How did you install the Amplify CLI?
No response
If applicable, what version of Node.js are you using?
No response
Amplify CLI Version
NA
What operating system are you using?
NA
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
NA
Describe the bug
Description:
When migrating a Gen1 Amplify project to Gen2 using amplify gen2-migration generate, the migration tool creates an Identity Pool even though the Gen1 project was configured with "User Sign-Up & Sign-In only" — which provisions only a Cognito User Pool with no Identity Pool.
My Gen1 setup used a Cognito User Pool authorizer on API Gateway - the user signs in, gets a JWT, and passes it in the Authorization header. No IAM credentials needed, no Identity Pool needed.
Expected behavior:
The generated Gen2 code should reflect the original Gen1 auth configuration — a User Pool with no Identity Pool. The defineAuth output should not include an Identity Pool, matching the "User Sign-Up & Sign-In only" selection.
Actual behavior:
The generated backend.ts includes Identity Pool configuration:
const cfnIdentityPool = backend.auth.resources.cfnResources.cfnIdentityPool;
cfnIdentityPool.allowUnauthenticatedIdentities = false;
This changes the auth architecture from what was originally configured. The Gen1 project used a Cognito User Pool authorizer for the REST API, but the migration switches to IAM authorization, which requires an Identity Pool.
Expected behavior
NA
Reproduction steps
Cognito User Pool (no Identity Pool)
- Sign-in: Email
- MFA: Off
- Email verification: Enabled, code-based ("Your verification code is {####}")
- Password policy: Default (min 8 chars, no special requirements)
- Required sign-up attributes: Email
- Refresh token: 30 days
- OAuth: Disabled
- Lambda triggers: None
- User Pool Groups: None
- Admin queries API: None
Lambda function (app2f4d22a3b)
- Runtime: Node.js
- Returns authenticated user's Cognito claims (email, sub, auth_time) from the API Gateway request context
- Returns 401 if no claims present
REST API via API Gateway (api3c3877d7)
- Single path: /auth-test
- Backed by the Lambda function above
- Authorization: Cognito User Pool authorizer (JWT-based, not IAM)
- Authenticated users: GET access only
- CORS: Enabled, all origins
Project Identifier
No response
Log output
Details
# Put your logs below this line
Additional information
No response
Before submitting, please confirm:
How did you install the Amplify CLI?
No response
If applicable, what version of Node.js are you using?
No response
Amplify CLI Version
NA
What operating system are you using?
NA
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
NA
Describe the bug
Description:
When migrating a Gen1 Amplify project to Gen2 using amplify gen2-migration generate, the migration tool creates an Identity Pool even though the Gen1 project was configured with "User Sign-Up & Sign-In only" — which provisions only a Cognito User Pool with no Identity Pool.
My Gen1 setup used a Cognito User Pool authorizer on API Gateway - the user signs in, gets a JWT, and passes it in the Authorization header. No IAM credentials needed, no Identity Pool needed.
Expected behavior:
The generated Gen2 code should reflect the original Gen1 auth configuration — a User Pool with no Identity Pool. The defineAuth output should not include an Identity Pool, matching the "User Sign-Up & Sign-In only" selection.
Actual behavior:
The generated backend.ts includes Identity Pool configuration:
This changes the auth architecture from what was originally configured. The Gen1 project used a Cognito User Pool authorizer for the REST API, but the migration switches to IAM authorization, which requires an Identity Pool.
Expected behavior
NA
Reproduction steps
Cognito User Pool (no Identity Pool)Lambda function (app2f4d22a3b)REST API via API Gateway (api3c3877d7)Project Identifier
No response
Log output
Details
Additional information
No response
Before submitting, please confirm: