From d6b1f288299c03d8809ccb3bcf8b74129c850e56 Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 15:49:10 -0800
Subject: [PATCH 01/10] feat: ref auth codegen

---
 .../src/auth_render_adapter.ts                |    5 +-
 .../src/auth/source_builder.test.ts           |  121 ++
 .../src/auth/source_builder.ts                |  159 ++-
 .../src/backend/synthesizer.ts                |   26 +-
 packages/amplify-gen2-codegen/src/index.ts    |    1 +
 .../output/amplify/auth/resource.ts           |    6 +
 .../output/amplify/backend.ts                 |    5 +
 .../output/amplify/package.json               |    3 +
 .../output/package.json                       |   16 +
 .../templates/auth/MIGRATION_README.md        |   30 +
 ...reProcessUpdateStackTemplate-rollback.json |  741 +++++++++++
 ...ep1-gen1PreProcessUpdateStackTemplate.json |  741 +++++++++++
 ...esourcesRemovalStackTemplate-rollback.json | 1157 +++++++++++++++++
 ...ep2-gen2ResourcesRemovalStackTemplate.json |  838 ++++++++++++
 .../src/app_auth_definition_fetcher.test.ts   |  211 +++
 .../src/app_auth_definition_fetcher.ts        |   89 +-
 .../amplify-migration/src/command-handlers.ts |    2 +
 17 files changed, 4078 insertions(+), 73 deletions(-)
 create mode 100644 packages/amplify-migration-codegen-e2e/output/amplify/auth/resource.ts
 create mode 100644 packages/amplify-migration-codegen-e2e/output/amplify/backend.ts
 create mode 100644 packages/amplify-migration-codegen-e2e/output/amplify/package.json
 create mode 100644 packages/amplify-migration-codegen-e2e/output/package.json
 create mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/MIGRATION_README.md
 create mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json
 create mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json
 create mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate-rollback.json
 create mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate.json
 create mode 100644 packages/amplify-migration/src/app_auth_definition_fetcher.test.ts

diff --git a/packages/amplify-gen1-codegen-auth-adapter/src/auth_render_adapter.ts b/packages/amplify-gen1-codegen-auth-adapter/src/auth_render_adapter.ts
index df2795bcb38..b324f598bdb 100644
--- a/packages/amplify-gen1-codegen-auth-adapter/src/auth_render_adapter.ts
+++ b/packages/amplify-gen1-codegen-auth-adapter/src/auth_render_adapter.ts
@@ -16,7 +16,7 @@ import {
   LoginOptions,
   Scope,
 } from '@aws-amplify/amplify-gen2-codegen';
-import { AttributeMappingRule } from '@aws-amplify/amplify-gen2-codegen/src/auth/source_builder';
+import { AttributeMappingRule, ReferenceAuth } from '@aws-amplify/amplify-gen2-codegen/src/auth/source_builder';
 import {
   LambdaConfigType,
   IdentityProviderTypeType,
@@ -46,6 +46,7 @@ export interface AuthSynthesizerOptions {
   identityGroups?: GroupType[];
   webClient?: UserPoolClientType;
   authTriggerConnections?: AuthTriggerConnectionSourceMap;
+  referenceAuth?: ReferenceAuth;
   guestLogin?: boolean;
   mfaConfig?: UserPoolMfaType;
   totpConfig?: SoftwareTokenMfaConfigType;
@@ -243,6 +244,7 @@ export const getAuthDefinition = ({
   webClient,
   authTriggerConnections,
   guestLogin,
+  referenceAuth,
   mfaConfig,
   totpConfig,
 }: AuthSynthesizerOptions): AuthDefinition => {
@@ -360,5 +362,6 @@ export const getAuthDefinition = ({
     oAuthFlows: webClient?.AllowedOAuthFlows,
     readAttributes: webClient?.ReadAttributes,
     writeAttributes: webClient?.WriteAttributes,
+    referenceAuth,
   };
 };
diff --git a/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts b/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
index b130bb9c03a..4d9addd44c1 100644
--- a/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
+++ b/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
@@ -6,6 +6,7 @@ import {
   AuthDefinition,
   AuthTriggerEvents,
   EmailOptions,
+  ReferenceAuth,
   renderAuthNode,
   UserPoolMfaConfig,
 } from './source_builder';
@@ -375,5 +376,125 @@ describe('render auth node', () => {
       const source = printNodeArray(node);
       assert.match(source, /defineAuth\(\{[\s\S]*attributeMapping:\s\{[\s\S]*fullname:\s"name"/);
     });
+    describe('phone', () => {
+      it('renders `phone: true`', () => {
+        const authDefinition: AuthDefinition = {
+          loginOptions: {
+            phone: true,
+          },
+        };
+        const node = renderAuthNode(authDefinition);
+        const source = printNodeArray(node);
+        assert.match(source, /defineAuth\(\{\s+loginWith:\s+\{\s+phone:\s?true\s+\}\s+\}\)/);
+      });
+    });
+    describe('OAuth scopes', () => {
+      it('renders oauth scopes', () => {
+        const authDefinition: AuthDefinition = {
+          loginOptions: {
+            googleLogin: true,
+            scopes: ['EMAIL', 'OPENID'],
+          },
+        };
+        const node = renderAuthNode(authDefinition);
+        const source = printNodeArray(node);
+        assert.match(source, /defineAuth\(\{[\s\S]*scopes:\s\["EMAIL",\s"OPENID"\]/);
+      });
+      it('renders no oauth scopes if not passed', () => {
+        const authDefinition: AuthDefinition = {
+          loginOptions: {},
+        };
+        const node = renderAuthNode(authDefinition);
+        const source = printNodeArray(node);
+        assert.doesNotMatch(source, /scopes:/);
+      });
+    });
+    it('renders attributeMapping if passed along with Google login', () => {
+      const authDefinition: AuthDefinition = {
+        loginOptions: {
+          googleLogin: true,
+          googleAttributes: { fullname: 'name' } as AttributeMappingRule,
+        },
+      };
+      const node = renderAuthNode(authDefinition);
+      const source = printNodeArray(node);
+      assert.match(source, /defineAuth\(\{[\s\S]*attributeMapping:\s\{[\s\S]*fullname:\s"name"/);
+    });
+  });
+  describe('reference auth', () => {
+    it(`renders successfully for imported userpool`, () => {
+      const referenceAuthProps: ReferenceAuth = {
+        userPoolId: 'userPoolId',
+        userPoolClientId: 'userPoolClientId',
+        groups: {
+          Admin: 'AdminRoleARN',
+          ReadOnly: 'ReadOnlyRoleARN',
+        },
+      };
+      const authDefinition: AuthDefinition = {
+        referenceAuth: referenceAuthProps,
+      };
+      const node = renderAuthNode(authDefinition);
+      const source = printNodeArray(node);
+      assert.match(source, /referenceAuth/);
+      assert.match(source, /userPoolId: "userPoolId"/);
+      assert.match(source, /userPoolClientId: "userPoolClientId"/);
+      assert.match(source, /groups:/);
+      assert.match(source, /Admin: "AdminRoleARN"/);
+      assert.match(source, /ReadOnly: "ReadOnlyRoleARN"/);
+      assert.doesNotMatch(source, /identityPoolId: "identityPoolId"/);
+      assert.doesNotMatch(source, /authRoleArn: "authRoleArn"/);
+      assert.doesNotMatch(source, /unauthRoleArn: "unauthRoleArn"/);
+    });
+
+    it(`renders successfully for imported identity pool`, () => {
+      const referenceAuthProps: ReferenceAuth = {
+        identityPoolId: 'identityPoolId',
+        authRoleArn: 'authRoleArn',
+        unauthRoleArn: 'unauthRoleArn',
+      };
+      const authDefinition: AuthDefinition = {
+        referenceAuth: referenceAuthProps,
+      };
+      const node = renderAuthNode(authDefinition);
+      const source = printNodeArray(node);
+      assert.match(source, /referenceAuth/);
+      assert.match(source, /identityPoolId: "identityPoolId"/);
+      assert.match(source, /authRoleArn: "authRoleArn"/);
+      assert.match(source, /unauthRoleArn: "unauthRoleArn"/);
+      assert.doesNotMatch(source, /userPoolId: "userPoolId"/);
+      assert.doesNotMatch(source, /userPoolClientId: "userPoolClientId"/);
+      assert.doesNotMatch(source, /groups:/);
+      assert.doesNotMatch(source, /Admin: "AdminRoleARN"/);
+      assert.doesNotMatch(source, /ReadOnly: "ReadOnlyRoleARN"/);
+    });
+
+    it(`renders successfully for imported userpool and identity pool`, () => {
+      const referenceAuthProps: ReferenceAuth = {
+        userPoolId: 'userPoolId',
+        userPoolClientId: 'userPoolClientId',
+        identityPoolId: 'identityPoolId',
+        authRoleArn: 'authRoleArn',
+        unauthRoleArn: 'unauthRoleArn',
+        groups: {
+          Admin: 'AdminRoleARN',
+          ReadOnly: 'ReadOnlyRoleARN',
+        },
+      };
+      const authDefinition: AuthDefinition = {
+        referenceAuth: referenceAuthProps,
+      };
+      const node = renderAuthNode(authDefinition);
+      const source = printNodeArray(node);
+      assert.match(source, /referenceAuth/);
+      assert.match(source, /userPoolId: "userPoolId"/);
+      assert.match(source, /userPoolClientId: "userPoolClientId"/);
+      assert.match(source, /identityPoolId: "identityPoolId"/);
+      assert.match(source, /authRoleArn: "authRoleArn"/);
+      assert.match(source, /unauthRoleArn: "unauthRoleArn"/);
+      assert.match(source, /groups:/);
+      assert.match(source, /Admin: "AdminRoleARN"/);
+      assert.match(source, /ReadOnly: "ReadOnlyRoleARN"/);
+    });
   });
 });
diff --git a/packages/amplify-gen2-codegen/src/auth/source_builder.ts b/packages/amplify-gen2-codegen/src/auth/source_builder.ts
index eb7820fe0db..c464088a72f 100644
--- a/packages/amplify-gen2-codegen/src/auth/source_builder.ts
+++ b/packages/amplify-gen2-codegen/src/auth/source_builder.ts
@@ -128,6 +128,15 @@ export type AuthTriggerEvents =
   | 'userMigration'
   | 'verifyAuthChallengeResponse';
 
+export type ReferenceAuth = {
+  userPoolId?: string;
+  identityPoolId?: string;
+  authRoleArn?: string;
+  unauthRoleArn?: string;
+  userPoolClientId?: string;
+  groups?: Record<string, string>;
+};
+
 export interface AuthDefinition {
   loginOptions?: LoginOptions;
   groups?: Group[];
@@ -141,6 +150,7 @@ export interface AuthDefinition {
   oAuthFlows?: string[];
   readAttributes?: string[];
   writeAttributes?: string[];
+  referenceAuth?: ReferenceAuth;
 }
 
 const factory = ts.factory;
@@ -462,85 +472,114 @@ const createUserAttributeAssignments = (
 
 export function renderAuthNode(definition: AuthDefinition): ts.NodeArray<ts.Node> {
   const namedImports: { [importedPackageName: string]: Set<string> } = { '@aws-amplify/backend': new Set() };
-  namedImports['@aws-amplify/backend'].add('defineAuth');
-  const defineAuthProperties: Array<PropertyAssignment> = [];
   const secretErrors: ts.Node[] = [];
+  let backendFunctionConstruct: string;
+  let functionCallParameter: ts.ObjectLiteralExpression;
+  const refAuth = definition.referenceAuth;
+  if (refAuth) {
+    const referenceAuthProperties: Array<PropertyAssignment> = [];
+    backendFunctionConstruct = 'referenceAuth';
+    namedImports['@aws-amplify/backend'].add('referenceAuth');
+    for (const [key, value] of Object.entries(refAuth)) {
+      if (value) {
+        referenceAuthProperties.push(
+          factory.createPropertyAssignment(
+            factory.createIdentifier(key),
+            typeof value === 'object'
+              ? factory.createObjectLiteralExpression(
+                  Object.entries(value).map(([_key, _value]) =>
+                    factory.createPropertyAssignment(factory.createIdentifier(_key), factory.createStringLiteral(_value)),
+                  ),
+                  true,
+                )
+              : factory.createStringLiteral(value),
+          ),
+        );
+      }
+    }
+    functionCallParameter = factory.createObjectLiteralExpression(referenceAuthProperties, true);
+  } else {
+    namedImports['@aws-amplify/backend'].add('defineAuth');
+    const defineAuthProperties: Array<PropertyAssignment> = [];
+    backendFunctionConstruct = 'defineAuth';
 
