarrassing number of hours on this and I still can't get my environment working. Perhaps even worse, the key in my one working environment will expire soon, and then I guess I'll be down to zero working environments.

Does anybody have a solution for this that actually works with the latest CLI?

Thanks so much,

Chris

Topics
ServerlessFront-End Web & MobileApplication Integration
Tags
AWS AppSyncAWS Amplify
Language
English
CR
asked 3 months ago109 views
1 Answer
0

I finally got my env back up by following a modified version of the solution here:

  1. Merge into branch in source repo, triggering new build in Amplify
  2. Observe that Amplify build fails with “API key not found” error
  3. Go to AWS plugin within PyCharm, update credentials, open local console
  4. A first time: amplify env checkout BRANCH
  5. Edit amplify/backend/api/appname/parameters.json to add a CreateAPIKey: 0 parameter
  6. Edit amplify/backend/backend-config.json and remove all GraphQLAPIKeyOutput references
  7. A second time: amplify env checkout BRANCH
  8. A first time: amplify push -y
  9. Roll back all local changes (namely: steps 4 and 5 above)
  10. A third time: amplify env checkout BRANCH
  11. A second time: amplify push -y
  12. Go back to failed build in Amplify UI, click to “Redeploy this version” to rebuild

I had tried and failed with the same procedure previously, because I hadn't realized that the repeated checkouts were necessary (I skipped them because I had already checked out the env). This whole experience has been really frustrating, and it makes me regret having chosen Amplify for my app framework.

CR
answered 3 months ago
  • CR
    3 months ago

    However: after all this, I went back to Amplify Studio, and none of the "Manage content" functionality was working. The drop-down has my tables, but they show no content in the tables and I can't add records. I've tried:

    1. Disabling and re-enabling Amplify Studio to redeploy.
    2. Checking the GraphQL API settings in the Studio (they have the new/proper API key).
    3. Checking the GraphQL API connection (it points to the correct AppSync API, which points to the correct DynamoDB tables).
    4. Checking the DynamoDB tables (they still have all of their proper content).

    This issue is true now in all four of my environments across two separate AWS accounts. While it's possible that the failure is unrelated to this issue here, everything was working a few days ago and all I've done since was wrestle with getting these API keys updated.

  • CR
    3 months ago

    This is what fixed my Amplify Studio Data Manager:

    1. amplify env checkout BRANCH
    2. amplify api gql-compile --force
    3. amplify push -y

    Honestly, this whole experience has been a nightmare — and I see that, even after I edit my keys to be valid for longer, new deployments reset to 30 days. So I guess I have to manually deploy or extend the keys every 30 days, otherwise I face this nightmare again and again. It's a completely baffling design for an app framework that's intended for production apps.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content