CLI 12.10+ breaks GraphQL Queries

[teckapps]

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v20.14.0

Amplify CLI Version

12.9.0

What operating system are you using?

macOS 15.1

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No. The only "manual" change I made was overriding my DynamoDB table names using amplify override api. I guess this could be the reason, because the error appends a role name like 'IAfe82d0-2aokgojt5jbq7dzxznmrvbqgwi-dev' to my TableName, just as it would be if I wouldn't use overrides.

Describe the bug

My GraphQL queries break after updating to CLI 12.10 and later (tried up to 12.13).
If I push my project using an CLI version > 12.9 and attempt to perform list or query operations from the client side, I get errors like this:
"User: arn:aws:sts::[ACCOUNT_ID]:assumed-role/PublicFeedbackItemIAfe82d0-2aokgojt5jbq7dzxznmrvbqgwi-dev/APPSYNC_ASSUME_ROLE is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:eu-central-1:[ACCOUNT_ID]:table/PublicFeedbackItem/index/byStatus because no identity-based policy allows the dynamodb:Query action (Service: DynamoDb, Status Code: 400, Request ID: KL839V8TGVEMTOOJUV75SNSOD3VV4KQNSO5AEMVJF66Q9ASUAAJG)"

Expected behavior

My queries should work without the DynamoDB exception error when using a cli version > 12.9

Reproduction steps

1.) Override table names in a current project
2.) Deploy project
3.) Update to cli >= 12.10

Queries fail
4.) Downgrade CLI to 12.9
5.) Deploy
All works as before

I think I created my project about two years ago and never had problems until now.

Project Identifier

DiagnoseReportUploadError
✖ Sending zip

Log output

# Put your logs below this line

Additional information

No response

Before submitting, please confirm:

• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• I have removed any sensitive information from my code snippets and submission.

[sundersc]

@teckapps How are you overriding table names in your project? Please provide same schema of the model and the code block you have to override a table name.

[teckapps]

My schema is split in multiple files. I have e.g. these two files:

PublicSettingsUtilities.graphql

type PublicSetting @model
@auth(rules: [
{ allow: groups, groups: ["admin", "dbmanager"], operations: [create, read, update, delete] },
{ allow: groups, groups: ["appuser"], operations: [read] },
{ allow: public, operations: [read], provider: apiKey }
]) {
id: ID!
valueText: String
titleTextDE: String
titleTextEN: String
textDE: String
textEN: String
stringArrayValue: [String]
numberValue: Float
versionTag: String
notes: String
sortIndex: Int
}

PublicTutorials.graphql

type PublicTutorialTopic @model
@auth(rules: [
{ allow: groups, groups: ["admin", "dbmanager"], operations: [create, read, update, delete] },
{ allow: public, operations: [read], provider: apiKey }
]) {
id: ID!
language: String! @index(name: "byLanguage", sortKeyFields: ["sortIndex"], queryField: "tutorialTopicsByLanguage")
title: String!
descriptionText: String!
sortIndex: Int!
published: Boolean!
tutorialItems: [PublicTutorialItem] @hasmany(indexName: "byTopicID", fields: ["id"])
}

type PublicTutorialItem @model
@auth(rules: [
{ allow: groups, groups: ["admin", "dbmanager"], operations: [create, read, update, delete] },
{ allow: public, operations: [read], provider: apiKey }
]) {
id: ID!
topicID: ID! @index(name: "byTopicID", sortKeyFields: ["sortIndex"], queryField: "tutorialItemsByTopic")
language: String! @index(name: "byLanguage", sortKeyFields: ["sortIndex"], queryField: "tutorialItemsByLanguage")
staticHotLinkIdentifier: String @index(name: "byStaticHotLinkIdentifier", sortKeyFields: ["language"], queryField: "tutorialItemsByStaticHotLinkIdentifier")
title: String!
descriptionText: String!
sortIndex: Int!
published: Boolean!
mediaResourceItems: [PublicTutorialMediaResource] @hasmany(indexName: "byTutorialItemID", fields: ["id"])
}

type PublicTutorialMediaResource @model
@auth(rules: [
{ allow: groups, groups: ["admin", "dbmanager"], operations: [create, read, update, delete] },
{ allow: public, operations: [read], provider: apiKey }
]) {
id: ID!
tutorialItemID: ID! @index(name: "byTutorialItemID", sortKeyFields: ["sortIndex"], queryField: "tutorialResourcesByTutorialItemID")
title: String!
fileName: String!
resourceType: PublicTutorialMediaResourceType!
sortIndex: Int!
published: Boolean!
}

enum PublicTutorialMediaResourceType {
PDF
VIDEO
}

My overrides looks like this

override.ts

import { AmplifyApiGraphQlResourceStackTemplate } from '@aws-amplify/cli-extensibility-helper';

export function override(resources: AmplifyApiGraphQlResourceStackTemplate) {
// Public Settings Utilities
resources.models["PublicSetting"].modelDDBTable.tableName = "PublicSetting"
// Public Tutorials
resources.models["PublicTutorialTopic"].modelDDBTable.tableName = "PublicTutorialTopic"
resources.models["PublicTutorialItem"].modelDDBTable.tableName = "PublicTutorialItem"
resources.models["PublicTutorialMediaResource"].modelDDBTable.tableName = "PublicTutorialMediaResource"
}

[AnilMaktala]

Hi  @teckapps, we are working on reproducing the issue. Could you please run below command and send us the project identifier.
amplify diagnose --send-report.
please refer here

[teckapps]

Hi @AnilMaktala. I'm getting an DiagnoseReportUploadError every time I try. Is there any other way I can send you the .zip file? Or what might be the cause of the 'DiagnoseReportUploadError'? (I haven't found anything in the docs)

amplify diagnose
Learn more at https://docs.amplify.aws/cli/reference/diagnose/
✔ What would you like to do? · Generate report

✅ Report saved: /var/folders/t_/_3hxz6vx7kv0fscmqsdq017w0000gp/T/WineCloud/report-1731440812145.zip

✔ Send Report (y/N) · yes
⠹ Sending zip
DiagnoseReportUploadError
✖ Sending zip

[AnilMaktala]

Hey @teckapps, Are you on Discord by any chance? If so, could you please share your Discord username with me?

[teckapps]

Hey @AnilMaktala, yes. You can find me as danmedia93

[AnilMaktala]

@teckapps I've sent you a message on Discord. Please share the zip file there.