-  const logInWithPropertyAssignment = createLogInWithPropertyAssignment(definition.loginOptions, secretErrors);
-  defineAuthProperties.push(logInWithPropertyAssignment);
-
-  if (definition.customUserAttributes || definition.standardUserAttributes) {
-    defineAuthProperties.push(createUserAttributeAssignments(definition.standardUserAttributes, definition.customUserAttributes));
-  }
+    const logInWithPropertyAssignment = createLogInWithPropertyAssignment(definition.loginOptions, secretErrors);
+    defineAuthProperties.push(logInWithPropertyAssignment);
 
-  if (definition.groups?.length) {
-    defineAuthProperties.push(
-      factory.createPropertyAssignment(
-        factory.createIdentifier('groups'),
-        factory.createArrayLiteralExpression(definition.groups.map((g) => factory.createStringLiteral(g))),
-      ),
-    );
-  }
-
-  const hasFunctions = definition.lambdaTriggers && Object.keys(definition.lambdaTriggers).length > 0;
-  const { loginOptions } = definition;
-  if (
-    loginOptions?.appleLogin ||
-    loginOptions?.amazonLogin ||
-    loginOptions?.googleLogin ||
-    loginOptions?.facebookLogin ||
-    (loginOptions?.oidcLogin && loginOptions.oidcLogin.length > 0) ||
-    loginOptions?.samlLogin
-  ) {
-    namedImports['@aws-amplify/backend'].add('secret');
-  }
-  if (hasFunctions) {
-    assert(definition.lambdaTriggers);
-    defineAuthProperties.push(createTriggersProperty(definition.lambdaTriggers));
-    for (const value of Object.values(definition.lambdaTriggers)) {
-      const functionName = value.source.split('/')[3];
-      if (!namedImports[`./${functionName}/resource`]) {
-        namedImports[`./${functionName}/resource`] = new Set();
-      }
-      namedImports[`./${functionName}/resource`].add(functionName);
+    if (definition.customUserAttributes || definition.standardUserAttributes) {
+      defineAuthProperties.push(createUserAttributeAssignments(definition.standardUserAttributes, definition.customUserAttributes));
     }
-  }
-  if (definition.mfa) {
-    const multifactorProperties = [
-      factory.createPropertyAssignment(factory.createIdentifier('mode'), factory.createStringLiteral(definition.mfa.mode)),
-    ];
 
-    if (definition.mfa.totp !== undefined) {
-      multifactorProperties.push(
+    if (definition.groups?.length) {
+      defineAuthProperties.push(
         factory.createPropertyAssignment(
-          factory.createIdentifier('totp'),
-          definition.mfa.totp ? factory.createTrue() : factory.createFalse(),
+          factory.createIdentifier('groups'),
+          factory.createArrayLiteralExpression(definition.groups.map((g) => factory.createStringLiteral(g))),
         ),
       );
     }
 
-    if (definition.mfa.sms !== undefined) {
-      multifactorProperties.push(
+    const hasFunctions = definition.lambdaTriggers && Object.keys(definition.lambdaTriggers).length > 0;
+    const { loginOptions } = definition;
+    if (
+      loginOptions?.appleLogin ||
+      loginOptions?.amazonLogin ||
+      loginOptions?.googleLogin ||
+      loginOptions?.facebookLogin ||
+      (loginOptions?.oidcLogin && loginOptions.oidcLogin.length > 0) ||
+      loginOptions?.samlLogin
+    ) {
+      namedImports['@aws-amplify/backend'].add('secret');
+    }
+    if (hasFunctions) {
+      assert(definition.lambdaTriggers);
+      defineAuthProperties.push(createTriggersProperty(definition.lambdaTriggers));
+      for (const value of Object.values(definition.lambdaTriggers)) {
+        const functionName = value.source.split('/')[3];
+        if (!namedImports[`./${functionName}/resource`]) {
+          namedImports[`./${functionName}/resource`] = new Set();
+        }
+        namedImports[`./${functionName}/resource`].add(functionName);
+      }
+    }
+    if (definition.mfa) {
+      const multifactorProperties = [
+        factory.createPropertyAssignment(factory.createIdentifier('mode'), factory.createStringLiteral(definition.mfa.mode)),
+      ];
+
+      if (definition.mfa.totp !== undefined) {
+        multifactorProperties.push(
+          factory.createPropertyAssignment(
+            factory.createIdentifier('totp'),
+            definition.mfa.totp ? factory.createTrue() : factory.createFalse(),
+          ),
+        );
+      }
+
+      if (definition.mfa.sms !== undefined) {
+        multifactorProperties.push(
+          factory.createPropertyAssignment(
+            factory.createIdentifier('sms'),
+            definition.mfa.sms ? factory.createTrue() : factory.createFalse(),
+          ),
+        );
+      }
+
+      defineAuthProperties.push(
         factory.createPropertyAssignment(
-          factory.createIdentifier('sms'),
-          definition.mfa.sms ? factory.createTrue() : factory.createFalse(),
+          factory.createIdentifier('multifactor'),
+          factory.createObjectLiteralExpression(multifactorProperties, true),
         ),
       );
     }
-
-    defineAuthProperties.push(
-      factory.createPropertyAssignment(
-        factory.createIdentifier('multifactor'),
-        factory.createObjectLiteralExpression(multifactorProperties, true),
-      ),
-    );
+    functionCallParameter = factory.createObjectLiteralExpression(defineAuthProperties, true);
   }
 
   return renderResourceTsFile({
     exportedVariableName: factory.createIdentifier('auth'),
-    functionCallParameter: factory.createObjectLiteralExpression(defineAuthProperties, true),
+    functionCallParameter,
     additionalImportedBackendIdentifiers: namedImports,
-    backendFunctionConstruct: 'defineAuth',
+    backendFunctionConstruct,
     postImportStatements: secretErrors,
   });
 }
diff --git a/packages/amplify-gen2-codegen/src/backend/synthesizer.ts b/packages/amplify-gen2-codegen/src/backend/synthesizer.ts
index 553d6b4c6aa..4e2a577fe49 100644
--- a/packages/amplify-gen2-codegen/src/backend/synthesizer.ts
+++ b/packages/amplify-gen2-codegen/src/backend/synthesizer.ts
@@ -9,7 +9,7 @@ import ts, {
   ImportDeclaration,
   VariableStatement,
 } from 'typescript';
-import { PolicyOverrides } from '../auth/source_builder.js';
+import { PolicyOverrides, ReferenceAuth } from '../auth/source_builder.js';
 import { BucketAccelerateStatus, BucketVersioningStatus } from '@aws-sdk/client-s3';
 import { AccessPatterns, ServerSideEncryptionConfiguration } from '../storage/source_builder.js';
 import assert from 'assert';
@@ -26,6 +26,7 @@ export interface BackendRenderParameters {
     oAuthFlows?: string[];
     readAttributes?: string[];
     writeAttributes?: string[];
+    referenceAuth?: ReferenceAuth;
   };
   storage?: {
     importFrom: string;
@@ -206,7 +207,7 @@ export class BackendSynthesizer {
       factory.createVariableDeclarationList([backendVariable], ts.NodeFlags.Const),
     );
 
-    if (renderArgs.auth?.userPoolOverrides) {
+    if (renderArgs.auth?.userPoolOverrides && !renderArgs?.auth?.referenceAuth) {
       const cfnUserPoolVariableStatement = this.createVariableStatement(
         this.createVariableDeclaration('cfnUserPool', 'auth.resources.cfnResources.cfnUserPool'),
       );
@@ -233,7 +234,7 @@ export class BackendSynthesizer {
       );
     }
 
-    if (renderArgs.auth?.guestLogin === false || renderArgs.auth?.identityPoolName) {
+    if (renderArgs.auth?.guestLogin === false || (renderArgs.auth?.identityPoolName && !renderArgs?.auth?.referenceAuth)) {
       const cfnIdentityPoolVariableStatement = this.createVariableStatement(
         this.createVariableDeclaration('cfnIdentityPool', 'auth.resources.cfnResources.cfnIdentityPool'),
       );
@@ -248,7 +249,10 @@ export class BackendSynthesizer {
       }
     }
 
-    if (renderArgs.auth?.oAuthFlows || renderArgs.auth?.readAttributes || renderArgs.auth?.writeAttributes) {
+    if (
+      (renderArgs.auth?.oAuthFlows || renderArgs.auth?.readAttributes || renderArgs.auth?.writeAttributes) &&
+      !renderArgs?.auth?.referenceAuth
+    ) {
       const cfnUserPoolClientVariableStatement = this.createVariableStatement(
         this.createVariableDeclaration('cfnUserPoolClient', 'auth.resources.cfnResources.cfnUserPoolClient'),
       );
@@ -274,7 +278,7 @@ export class BackendSynthesizer {
       }
     }
 
-    if (renderArgs.auth?.writeAttributes) {
+    if (renderArgs.auth?.writeAttributes && !renderArgs?.auth?.referenceAuth) {
       nodes.push(
         this.setPropertyValue(
           factory.createIdentifier('cfnUserPoolClient'),
@@ -384,12 +388,12 @@ export class BackendSynthesizer {
                                     renderArgs.storage.bucketEncryptionAlgorithm.serverSideEncryptionByDefault.SSEAlgorithm!,
                                   ),
                                 ),
-                                factory.createPropertyAssignment(
-                                  factory.createIdentifier('kmsMasterKeyId'),
-                                  factory.createStringLiteral(
-                                    renderArgs.storage.bucketEncryptionAlgorithm.serverSideEncryptionByDefault.KMSMasterKeyID!,
-                                  ),
-                                ),
+                                // factory.createPropertyAssignment(
+                                //   factory.createIdentifier('kmsMasterKeyId'),
+                                //   factory.createStringLiteral(
+                                //     renderArgs.storage.bucketEncryptionAlgorithm.serverSideEncryptionByDefault.KMSMasterKeyID!,
+                                //   ),
+                                // ),
                               ],
                               true,
                             ),
diff --git a/packages/amplify-gen2-codegen/src/index.ts b/packages/amplify-gen2-codegen/src/index.ts
index 0c145246750..e6957b0152e 100644
--- a/packages/amplify-gen2-codegen/src/index.ts
+++ b/packages/amplify-gen2-codegen/src/index.ts
@@ -148,6 +148,7 @@ export const createGen2Renderer = ({
       oAuthFlows: auth?.oAuthFlows,
       readAttributes: auth?.readAttributes,
       writeAttributes: auth?.writeAttributes,
+      referenceAuth: auth?.referenceAuth,
     };
   }
 
diff --git a/packages/amplify-migration-codegen-e2e/output/amplify/auth/resource.ts b/packages/amplify-migration-codegen-e2e/output/amplify/auth/resource.ts
new file mode 100644
index 00000000000..6179d6e03dd
--- /dev/null
+++ b/packages/amplify-migration-codegen-e2e/output/amplify/auth/resource.ts
@@ -0,0 +1,6 @@
+import { defineAuth } from '@aws-amplify/backend';
+export const auth = defineAuth({
+  loginWith: {
+    email: true,
+  },
+});
diff --git a/packages/amplify-migration-codegen-e2e/output/amplify/backend.ts b/packages/amplify-migration-codegen-e2e/output/amplify/backend.ts
new file mode 100644
index 00000000000..8f3471375a8
--- /dev/null
+++ b/packages/amplify-migration-codegen-e2e/output/amplify/backend.ts
@@ -0,0 +1,5 @@
+import { auth } from './auth/resource';
+import { defineBackend } from '@aws-amplify/backend';
+const backend = defineBackend({
+  auth,
+});
diff --git a/packages/amplify-migration-codegen-e2e/output/amplify/package.json b/packages/amplify-migration-codegen-e2e/output/amplify/package.json
new file mode 100644
index 00000000000..aead43de364
--- /dev/null
+++ b/packages/amplify-migration-codegen-e2e/output/amplify/package.json
@@ -0,0 +1,3 @@
+{
+  "type": "module"
+}
\ No newline at end of file
diff --git a/packages/amplify-migration-codegen-e2e/output/package.json b/packages/amplify-migration-codegen-e2e/output/package.json
new file mode 100644
index 00000000000..74a57caa2a1
--- /dev/null
+++ b/packages/amplify-migration-codegen-e2e/output/package.json
@@ -0,0 +1,16 @@
+{
+  "name": "my-gen2-app",
+  "devDependencies": {
+    "@aws-amplify/backend": "*",
+    "@aws-amplify/backend-cli": "*",
+    "aws-cdk": "*",
+    "aws-cdk-lib": "*",
+    "constructs": "*",
+    "esbuild": "*",
+    "tsx": "*",
+    "typescript": "*"
+  },
+  "dependencies": {
+    "aws-amplify": "*"
+  }
+}
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/MIGRATION_README.md b/packages/amplify-migration/.amplify/migration/templates/auth/MIGRATION_README.md
new file mode 100644
index 00000000000..546076e2c7a
--- /dev/null
+++ b/packages/amplify-migration/.amplify/migration/templates/auth/MIGRATION_README.md
@@ -0,0 +1,30 @@
+## Stack refactor steps for auth category
+### STEP 1: UPDATE GEN-1 AUTH STACK
+It is a non-disruptive update since the template only replaces resource references with their resolved values. This is a required step to execute cloudformation stack refactor later.
+```
+aws cloudformation update-stack \
+ --stack-name amplify-testauth-dev-36113-authtestauth94a32e09-10D2TA5P5OHDH \
+ --template-body file://.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json \
+ --parameters '[{"ParameterKey":"hostedUIDomainName","ParameterValue":"testauth5cb39772-5cb39772"},{"ParameterKey":"authRoleArn","ParameterValue":"arn:aws:iam::517770102601:role/amplify-testauth-dev-36113-authRole"},{"ParameterKey":"authProviders","ParameterValue":""},{"ParameterKey":"autoVerifiedAttributes","ParameterValue":"email"},{"ParameterKey":"allowUnauthenticatedIdentities","ParameterValue":"false"},{"ParameterKey":"hostedUI","ParameterValue":"true"},{"ParameterKey":"smsVerificationMessage","ParameterValue":"Your verification code is {####}"},{"ParameterKey":"userpoolClientReadAttributes","ParameterValue":"email"},{"ParameterKey":"breakCircularDependency","ParameterValue":"true"},{"ParameterKey":"oAuthMetadata","ParameterValue":"{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"http://localhost:3000/signout/\"]}"},{"ParameterKey":"mfaTypes","ParameterValue":"SMS Text Message"},{"ParameterKey":"emailVerificationSubject","ParameterValue":"Your verification code"},{"ParameterKey":"sharedId","ParameterValue":"94a32e09"},{"ParameterKey":"useDefault","ParameterValue":"defaultSocial"},{"ParameterKey":"userpoolClientGenerateSecret","ParameterValue":"false"},{"ParameterKey":"mfaConfiguration","ParameterValue":"OFF"},{"ParameterKey":"identityPoolName","ParameterValue":"testauth94a32e09_identitypool_94a32e09"},{"ParameterKey":"authProvidersUserPool","ParameterValue":"Facebook"},{"ParameterKey":"userPoolGroupList","ParameterValue":""},{"ParameterKey":"authSelections","ParameterValue":"identityPoolAndUserPool"},{"ParameterKey":"resourceNameTruncated","ParameterValue":"testau94a32e09"},{"ParameterKey":"smsAuthenticationMessage","ParameterValue":"Your authentication code is {####}"},{"ParameterKey":"passwordPolicyMinLength","ParameterValue":"8"},{"ParameterKey":"userPoolName","ParameterValue":"testauth94a32e09_userpool_94a32e09"},{"ParameterKey":"hostedUIProviderMeta","ParameterValue":"[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"id\"}}]"},{"ParameterKey":"userpoolClientWriteAttributes","ParameterValue":"email"},{"ParameterKey":"dependsOn","ParameterValue":""},{"ParameterKey":"useEnabledMfas","ParameterValue":"true"},{"ParameterKey":"usernameCaseSensitive","ParameterValue":"false"},{"ParameterKey":"resourceName","ParameterValue":"testauth94a32e09"},{"ParameterKey":"env","ParameterValue":"dev"},{"ParameterKey":"serviceName","ParameterValue":"Cognito"},{"ParameterKey":"emailVerificationMessage","ParameterValue":"Your verification code is {####}"},{"ParameterKey":"userpoolClientRefreshTokenValidity","ParameterValue":"30"},{"ParameterKey":"userpoolClientSetAttributes","ParameterValue":"false"},{"ParameterKey":"unauthRoleArn","ParameterValue":"arn:aws:iam::517770102601:role/amplify-testauth-dev-36113-unauthRole"},{"ParameterKey":"requiredAttributes","ParameterValue":"email"},{"ParameterKey":"passwordPolicyCharacters","ParameterValue":""},{"ParameterKey":"aliasAttributes","ParameterValue":""},{"ParameterKey":"userpoolClientLambdaRole","ParameterValue":"testau94a32e09_userpoolclient_lambda_role"},{"ParameterKey":"defaultPasswordPolicy","ParameterValue":"false"},{"ParameterKey":"hostedUIProviderCreds","ParameterValue":"****"}]' \
+ --capabilities CAPABILITY_NAMED_IAM
+ ```
+ 
+  ```
+aws cloudformation describe-stacks \
+ --stack-name amplify-testauth-dev-36113-authtestauth94a32e09-10D2TA5P5OHDH
+ ```
+ 
+ #### Rollback step:
+ ```
+ aws cloudformation update-stack \
+ --stack-name amplify-testauth-dev-36113-authtestauth94a32e09-10D2TA5P5OHDH \
+ --template-body file://.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json
+ --parameters '[{"ParameterKey":"hostedUIDomainName","ParameterValue":"testauth5cb39772-5cb39772"},{"ParameterKey":"authRoleArn","ParameterValue":"arn:aws:iam::517770102601:role/amplify-testauth-dev-36113-authRole"},{"ParameterKey":"authProviders","ParameterValue":""},{"ParameterKey":"autoVerifiedAttributes","ParameterValue":"email"},{"ParameterKey":"allowUnauthenticatedIdentities","ParameterValue":"false"},{"ParameterKey":"hostedUI","ParameterValue":"true"},{"ParameterKey":"smsVerificationMessage","ParameterValue":"Your verification code is {####}"},{"ParameterKey":"userpoolClientReadAttributes","ParameterValue":"email"},{"ParameterKey":"breakCircularDependency","ParameterValue":"true"},{"ParameterKey":"oAuthMetadata","ParameterValue":"{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"http://localhost:3000/signout/\"]}"},{"ParameterKey":"mfaTypes","ParameterValue":"SMS Text Message"},{"ParameterKey":"emailVerificationSubject","ParameterValue":"Your verification code"},{"ParameterKey":"sharedId","ParameterValue":"94a32e09"},{"ParameterKey":"useDefault","ParameterValue":"defaultSocial"},{"ParameterKey":"userpoolClientGenerateSecret","ParameterValue":"false"},{"ParameterKey":"mfaConfiguration","ParameterValue":"OFF"},{"ParameterKey":"identityPoolName","ParameterValue":"testauth94a32e09_identitypool_94a32e09"},{"ParameterKey":"authProvidersUserPool","ParameterValue":"Facebook"},{"ParameterKey":"userPoolGroupList","ParameterValue":""},{"ParameterKey":"authSelections","ParameterValue":"identityPoolAndUserPool"},{"ParameterKey":"resourceNameTruncated","ParameterValue":"testau94a32e09"},{"ParameterKey":"smsAuthenticationMessage","ParameterValue":"Your authentication code is {####}"},{"ParameterKey":"passwordPolicyMinLength","ParameterValue":"8"},{"ParameterKey":"userPoolName","ParameterValue":"testauth94a32e09_userpool_94a32e09"},{"ParameterKey":"hostedUIProviderMeta","ParameterValue":"[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"id\"}}]"},{"ParameterKey":"userpoolClientWriteAttributes","ParameterValue":"email"},{"ParameterKey":"dependsOn","ParameterValue":""},{"ParameterKey":"useEnabledMfas","ParameterValue":"true"},{"ParameterKey":"usernameCaseSensitive","ParameterValue":"false"},{"ParameterKey":"resourceName","ParameterValue":"testauth94a32e09"},{"ParameterKey":"env","ParameterValue":"dev"},{"ParameterKey":"serviceName","ParameterValue":"Cognito"},{"ParameterKey":"emailVerificationMessage","ParameterValue":"Your verification code is {####}"},{"ParameterKey":"userpoolClientRefreshTokenValidity","ParameterValue":"30"},{"ParameterKey":"userpoolClientSetAttributes","ParameterValue":"false"},{"ParameterKey":"unauthRoleArn","ParameterValue":"arn:aws:iam::517770102601:role/amplify-testauth-dev-36113-unauthRole"},{"ParameterKey":"requiredAttributes","ParameterValue":"email"},{"ParameterKey":"passwordPolicyCharacters","ParameterValue":""},{"ParameterKey":"aliasAttributes","ParameterValue":""},{"ParameterKey":"userpoolClientLambdaRole","ParameterValue":"testau94a32e09_userpoolclient_lambda_role"},{"ParameterKey":"defaultPasswordPolicy","ParameterValue":"false"},{"ParameterKey":"hostedUIProviderCreds","ParameterValue":"****"}]' \
+ --capabilities CAPABILITY_NAMED_IAM
+ ```
+ 
+  ```
+aws cloudformation describe-stacks \
+ --stack-name amplify-testauth-dev-36113-authtestauth94a32e09-10D2TA5P5OHDH
+ ```
+ 
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json b/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json
new file mode 100644
index 00000000000..dfced517b39
--- /dev/null
+++ b/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json
@@ -0,0 +1,741 @@
+{
+  "Description": "Amplify Cognito Stack for AWS Amplify CLI",
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Parameters": {
+    "env": {
+      "Type": "String"
+    },
+    "identityPoolName": {
+      "Type": "String"
+    },
+    "allowUnauthenticatedIdentities": {
+      "Type": "String"
+    },
+    "resourceNameTruncated": {
+      "Type": "String"
+    },
+    "userPoolName": {
+      "Type": "String"
+    },
+    "autoVerifiedAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "mfaConfiguration": {
+      "Type": "String"
+    },
+    "mfaTypes": {
+      "Type": "CommaDelimitedList"
+    },
+    "smsAuthenticationMessage": {
+      "Type": "String"
+    },
+    "smsVerificationMessage": {
+      "Type": "String"
+    },
+    "emailVerificationSubject": {
+      "Type": "String"
+    },
+    "emailVerificationMessage": {
+      "Type": "String"
+    },
+    "defaultPasswordPolicy": {
+      "Type": "String"
+    },
+    "passwordPolicyMinLength": {
+      "Type": "String"
+    },
+    "passwordPolicyCharacters": {
+      "Type": "CommaDelimitedList"
+    },
+    "requiredAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "aliasAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "userpoolClientGenerateSecret": {
+      "Type": "String"
+    },
+    "userpoolClientRefreshTokenValidity": {
+      "Type": "String"
+    },
+    "userpoolClientWriteAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "userpoolClientReadAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "userpoolClientLambdaRole": {
+      "Type": "String"
+    },
+    "userpoolClientSetAttributes": {
+      "Type": "String"
+    },
+    "sharedId": {
+      "Type": "String"
+    },
+    "resourceName": {
+      "Type": "String"
+    },
+    "authSelections": {
+      "Type": "String"
+    },
+    "useDefault": {
+      "Type": "String"
+    },
+    "userPoolGroupList": {
+      "Type": "CommaDelimitedList"
+    },
+    "serviceName": {
+      "Type": "String"
+    },
+    "usernameCaseSensitive": {
+      "Type": "String"
+    },
+    "useEnabledMfas": {
+      "Type": "String"
+    },
+    "authRoleArn": {
+      "Type": "String"
+    },
+    "unauthRoleArn": {
+      "Type": "String"
+    },
+    "breakCircularDependency": {
+      "Type": "String"
+    },
+    "dependsOn": {
+      "Type": "CommaDelimitedList"
+    },
+    "hostedUI": {
+      "Type": "String"
+    },
+    "hostedUIDomainName": {
+      "Type": "String"
+    },
+    "authProvidersUserPool": {
+      "Type": "CommaDelimitedList"
+    },
+    "hostedUIProviderMeta": {
+      "Type": "String"
+    },
+    "oAuthMetadata": {
+      "Type": "String"
+    },
+    "authProviders": {
+      "Type": "CommaDelimitedList"
+    },
+    "hostedUIProviderCreds": {
+      "Type": "String",
+      "NoEcho": true
+    }
+  },
+  "Conditions": {
+    "ShouldNotCreateEnvResources": {
+      "Fn::Equals": [
+        {
+          "Ref": "env"
+        },
+        "NONE"
+      ]
+    }
+  },
+  "Resources": {
+    "UserPool": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AutoVerifiedAttributes": [
+          "email"
+        ],
+        "EmailVerificationMessage": {
+          "Ref": "emailVerificationMessage"
+        },
+        "EmailVerificationSubject": {
+          "Ref": "emailVerificationSubject"
+        },
+        "MfaConfiguration": {
+          "Ref": "mfaConfiguration"
+        },
+        "Policies": {
+          "PasswordPolicy": {
+            "MinimumLength": {
+              "Ref": "passwordPolicyMinLength"
+            },
+            "RequireLowercase": false,
+            "RequireNumbers": false,
+            "RequireSymbols": false,
+            "RequireUppercase": false
+          }
+        },
+        "Schema": [
+          {
+            "Mutable": true,
+            "Name": "email",
+            "Required": true
+          }
+        ],
+        "UserAttributeUpdateSettings": {
+          "AttributesRequireVerificationBeforeUpdate": [
+            "email"
+          ]
+        },
+        "UserPoolName": {
+          "Fn::Join": [
+            "",
+            [
+              {
+                "Ref": "userPoolName"
+              },
+              "-",
+              {
+                "Ref": "env"
+              }
+            ]
+          ]
+        },
+        "UsernameConfiguration": {
+          "CaseSensitive": false
+        }
+      }
+    },
+    "UserPoolClientWeb": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "AllowedOAuthFlows": [
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "phone",
+          "email",
+          "openid",
+          "profile",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "http://localhost:3000/"
+        ],
+        "ClientName": "testau94a32e09_app_clientWeb",
+        "LogoutURLs": [
+          "http://localhost:3000/signout/"
+        ],
+        "RefreshTokenValidity": {
+          "Ref": "userpoolClientRefreshTokenValidity"
+        },
+        "SupportedIdentityProviders": [
+          "Facebook",
+          "COGNITO"
+        ],
+        "TokenValidityUnits": {
+          "RefreshToken": "days"
+        },
+        "UserPoolId": {
+          "Ref": "UserPool"
+        }
+      },
+      "DependsOn": [
+        "UserPool"
+      ]
+    },
+    "UserPoolClient": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "AllowedOAuthFlows": [
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "phone",
+          "email",
+          "openid",
+          "profile",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "http://localhost:3000/"
+        ],
+        "ClientName": "testau94a32e09_app_client",
+        "GenerateSecret": {
+          "Ref": "userpoolClientGenerateSecret"
+        },
+        "LogoutURLs": [
+          "http://localhost:3000/signout/"
+        ],
+        "RefreshTokenValidity": {
+          "Ref": "userpoolClientRefreshTokenValidity"
+        },
+        "SupportedIdentityProviders": [
+          "Facebook",
+          "COGNITO"
+        ],
+        "TokenValidityUnits": {
+          "RefreshToken": "days"
+        },
+        "UserPoolId": {
+          "Ref": "UserPool"
+        }
+      },
+      "DependsOn": [
+        "HostedUIProvidersCustomResourceInputs"
+      ]
+    },
+    "UserPoolClientRole": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              },
+              "Action": "sts:AssumeRole"
+            }
+          ]
+        },
+        "RoleName": {
+          "Fn::Join": [
+            "",
+            [
+              "upClientLambdaRole94a32e09",
+              {
+                "Fn::Select": [
+                  3,
+                  {
+                    "Fn::Split": [
+                      "-",
+                      {
+                        "Ref": "AWS::StackName"
+                      }
+                    ]
+                  }
+                ]
+              },
+              "-",
+              {
+                "Ref": "env"
+              }
+            ]
+          ]
+        }
+      }
+    },
+    "HostedUICustomResource": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "ZipFile": "const response = require('cfn-response');\nconst {\n  CognitoIdentityProviderClient,\n  CreateUserPoolDomainCommand,\n  DeleteUserPoolDomainCommand,\n  DescribeUserPoolCommand,\n  DescribeUserPoolDomainCommand,\n} = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n  // Don't return promise, response.send() marks context as done internally\n  void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n  try {\n    await handleEvent(event);\n    response.send(event, context, response.SUCCESS, {});\n  } catch (err) {\n    console.log(err);\n    response.send(event, context, response.FAILED, { err });\n  }\n}\n\nasync function handleEvent(event) {\n  const userPoolId = event.ResourceProperties.userPoolId;\n  const inputDomainName = event.ResourceProperties.hostedUIDomainName;\n  if (event.RequestType === 'Delete') {\n    await deleteUserPoolDomain(inputDomainName, userPoolId);\n  } else if (event.RequestType === 'Update' || event.RequestType === 'Create') {\n    await createOrUpdateDomain(inputDomainName, userPoolId);\n  }\n}\n\nasync function checkDomainAvailability(domainName) {\n  const params = { Domain: domainName };\n  try {\n    const res = await identity.send(new DescribeUserPoolDomainCommand(params));\n    return !(res.DomainDescription && res.DomainDescription.UserPoolId);\n  } catch (err) {\n    return false;\n  }\n}\n\nasync function deleteUserPoolDomain(domainName, userPoolId) {\n  const params = { Domain: domainName, UserPoolId: userPoolId };\n  await identity.send(new DeleteUserPoolDomainCommand(params));\n}\n\nasync function createUserPoolDomain(domainName, userPoolId) {\n  const params = {\n    Domain: domainName,\n    UserPoolId: userPoolId,\n  };\n  await identity.send(new CreateUserPoolDomainCommand(params));\n}\n\nasync function createOrUpdateDomain(inputDomainName, userPoolId) {\n  const result = await identity.send(new DescribeUserPoolCommand({ UserPoolId: userPoolId }));\n  if (result.UserPool.Domain === inputDomainName) {\n    // if existing domain is same as input domain do nothing.\n    return;\n  }\n  if (inputDomainName) {\n    // create new or replace existing domain.\n    const isDomainAvailable = await checkDomainAvailability(inputDomainName);\n    if (isDomainAvailable) {\n      if (result.UserPool.Domain) {\n        await deleteUserPoolDomain(result.UserPool.Domain, userPoolId);\n      }\n      await createUserPoolDomain(inputDomainName, userPoolId);\n    } else {\n      throw new Error('Domain not available');\n    }\n  } else if (result.UserPool.Domain) {\n    // if input domain is undefined delete existing domain if exists.\n    await deleteUserPoolDomain(result.UserPool.Domain, userPoolId);\n  }\n}\n"
+        },
+        "Handler": "index.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "UserPoolClientRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs18.x",
+        "Timeout": 300
+      },
+      "DependsOn": [
+        "UserPoolClientRole"
+      ]
+    },
+    "HostedUICustomResourcePolicy": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-idp:CreateUserPoolDomain",
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:DeleteUserPoolDomain"
+              ],
+              "Resource": {
+                "Fn::GetAtt": [
+                  "UserPool",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-idp:DescribeUserPoolDomain"
+              ],
+              "Resource": "*"
+            }
+          ]
+        },
+        "PolicyName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "UserPool"
+              },
+              {
+                "Ref": "hostedUI"
+              }
+            ]
+          ]
+        },
+        "Roles": [
+          {
+            "Ref": "UserPoolClientRole"
+          }
+        ]
+      },
+      "DependsOn": [
+        "HostedUICustomResource"
+      ]
+    },
+    "HostedUICustomResourceLogPolicy": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "logs:CreateLogGroup",
+                "logs:CreateLogStream",
+                "logs:PutLogEvents"
+              ],
+              "Resource": {
+                "Fn::Sub": [
+                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
+                  {
+                    "region": {
+                      "Ref": "AWS::Region"
+                    },
+                    "account": {
+                      "Ref": "AWS::AccountId"
+                    },
+                    "lambda": {
+                      "Ref": "HostedUICustomResource"
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        },
+        "PolicyName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "UserPool"
+              },
+              "hostedUILogPolicy"
+            ]
+          ]
+        },
+        "Roles": [
+          {
+            "Ref": "UserPoolClientRole"
+          }
+        ]
+      },
+      "DependsOn": [
+        "HostedUICustomResourcePolicy"
+      ]
+    },
+    "HostedUICustomResourceInputs": {
+      "Type": "Custom::LambdaCallout",
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "HostedUICustomResource",
+            "Arn"
+          ]
+        },
+        "hostedUIDomainName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "hostedUIDomainName"
+              },
+              {
+                "Ref": "env"
+              }
+            ]
+          ]
+        },
+        "userPoolId": {
+          "Ref": "UserPool"
+        }
+      },
+      "DependsOn": [
+        "HostedUICustomResourceLogPolicy"
+      ],
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete"
+    },
+    "HostedUIProvidersCustomResource": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "ZipFile": "const response = require('cfn-response');\nconst {\n  CognitoIdentityProviderClient,\n  CreateIdentityProviderCommand,\n  DeleteIdentityProviderCommand,\n  ListIdentityProvidersCommand,\n  UpdateIdentityProviderCommand,\n} = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n  // Don't return promise, response.send() marks context as done internally\n  void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n  try {\n    await handleEvent(event);\n    response.send(event, context, response.SUCCESS, {});\n  } catch (err) {\n    console.log(err.stack);\n    response.send(event, context, response.FAILED, { err });\n  }\n}\n\nasync function handleEvent(event) {\n  const userPoolId = event.ResourceProperties.userPoolId;\n  const hostedUIProviderMeta = JSON.parse(event.ResourceProperties.hostedUIProviderMeta);\n  const hostedUIProviderCreds = JSON.parse(event.ResourceProperties.hostedUIProviderCreds);\n  const hasHostedUIProviderCreds = hostedUIProviderCreds.length && hostedUIProviderCreds.length > 0;\n  if (hasHostedUIProviderCreds && (event.RequestType === 'Update' || event.RequestType === 'Create')) {\n    const listIdentityProvidersResponse = await identity.send(\n      new ListIdentityProvidersCommand({\n        UserPoolId: userPoolId,\n        MaxResults: 60,\n      }),\n    );\n    console.log(listIdentityProvidersResponse);\n    const providerList = listIdentityProvidersResponse.Providers.map((provider) => provider.ProviderName);\n    const providerListInParameters = hostedUIProviderMeta.map((provider) => provider.ProviderName);\n    for (const providerMetadata of hostedUIProviderMeta) {\n      if (providerList.indexOf(providerMetadata.ProviderName) > -1) {\n        await updateIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n      } else {\n        await createIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n      }\n    }\n    for (const provider of providerList) {\n      if (providerListInParameters.indexOf(provider) < 0) {\n        await deleteIdentityProvider(provider, userPoolId);\n      }\n    }\n  }\n}\n\nfunction getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const providerMeta = hostedUIProviderMeta.find((provider) => provider.ProviderName === providerName);\n  const providerCreds = hostedUIProviderCreds.find((provider) => provider.ProviderName === providerName);\n  let requestParams = {\n    ProviderName: providerMeta.ProviderName,\n    UserPoolId: userPoolId,\n    AttributeMapping: providerMeta.AttributeMapping,\n  };\n  if (providerMeta.ProviderName === 'SignInWithApple') {\n    if (providerCreds.client_id && providerCreds.team_id && providerCreds.key_id && providerCreds.private_key) {\n      requestParams.ProviderDetails = {\n        client_id: providerCreds.client_id,\n        team_id: providerCreds.team_id,\n        key_id: providerCreds.key_id,\n        private_key: providerCreds.private_key,\n        authorize_scopes: providerMeta.authorize_scopes,\n      };\n    } else {\n      requestParams = null;\n    }\n  } else {\n    if (providerCreds.client_id && providerCreds.client_secret) {\n      requestParams.ProviderDetails = {\n        client_id: providerCreds.client_id,\n        client_secret: providerCreds.client_secret,\n        authorize_scopes: providerMeta.authorize_scopes,\n      };\n    } else {\n      requestParams = null;\n    }\n  }\n  return requestParams;\n}\n\nasync function createIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n  if (!requestParams) {\n    return;\n  }\n  requestParams.ProviderType = requestParams.ProviderName;\n  await identity.send(new CreateIdentityProviderCommand(requestParams));\n}\n\nasync function updateIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n  if (!requestParams) {\n    return;\n  }\n  await identity.send(new UpdateIdentityProviderCommand(requestParams));\n}\n\nasync function deleteIdentityProvider(providerName, userPoolId) {\n  const params = { ProviderName: providerName, UserPoolId: userPoolId };\n  await identity.send(new DeleteIdentityProviderCommand(params));\n}\n"
+        },
+        "Handler": "index.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "UserPoolClientRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs18.x",
+        "Timeout": 300
+      },
+      "DependsOn": [
+        "UserPoolClientRole"
+      ]
+    },
+    "HostedUIProvidersCustomResourcePolicy": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-idp:CreateIdentityProvider",
+                "cognito-idp:UpdateIdentityProvider",
+                "cognito-idp:ListIdentityProviders",
+                "cognito-idp:DeleteIdentityProvider"
+              ],
+              "Resource": {
+                "Fn::GetAtt": [
+                  "UserPool",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-idp:DescribeUserPoolDomain"
+              ],
+              "Resource": "*"
+            }
+          ]
+        },
+        "PolicyName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "UserPool"
+              },
+              "hostedUIProvider"
+            ]
+          ]
+        },
+        "Roles": [
+          {
+            "Ref": "UserPoolClientRole"
+          }
+        ]
+      },
+      "DependsOn": [
+        "HostedUIProvidersCustomResource"
+      ]
+    },
+    "HostedUIProvidersCustomResourceLogPolicy": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "logs:CreateLogGroup",
+                "logs:CreateLogStream",
+                "logs:PutLogEvents"
+              ],
+              "Resource": {
+                "Fn::Sub": [
+                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
+                  {
+                    "region": {
+                      "Ref": "AWS::Region"
+                    },
+                    "account": {
+                      "Ref": "AWS::AccountId"
+                    },
+                    "lambda": {
+                      "Ref": "HostedUIProvidersCustomResource"
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        },
+        "PolicyName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "UserPool"
+              },
+              "hostedUIProviderLogPolicy"
+            ]
+          ]
+        },
+        "Roles": [
+          {
+            "Ref": "UserPoolClientRole"
+          }
+        ]
+      },
+      "DependsOn": [
+        "HostedUIProvidersCustomResourcePolicy"
+      ]
+    },
+    "HostedUIProvidersCustomResourceInputs": {
+      "Type": "Custom::LambdaCallout",
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "HostedUIProvidersCustomResource",
+            "Arn"
+          ]
+        },
+        "hostedUIProviderMeta": {
+          "Ref": "hostedUIProviderMeta"
+        },
+        "hostedUIProviderCreds": {
+          "Ref": "hostedUIProviderCreds"
+        },
+        "userPoolId": {
+          "Ref": "UserPool"
+        }
+      },
+      "DependsOn": [
+        "HostedUIProvidersCustomResourceLogPolicy"
+      ],
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete"
+    },
+    "IdentityPool": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": {
+          "Ref": "allowUnauthenticatedIdentities"
+        },
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "UserPoolClient"
+            },
+            "ProviderName": {
+              "Fn::Sub": [
+                "cognito-idp.${region}.amazonaws.com/${client}",
+                {
+                  "region": {
+                    "Ref": "AWS::Region"
+                  },
+                  "client": {
+                    "Ref": "UserPool"
+                  }
+                }
+              ]
+            }
+          },
+          {
+            "ClientId": {
+              "Ref": "UserPoolClientWeb"
+            },
+            "ProviderName": {
+              "Fn::Sub": [
+                "cognito-idp.${region}.amazonaws.com/${client}",
+                {
+                  "region": {
+                    "Ref": "AWS::Region"
+                  },
+                  "client": {
+                    "Ref": "UserPool"
+                  }
+                }
+              ]
+            }
+          }
+        ],
+        "IdentityPoolName": {
+          "Fn::Join": [
+            "",
+            [
+              "testauth94a32e09_identitypool_94a32e09__",
+              {
+                "Ref": "env"
+              }
+            ]
+          ]
+        }
+      }
+    },
+    "IdentityPoolRoleMap": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "IdentityPool"
+        },
+        "Roles": {
+          "unauthenticated": {
+            "Ref": "unauthRoleArn"
+          },
+          "authenticated": {
+            "Ref": "authRoleArn"
+          }
+        }
+      },
+      "DependsOn": [
+        "IdentityPool"
+      ]
+    }
+  },
+  "Outputs": {
+    "IdentityPoolId": {
+      "Description": "Id for the identity pool",
+      "Value": "us-east-1:6588b8b4-10ae-4cda-9bd7-3a2203e41a1b"
+    },
+    "IdentityPoolName": {
+      "Value": "testauth94a32e09_identitypool_94a32e09__dev"
+    },
+    "HostedUIDomain": {
+      "Value": "testauth5cb39772-5cb39772-dev"
+    },
+    "OAuthMetadata": {
+      "Value": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"http://localhost:3000/signout/\"]}"
+    },
+    "UserPoolId": {
+      "Description": "Id for the user pool",
+      "Value": "us-east-1_kn6MwHksP"
+    },
+    "UserPoolArn": {
+      "Description": "Arn for the user pool",
+      "Value": "arn:aws:cognito-idp:us-east-1:517770102601:userpool/us-east-1_kn6MwHksP"
+    },
+    "UserPoolName": {
+      "Value": "testauth94a32e09_userpool_94a32e09"
+    },
+    "AppClientIDWeb": {
+      "Description": "The user pool app client id for web",
+      "Value": "7pjaotu0rf3n2oqoh2s11lad88"
+    },
+    "AppClientID": {
+      "Description": "The user pool app client id",
+      "Value": "27o147nc4bl486e62gp7t3l2os"
+    }
+  }
+}
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json b/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json
new file mode 100644
index 00000000000..dfced517b39
--- /dev/null
+++ b/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json
@@ -0,0 +1,741 @@
+{
+  "Description": "Amplify Cognito Stack for AWS Amplify CLI",
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Parameters": {
+    "env": {
+      "Type": "String"
+    },
+    "identityPoolName": {
+      "Type": "String"
+    },
+    "allowUnauthenticatedIdentities": {
+      "Type": "String"
+    },
+    "resourceNameTruncated": {
+      "Type": "String"
+    },
+    "userPoolName": {
+      "Type": "String"
+    },
+    "autoVerifiedAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "mfaConfiguration": {
+      "Type": "String"
+    },
+    "mfaTypes": {
+      "Type": "CommaDelimitedList"
+    },
+    "smsAuthenticationMessage": {
+      "Type": "String"
+    },
+    "smsVerificationMessage": {
+      "Type": "String"
+    },
+    "emailVerificationSubject": {
+      "Type": "String"
+    },
+    "emailVerificationMessage": {
+      "Type": "String"
+    },
+    "defaultPasswordPolicy": {
+      "Type": "String"
+    },
+    "passwordPolicyMinLength": {
+      "Type": "String"
+    },
+    "passwordPolicyCharacters": {
+      "Type": "CommaDelimitedList"
+    },
+    "requiredAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "aliasAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "userpoolClientGenerateSecret": {
+      "Type": "String"
+    },
+    "userpoolClientRefreshTokenValidity": {
+      "Type": "String"
+    },
+    "userpoolClientWriteAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "userpoolClientReadAttributes": {
+      "Type": "CommaDelimitedList"
+    },
+    "userpoolClientLambdaRole": {
+      "Type": "String"
+    },
+    "userpoolClientSetAttributes": {
+      "Type": "String"
+    },
+    "sharedId": {
+      "Type": "String"
+    },
+    "resourceName": {
+      "Type": "String"
+    },
+    "authSelections": {
+      "Type": "String"
+    },
+    "useDefault": {
+      "Type": "String"
+    },
+    "userPoolGroupList": {
+      "Type": "CommaDelimitedList"
+    },
+    "serviceName": {
+      "Type": "String"
+    },
+    "usernameCaseSensitive": {
+      "Type": "String"
+    },
+    "useEnabledMfas": {
+      "Type": "String"
+    },
+    "authRoleArn": {
+      "Type": "String"
+    },
+    "unauthRoleArn": {
+      "Type": "String"
+    },
+    "breakCircularDependency": {
+      "Type": "String"
+    },
+    "dependsOn": {
+      "Type": "CommaDelimitedList"
+    },
+    "hostedUI": {
+      "Type": "String"
+    },
+    "hostedUIDomainName": {
+      "Type": "String"
+    },
+    "authProvidersUserPool": {
+      "Type": "CommaDelimitedList"
+    },
+    "hostedUIProviderMeta": {
+      "Type": "String"
+    },
+    "oAuthMetadata": {
+      "Type": "String"
+    },
+    "authProviders": {
+      "Type": "CommaDelimitedList"
+    },
+    "hostedUIProviderCreds": {
+      "Type": "String",
+      "NoEcho": true
+    }
+  },
+  "Conditions": {
+    "ShouldNotCreateEnvResources": {
+      "Fn::Equals": [
+        {
+          "Ref": "env"
+        },
+        "NONE"
+      ]
+    }
+  },
+  "Resources": {
+    "UserPool": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AutoVerifiedAttributes": [
+          "email"
+        ],
+        "EmailVerificationMessage": {
+          "Ref": "emailVerificationMessage"
+        },
+        "EmailVerificationSubject": {
+          "Ref": "emailVerificationSubject"
+        },
+        "MfaConfiguration": {
+          "Ref": "mfaConfiguration"
+        },
+        "Policies": {
+          "PasswordPolicy": {
+            "MinimumLength": {
+              "Ref": "passwordPolicyMinLength"
+            },
+            "RequireLowercase": false,
+            "RequireNumbers": false,
+            "RequireSymbols": false,
+            "RequireUppercase": false
+          }
+        },
+        "Schema": [
+          {
+            "Mutable": true,
+            "Name": "email",
+            "Required": true
+          }
+        ],
+        "UserAttributeUpdateSettings": {
+          "AttributesRequireVerificationBeforeUpdate": [
+            "email"
+          ]
+        },
+        "UserPoolName": {
+          "Fn::Join": [
+            "",
+            [
+              {
+                "Ref": "userPoolName"
+              },
+              "-",
+              {
+                "Ref": "env"
+              }
+            ]
+          ]
+        },
+        "UsernameConfiguration": {
+          "CaseSensitive": false
+        }
+      }
+    },
+    "UserPoolClientWeb": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "AllowedOAuthFlows": [
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "phone",
+          "email",
+          "openid",
+          "profile",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "http://localhost:3000/"
+        ],
+        "ClientName": "testau94a32e09_app_clientWeb",
+        "LogoutURLs": [
+          "http://localhost:3000/signout/"
+        ],
+        "RefreshTokenValidity": {
+          "Ref": "userpoolClientRefreshTokenValidity"
+        },
+        "SupportedIdentityProviders": [
+          "Facebook",
+          "COGNITO"
+        ],
+        "TokenValidityUnits": {
+          "RefreshToken": "days"
+        },
+        "UserPoolId": {
+          "Ref": "UserPool"
+        }
+      },
+      "DependsOn": [
+        "UserPool"
+      ]
+    },
+    "UserPoolClient": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "AllowedOAuthFlows": [
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "phone",
+          "email",
+          "openid",
+          "profile",
+          "aws.cognito.signin.user.admin"
+        ],
+        "CallbackURLs": [
+          "http://localhost:3000/"
+        ],
+        "ClientName": "testau94a32e09_app_client",
+        "GenerateSecret": {
+          "Ref": "userpoolClientGenerateSecret"
+        },
+        "LogoutURLs": [
+          "http://localhost:3000/signout/"
+        ],
+        "RefreshTokenValidity": {
+          "Ref": "userpoolClientRefreshTokenValidity"
+        },
+        "SupportedIdentityProviders": [
+          "Facebook",
+          "COGNITO"
+        ],
+        "TokenValidityUnits": {
+          "RefreshToken": "days"
+        },
+        "UserPoolId": {
+          "Ref": "UserPool"
+        }
+      },
+      "DependsOn": [
+        "HostedUIProvidersCustomResourceInputs"
+      ]
+    },
+    "UserPoolClientRole": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              },
+              "Action": "sts:AssumeRole"
+            }
+          ]
+        },
+        "RoleName": {
+          "Fn::Join": [
+            "",
+            [
+              "upClientLambdaRole94a32e09",
+              {
+                "Fn::Select": [
+                  3,
+                  {
+                    "Fn::Split": [
+                      "-",
+                      {
+                        "Ref": "AWS::StackName"
+                      }
+                    ]
+                  }
+                ]
+              },
+              "-",
+              {
+                "Ref": "env"
+              }
+            ]
+          ]
+        }
+      }
+    },
+    "HostedUICustomResource": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "ZipFile": "const response = require('cfn-response');\nconst {\n  CognitoIdentityProviderClient,\n  CreateUserPoolDomainCommand,\n  DeleteUserPoolDomainCommand,\n  DescribeUserPoolCommand,\n  DescribeUserPoolDomainCommand,\n} = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n  // Don't return promise, response.send() marks context as done internally\n  void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n  try {\n    await handleEvent(event);\n    response.send(event, context, response.SUCCESS, {});\n  } catch (err) {\n    console.log(err);\n    response.send(event, context, response.FAILED, { err });\n  }\n}\n\nasync function handleEvent(event) {\n  const userPoolId = event.ResourceProperties.userPoolId;\n  const inputDomainName = event.ResourceProperties.hostedUIDomainName;\n  if (event.RequestType === 'Delete') {\n    await deleteUserPoolDomain(inputDomainName, userPoolId);\n  } else if (event.RequestType === 'Update' || event.RequestType === 'Create') {\n    await createOrUpdateDomain(inputDomainName, userPoolId);\n  }\n}\n\nasync function checkDomainAvailability(domainName) {\n  const params = { Domain: domainName };\n  try {\n    const res = await identity.send(new DescribeUserPoolDomainCommand(params));\n    return !(res.DomainDescription && res.DomainDescription.UserPoolId);\n  } catch (err) {\n    return false;\n  }\n}\n\nasync function deleteUserPoolDomain(domainName, userPoolId) {\n  const params = { Domain: domainName, UserPoolId: userPoolId };\n  await identity.send(new DeleteUserPoolDomainCommand(params));\n}\n\nasync function createUserPoolDomain(domainName, userPoolId) {\n  const params = {\n    Domain: domainName,\n    UserPoolId: userPoolId,\n  };\n  await identity.send(new CreateUserPoolDomainCommand(params));\n}\n\nasync function createOrUpdateDomain(inputDomainName, userPoolId) {\n  const result = await identity.send(new DescribeUserPoolCommand({ UserPoolId: userPoolId }));\n  if (result.UserPool.Domain === inputDomainName) {\n    // if existing domain is same as input domain do nothing.\n    return;\n  }\n  if (inputDomainName) {\n    // create new or replace existing domain.\n    const isDomainAvailable = await checkDomainAvailability(inputDomainName);\n    if (isDomainAvailable) {\n      if (result.UserPool.Domain) {\n        await deleteUserPoolDomain(result.UserPool.Domain, userPoolId);\n      }\n      await createUserPoolDomain(inputDomainName, userPoolId);\n    } else {\n      throw new Error('Domain not available');\n    }\n  } else if (result.UserPool.Domain) {\n    // if input domain is undefined delete existing domain if exists.\n    await deleteUserPoolDomain(result.UserPool.Domain, userPoolId);\n  }\n}\n"
+        },
+        "Handler": "index.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "UserPoolClientRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs18.x",
+        "Timeout": 300
+      },
+      "DependsOn": [
+        "UserPoolClientRole"
+      ]
+    },
+    "HostedUICustomResourcePolicy": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-idp:CreateUserPoolDomain",
+                "cognito-idp:DescribeUserPool",
+                "cognito-idp:DeleteUserPoolDomain"
+              ],
+              "Resource": {
+                "Fn::GetAtt": [
+                  "UserPool",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-idp:DescribeUserPoolDomain"
+              ],
+              "Resource": "*"
+            }
+          ]
+        },
+        "PolicyName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "UserPool"
+              },
+              {
+                "Ref": "hostedUI"
+              }
+            ]
+          ]
+        },
+        "Roles": [
+          {
+            "Ref": "UserPoolClientRole"
+          }
+        ]
+      },
+      "DependsOn": [
+        "HostedUICustomResource"
+      ]
+    },
+    "HostedUICustomResourceLogPolicy": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "logs:CreateLogGroup",
+                "logs:CreateLogStream",
+                "logs:PutLogEvents"
+              ],
+              "Resource": {
+                "Fn::Sub": [
+                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
+                  {
+                    "region": {
+                      "Ref": "AWS::Region"
+                    },
+                    "account": {
+                      "Ref": "AWS::AccountId"
+                    },
+                    "lambda": {
+                      "Ref": "HostedUICustomResource"
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        },
+        "PolicyName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "UserPool"
+              },
+              "hostedUILogPolicy"
+            ]
+          ]
+        },
+        "Roles": [
+          {
+            "Ref": "UserPoolClientRole"
+          }
+        ]
+      },
+      "DependsOn": [
+        "HostedUICustomResourcePolicy"
+      ]
+    },
+    "HostedUICustomResourceInputs": {
+      "Type": "Custom::LambdaCallout",
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "HostedUICustomResource",
+            "Arn"
+          ]
+        },
+        "hostedUIDomainName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "hostedUIDomainName"
+              },
+              {
+                "Ref": "env"
+              }
+            ]
+          ]
+        },
+        "userPoolId": {
+          "Ref": "UserPool"
+        }
+      },
+      "DependsOn": [
+        "HostedUICustomResourceLogPolicy"
+      ],
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete"
+    },
+    "HostedUIProvidersCustomResource": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "ZipFile": "const response = require('cfn-response');\nconst {\n  CognitoIdentityProviderClient,\n  CreateIdentityProviderCommand,\n  DeleteIdentityProviderCommand,\n  ListIdentityProvidersCommand,\n  UpdateIdentityProviderCommand,\n} = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n  // Don't return promise, response.send() marks context as done internally\n  void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n  try {\n    await handleEvent(event);\n    response.send(event, context, response.SUCCESS, {});\n  } catch (err) {\n    console.log(err.stack);\n    response.send(event, context, response.FAILED, { err });\n  }\n}\n\nasync function handleEvent(event) {\n  const userPoolId = event.ResourceProperties.userPoolId;\n  const hostedUIProviderMeta = JSON.parse(event.ResourceProperties.hostedUIProviderMeta);\n  const hostedUIProviderCreds = JSON.parse(event.ResourceProperties.hostedUIProviderCreds);\n  const hasHostedUIProviderCreds = hostedUIProviderCreds.length && hostedUIProviderCreds.length > 0;\n  if (hasHostedUIProviderCreds && (event.RequestType === 'Update' || event.RequestType === 'Create')) {\n    const listIdentityProvidersResponse = await identity.send(\n      new ListIdentityProvidersCommand({\n        UserPoolId: userPoolId,\n        MaxResults: 60,\n      }),\n    );\n    console.log(listIdentityProvidersResponse);\n    const providerList = listIdentityProvidersResponse.Providers.map((provider) => provider.ProviderName);\n    const providerListInParameters = hostedUIProviderMeta.map((provider) => provider.ProviderName);\n    for (const providerMetadata of hostedUIProviderMeta) {\n      if (providerList.indexOf(providerMetadata.ProviderName) > -1) {\n        await updateIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n      } else {\n        await createIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n      }\n    }\n    for (const provider of providerList) {\n      if (providerListInParameters.indexOf(provider) < 0) {\n        await deleteIdentityProvider(provider, userPoolId);\n      }\n    }\n  }\n}\n\nfunction getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const providerMeta = hostedUIProviderMeta.find((provider) => provider.ProviderName === providerName);\n  const providerCreds = hostedUIProviderCreds.find((provider) => provider.ProviderName === providerName);\n  let requestParams = {\n    ProviderName: providerMeta.ProviderName,\n    UserPoolId: userPoolId,\n    AttributeMapping: providerMeta.AttributeMapping,\n  };\n  if (providerMeta.ProviderName === 'SignInWithApple') {\n    if (providerCreds.client_id && providerCreds.team_id && providerCreds.key_id && providerCreds.private_key) {\n      requestParams.ProviderDetails = {\n        client_id: providerCreds.client_id,\n        team_id: providerCreds.team_id,\n        key_id: providerCreds.key_id,\n        private_key: providerCreds.private_key,\n        authorize_scopes: providerMeta.authorize_scopes,\n      };\n    } else {\n      requestParams = null;\n    }\n  } else {\n    if (providerCreds.client_id && providerCreds.client_secret) {\n      requestParams.ProviderDetails = {\n        client_id: providerCreds.client_id,\n        client_secret: providerCreds.client_secret,\n        authorize_scopes: providerMeta.authorize_scopes,\n      };\n    } else {\n      requestParams = null;\n    }\n  }\n  return requestParams;\n}\n\nasync function createIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n  if (!requestParams) {\n    return;\n  }\n  requestParams.ProviderType = requestParams.ProviderName;\n  await identity.send(new CreateIdentityProviderCommand(requestParams));\n}\n\nasync function updateIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n  if (!requestParams) {\n    return;\n  }\n  await identity.send(new UpdateIdentityProviderCommand(requestParams));\n}\n\nasync function deleteIdentityProvider(providerName, userPoolId) {\n  const params = { ProviderName: providerName, UserPoolId: userPoolId };\n  await identity.send(new DeleteIdentityProviderCommand(params));\n}\n"
+        },
+        "Handler": "index.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "UserPoolClientRole",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs18.x",
+        "Timeout": 300
+      },
+      "DependsOn": [
+        "UserPoolClientRole"
+      ]
+    },
+    "HostedUIProvidersCustomResourcePolicy": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-idp:CreateIdentityProvider",
+                "cognito-idp:UpdateIdentityProvider",
+                "cognito-idp:ListIdentityProviders",
+                "cognito-idp:DeleteIdentityProvider"
+              ],
+              "Resource": {
+                "Fn::GetAtt": [
+                  "UserPool",
+                  "Arn"
+                ]
+              }
+            },
+            {
+              "Effect": "Allow",
+              "Action": [
+                "cognito-idp:DescribeUserPoolDomain"
+              ],
+              "Resource": "*"
+            }
+          ]
+        },
+        "PolicyName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "UserPool"
+              },
+              "hostedUIProvider"
+            ]
+          ]
+        },
+        "Roles": [
+          {
+            "Ref": "UserPoolClientRole"
+          }
+        ]
+      },
+      "DependsOn": [
+        "HostedUIProvidersCustomResource"
+      ]
+    },
+    "HostedUIProvidersCustomResourceLogPolicy": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Effect": "Allow",
+              "Action": [
+                "logs:CreateLogGroup",
+                "logs:CreateLogStream",
+                "logs:PutLogEvents"
+              ],
+              "Resource": {
+                "Fn::Sub": [
+                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
+                  {
+                    "region": {
+                      "Ref": "AWS::Region"
+                    },
+                    "account": {
+                      "Ref": "AWS::AccountId"
+                    },
+                    "lambda": {
+                      "Ref": "HostedUIProvidersCustomResource"
+                    }
+                  }
+                ]
+              }
+            }
+          ]
+        },
+        "PolicyName": {
+          "Fn::Join": [
+            "-",
+            [
+              {
+                "Ref": "UserPool"
+              },
+              "hostedUIProviderLogPolicy"
+            ]
+          ]
+        },
+        "Roles": [
+          {
+            "Ref": "UserPoolClientRole"
+          }
+        ]
+      },
+      "DependsOn": [
+        "HostedUIProvidersCustomResourcePolicy"
+      ]
+    },
+    "HostedUIProvidersCustomResourceInputs": {
+      "Type": "Custom::LambdaCallout",
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "HostedUIProvidersCustomResource",
+            "Arn"
+          ]
+        },
+        "hostedUIProviderMeta": {
+          "Ref": "hostedUIProviderMeta"
+        },
+        "hostedUIProviderCreds": {
+          "Ref": "hostedUIProviderCreds"
+        },
+        "userPoolId": {
+          "Ref": "UserPool"
+        }
+      },
+      "DependsOn": [
+        "HostedUIProvidersCustomResourceLogPolicy"
+      ],
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete"
+    },
+    "IdentityPool": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": {
+          "Ref": "allowUnauthenticatedIdentities"
+        },
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "UserPoolClient"
+            },
+            "ProviderName": {
+              "Fn::Sub": [
+                "cognito-idp.${region}.amazonaws.com/${client}",
+                {
+                  "region": {
+                    "Ref": "AWS::Region"
+                  },
+                  "client": {
+                    "Ref": "UserPool"
+                  }
+                }
+              ]
+            }
+          },
+          {
+            "ClientId": {
+              "Ref": "UserPoolClientWeb"
+            },
+            "ProviderName": {
+              "Fn::Sub": [
+                "cognito-idp.${region}.amazonaws.com/${client}",
+                {
+                  "region": {
+                    "Ref": "AWS::Region"
+                  },
+                  "client": {
+                    "Ref": "UserPool"
+                  }
+                }
+              ]
+            }
+          }
+        ],
+        "IdentityPoolName": {
+          "Fn::Join": [
+            "",
+            [
+              "testauth94a32e09_identitypool_94a32e09__",
+              {
+                "Ref": "env"
+              }
+            ]
+          ]
+        }
+      }
+    },
+    "IdentityPoolRoleMap": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "IdentityPool"
+        },
+        "Roles": {
+          "unauthenticated": {
+            "Ref": "unauthRoleArn"
+          },
+          "authenticated": {
+            "Ref": "authRoleArn"
+          }
+        }
+      },
+      "DependsOn": [
+        "IdentityPool"
+      ]
+    }
+  },
+  "Outputs": {
+    "IdentityPoolId": {
+      "Description": "Id for the identity pool",
+      "Value": "us-east-1:6588b8b4-10ae-4cda-9bd7-3a2203e41a1b"
+    },
+    "IdentityPoolName": {
+      "Value": "testauth94a32e09_identitypool_94a32e09__dev"
+    },
+    "HostedUIDomain": {
+      "Value": "testauth5cb39772-5cb39772-dev"
+    },
+    "OAuthMetadata": {
+      "Value": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"http://localhost:3000/signout/\"]}"
+    },
+    "UserPoolId": {
+      "Description": "Id for the user pool",
+      "Value": "us-east-1_kn6MwHksP"
+    },
+    "UserPoolArn": {
+      "Description": "Arn for the user pool",
+      "Value": "arn:aws:cognito-idp:us-east-1:517770102601:userpool/us-east-1_kn6MwHksP"
+    },
+    "UserPoolName": {
+      "Value": "testauth94a32e09_userpool_94a32e09"
+    },
+    "AppClientIDWeb": {
+      "Description": "The user pool app client id for web",
+      "Value": "7pjaotu0rf3n2oqoh2s11lad88"
+    },
+    "AppClientID": {
+      "Description": "The user pool app client id",
+      "Value": "27o147nc4bl486e62gp7t3l2os"
+    }
+  }
+}
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate-rollback.json b/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate-rollback.json
new file mode 100644
index 00000000000..d78d802d151
--- /dev/null
+++ b/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate-rollback.json
@@ -0,0 +1,1157 @@
+{
+  "Description": "{\"createdOn\":\"Mac\",\"createdBy\":\"AmplifySandbox\",\"createdWith\":\"1.3.1\",\"stackType\":\"auth-Cognito\",\"metadata\":{}}",
+  "Resources": {
+    "SecretFetcherResourceProviderLambdaServiceRole5ABAF823": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          {
+            "Fn::Join": [
+              "",
+              [
+                "arn:",
+                {
+                  "Ref": "AWS::Partition"
+                },
+                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+              ]
+            ]
+          }
+        ],
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/ServiceRole/Resource"
+      }
+    },
+    "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "ssm:GetParameter",
+              "Effect": "Allow",
+              "Resource": [
+                "arn:aws:ssm:*:*:parameter/amplify/mygen2app/rjabhi-sandbox-a7ef9235a4/*",
+                "arn:aws:ssm:*:*:parameter/amplify/shared/my-gen2-app/*"
+              ]
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB",
+        "Roles": [
+          {
+            "Ref": "SecretFetcherResourceProviderLambdaServiceRole5ABAF823"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/ServiceRole/DefaultPolicy/Resource"
+      }
+    },
+    "SecretFetcherResourceProviderLambda1ECC380E": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": {
+            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+          },
+          "S3Key": "7030e6070d15a14e086f45c2b3244fd1c4e437a570d01e6bc71d38b2fe98aa1f.zip"
+        },
+        "Handler": "index.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "SecretFetcherResourceProviderLambdaServiceRole5ABAF823",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs18.x",
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ],
+        "Timeout": 10
+      },
+      "DependsOn": [
+        "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB",
+        "SecretFetcherResourceProviderLambdaServiceRole5ABAF823"
+      ],
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/Resource",
+        "aws:asset:path": "asset.7030e6070d15a14e086f45c2b3244fd1c4e437a570d01e6bc71d38b2fe98aa1f",
+        "aws:asset:is-bundled": true,
+        "aws:asset:property": "Code"
+      }
+    },
+    "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          {
+            "Fn::Join": [
+              "",
+              [
+                "arn:",
+                {
+                  "Ref": "AWS::Partition"
+                },
+                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+              ]
+            ]
+          }
+        ],
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/ServiceRole/Resource"
+      }
+    },
+    "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "lambda:InvokeFunction",
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "SecretFetcherResourceProviderLambda1ECC380E",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      {
+                        "Fn::GetAtt": [
+                          "SecretFetcherResourceProviderLambda1ECC380E",
+                          "Arn"
+                        ]
+                      },
+                      ":*"
+                    ]
+                  ]
+                }
+              ]
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916",
+        "Roles": [
+          {
+            "Ref": "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource"
+      }
+    },
+    "SecretFetcherResourceProviderframeworkonEvent960CF056": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": {
+            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+          },
+          "S3Key": "4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e.zip"
+        },
+        "Description": "AWS CDK resource provider framework - onEvent (amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider)",
+        "Environment": {
+          "Variables": {
+            "USER_ON_EVENT_FUNCTION_ARN": {
+              "Fn::GetAtt": [
+                "SecretFetcherResourceProviderLambda1ECC380E",
+                "Arn"
+              ]
+            }
+          }
+        },
+        "Handler": "framework.onEvent",
+        "Role": {
+          "Fn::GetAtt": [
+            "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041",
+            "Arn"
+          ]
+        },
+        "Runtime": {
+          "Fn::FindInMap": [
+            "LatestNodeRuntimeMap",
+            {
+              "Ref": "AWS::Region"
+            },
+            "value"
+          ]
+        },
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ],
+        "Timeout": 900
+      },
+      "DependsOn": [
+        "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916",
+        "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041"
+      ],
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/Resource",
+        "aws:asset:path": "asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e",
+        "aws:asset:is-bundled": false,
+        "aws:asset:property": "Code"
+      }
+    },
+    "FACEBOOKCLIENTIDSecretFetcherResource": {
+      "Type": "Custom::SecretFetcherResource",
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "SecretFetcherResourceProviderframeworkonEvent960CF056",
+            "Arn"
+          ]
+        },
+        "namespace": "my-gen2-app",
+        "name": "rjabhi",
+        "type": "sandbox",
+        "secretName": "FACEBOOK_CLIENT_ID",
+        "secretLastUpdated": "1727477216522"
+      },
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete",
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/FACEBOOK_CLIENT_IDSecretFetcherResource/Default"
+      }
+    },
+    "FACEBOOKCLIENTSECRETSecretFetcherResource": {
+      "Type": "Custom::SecretFetcherResource",
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "SecretFetcherResourceProviderframeworkonEvent960CF056",
+            "Arn"
+          ]
+        },
+        "namespace": "my-gen2-app",
+        "name": "rjabhi",
+        "type": "sandbox",
+        "secretName": "FACEBOOK_CLIENT_SECRET",
+        "secretLastUpdated": "1727477216522"
+      },
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete",
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/FACEBOOK_CLIENT_SECRETSecretFetcherResource/Default"
+      }
+    },
+    "amplifyAuthUserPool4BA7F805": {
+      "Type": "AWS::Cognito::UserPool",
+      "Properties": {
+        "AccountRecoverySetting": {
+          "RecoveryMechanisms": [
+            {
+              "Name": "verified_email",
+              "Priority": 1
+            }
+          ]
+        },
+        "AdminCreateUserConfig": {
+          "AllowAdminCreateUserOnly": false
+        },
+        "AutoVerifiedAttributes": [
+          "email"
+        ],
+        "EmailVerificationMessage": "The verification code to your new account is {####}",
+        "EmailVerificationSubject": "Verify your new account",
+        "MfaConfiguration": "OFF",
+        "Policies": {
+          "PasswordPolicy": {
+            "MinimumLength": 8,
+            "RequireLowercase": false,
+            "RequireNumbers": false,
+            "RequireSymbols": false,
+            "RequireUppercase": false,
+            "TemporaryPasswordValidityDays": 7
+          }
+        },
+        "Schema": [
+          {
+            "Mutable": true,
+            "Name": "email",
+            "Required": true
+          },
+          {
+            "Mutable": true,
+            "Name": "phone_number",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "profile",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "address",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "birthdate",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "gender",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "preferred_username",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "updated_at",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "website",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "picture",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "zoneinfo",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "locale",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "given_name",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "family_name",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "middle_name",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "name",
+            "Required": false
+          },
+          {
+            "Mutable": true,
+            "Name": "nickname",
+            "Required": false
+          }
+        ],
+        "SmsVerificationMessage": "The verification code to your new account is {####}",
+        "UserAttributeUpdateSettings": {
+          "AttributesRequireVerificationBeforeUpdate": [
+            "email"
+          ]
+        },
+        "UserPoolName": "testauth94a32e09_userpool_94a32e09-dev",
+        "UserPoolTags": {
+          "amplify:deployment-type": "sandbox",
+          "amplify:friendly-name": "amplifyAuth",
+          "created-by": "amplify"
+        },
+        "UsernameAttributes": [],
+        "UsernameConfiguration": {
+          "CaseSensitive": false
+        },
+        "VerificationMessageTemplate": {
+          "DefaultEmailOption": "CONFIRM_WITH_CODE",
+          "EmailMessage": "The verification code to your new account is {####}",
+          "EmailSubject": "Verify your new account",
+          "SmsMessage": "The verification code to your new account is {####}"
+        }
+      },
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete",
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/UserPool/Resource"
+      }
+    },
+    "amplifyAuthUserPoolUserPoolDomain1F688B5B": {
+      "Type": "AWS::Cognito::UserPoolDomain",
+      "Properties": {
+        "Domain": "917076d6886732946225",
+        "UserPoolId": {
+          "Ref": "amplifyAuthUserPool4BA7F805"
+        }
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/UserPool/UserPoolDomain/Resource"
+      }
+    },
+    "amplifyAuthFacebookIDP7CB5B5CC": {
+      "Type": "AWS::Cognito::UserPoolIdentityProvider",
+      "Properties": {
+        "AttributeMapping": {
+          "email": "email"
+        },
+        "ProviderDetails": {
+          "client_id": {
+            "Fn::GetAtt": [
+              "FACEBOOKCLIENTIDSecretFetcherResource",
+              "secretValue"
+            ]
+          },
+          "client_secret": {
+            "Fn::GetAtt": [
+              "FACEBOOKCLIENTSECRETSecretFetcherResource",
+              "secretValue"
+            ]
+          },
+          "authorize_scopes": "public_profile"
+        },
+        "ProviderName": "Facebook",
+        "ProviderType": "Facebook",
+        "UserPoolId": {
+          "Ref": "amplifyAuthUserPool4BA7F805"
+        }
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/FacebookIDP/Resource"
+      }
+    },
+    "amplifyAuthUserPoolAppClient2626C6F8": {
+      "Type": "AWS::Cognito::UserPoolClient",
+      "Properties": {
+        "AllowedOAuthFlows": [
+          "code"
+        ],
+        "AllowedOAuthFlowsUserPoolClient": true,
+        "AllowedOAuthScopes": [
+          "aws.cognito.signin.user.admin",
+          "email",
+          "openid",
+          "phone",
+          "profile"
+        ],
+        "CallbackURLs": [
+          "http://localhost:3000/"
+        ],
+        "ExplicitAuthFlows": [
+          "ALLOW_CUSTOM_AUTH",
+          "ALLOW_USER_SRP_AUTH",
+          "ALLOW_REFRESH_TOKEN_AUTH"
+        ],
+        "LogoutURLs": [
+          "http://localhost:3000/signout/"
+        ],
+        "PreventUserExistenceErrors": "ENABLED",
+        "SupportedIdentityProviders": [
+          {
+            "Ref": "amplifyAuthFacebookIDP7CB5B5CC"
+          },
+          "COGNITO"
+        ],
+        "UserPoolId": {
+          "Ref": "amplifyAuthUserPool4BA7F805"
+        }
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/UserPoolAppClient/Resource"
+      }
+    },
+    "amplifyAuthIdentityPool3FDE84CC": {
+      "Type": "AWS::Cognito::IdentityPool",
+      "Properties": {
+        "AllowUnauthenticatedIdentities": false,
+        "CognitoIdentityProviders": [
+          {
+            "ClientId": {
+              "Ref": "amplifyAuthUserPoolAppClient2626C6F8"
+            },
+            "ProviderName": {
+              "Fn::Join": [
+                "",
+                [
+                  "cognito-idp.",
+                  {
+                    "Ref": "AWS::Region"
+                  },
+                  ".amazonaws.com/",
+                  {
+                    "Ref": "amplifyAuthUserPool4BA7F805"
+                  }
+                ]
+              ]
+            }
+          }
+        ],
+        "IdentityPoolTags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "amplify:friendly-name",
+            "Value": "amplifyAuth"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ],
+        "SupportedLoginProviders": {
+          "graph.facebook.com": {
+            "Fn::GetAtt": [
+              "FACEBOOKCLIENTIDSecretFetcherResource",
+              "secretValue"
+            ]
+          }
+        }
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/IdentityPool"
+      }
+    },
+    "amplifyAuthauthenticatedUserRoleD8DA3689": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": {
+                    "Ref": "amplifyAuthIdentityPool3FDE84CC"
+                  }
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "authenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "amplify:friendly-name",
+            "Value": "amplifyAuth"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/authenticatedUserRole/Resource"
+      }
+    },
+    "amplifyAuthunauthenticatedUserRole2B524D9E": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": {
+                    "Ref": "amplifyAuthIdentityPool3FDE84CC"
+                  }
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "unauthenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "amplify:friendly-name",
+            "Value": "amplifyAuth"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/unauthenticatedUserRole/Resource"
+      }
+    },
+    "amplifyAuthIdentityPoolRoleAttachment045F17C8": {
+      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
+      "Properties": {
+        "IdentityPoolId": {
+          "Ref": "amplifyAuthIdentityPool3FDE84CC"
+        },
+        "RoleMappings": {
+          "UserPoolWebClientRoleMapping": {
+            "AmbiguousRoleResolution": "AuthenticatedRole",
+            "IdentityProvider": {
+              "Fn::Join": [
+                "",
+                [
+                  "cognito-idp.",
+                  {
+                    "Ref": "AWS::Region"
+                  },
+                  ".amazonaws.com/",
+                  {
+                    "Ref": "amplifyAuthUserPool4BA7F805"
+                  },
+                  ":",
+                  {
+                    "Ref": "amplifyAuthUserPoolAppClient2626C6F8"
+                  }
+                ]
+              ]
+            },
+            "Type": "Token"
+          }
+        },
+        "Roles": {
+          "unauthenticated": {
+            "Fn::GetAtt": [
+              "amplifyAuthunauthenticatedUserRole2B524D9E",
+              "Arn"
+            ]
+          },
+          "authenticated": {
+            "Fn::GetAtt": [
+              "amplifyAuthauthenticatedUserRoleD8DA3689",
+              "Arn"
+            ]
+          }
+        }
+      },
+      "DependsOn": [
+        "amplifyAuthIdentityPool3FDE84CC",
+        "amplifyAuthUserPoolAppClient2626C6F8"
+      ],
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/IdentityPoolRoleAttachment"
+      }
+    },
+    "CDKMetadata": {
+      "Type": "AWS::CDK::Metadata",
+      "Properties": {
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/11RQW7CQAx8C/fFDaD2DqmQeihCoJ6jZdeASbJGsQNCUf5ebQJp1NOM7fHIGs9h9pFAMrF3mTqfTws6QLNBUfR7tS439i5ZU9jy4G0W2ONFYNPBug5OiYMhW0Kz4wJNegwdbrkg94hlz1oji8yKoAosIxhZwKp2OerKCpreHpr0GAbXF2mN41MgZWh+BKstcxGNB/4in1xaCuPRs/MqvzwGJX1sK76Rx2ptHR6Y8/HKf82wnBaEQcfSv86w9DxtXMc4lqrWnUsM2rZmh8J15dB0OezVniicjKtFucyq51BgOCA9hm97vUZR2okGgxj2iKccPPWBxTfBRd5u8wRm75BMLkI0reqgVCLsevwFXhK6UfkBAAA="
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/CDKMetadata/Default"
+      },
+      "Condition": "CDKMetadataAvailable"
+    }
+  },
+  "Mappings": {
+    "LatestNodeRuntimeMap": {
+      "af-south-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-east-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-northeast-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-northeast-2": {
+        "value": "nodejs20.x"
+      },
+      "ap-northeast-3": {
+        "value": "nodejs20.x"
+      },
+      "ap-south-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-south-2": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-2": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-3": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-4": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-5": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-7": {
+        "value": "nodejs20.x"
+      },
+      "ca-central-1": {
+        "value": "nodejs20.x"
+      },
+      "ca-west-1": {
+        "value": "nodejs20.x"
+      },
+      "cn-north-1": {
+        "value": "nodejs18.x"
+      },
+      "cn-northwest-1": {
+        "value": "nodejs18.x"
+      },
+      "eu-central-1": {
+        "value": "nodejs20.x"
+      },
+      "eu-central-2": {
+        "value": "nodejs20.x"
+      },
+      "eu-isoe-west-1": {
+        "value": "nodejs18.x"
+      },
+      "eu-north-1": {
+        "value": "nodejs20.x"
+      },
+      "eu-south-1": {
+        "value": "nodejs20.x"
+      },
+      "eu-south-2": {
+        "value": "nodejs20.x"
+      },
+      "eu-west-1": {
+        "value": "nodejs20.x"
+      },
+      "eu-west-2": {
+        "value": "nodejs20.x"
+      },
+      "eu-west-3": {
+        "value": "nodejs20.x"
+      },
+      "il-central-1": {
+        "value": "nodejs20.x"
+      },
+      "me-central-1": {
+        "value": "nodejs20.x"
+      },
+      "me-south-1": {
+        "value": "nodejs20.x"
+      },
+      "mx-central-1": {
+        "value": "nodejs20.x"
+      },
+      "sa-east-1": {
+        "value": "nodejs20.x"
+      },
+      "us-east-1": {
+        "value": "nodejs20.x"
+      },
+      "us-east-2": {
+        "value": "nodejs20.x"
+      },
+      "us-gov-east-1": {
+        "value": "nodejs18.x"
+      },
+      "us-gov-west-1": {
+        "value": "nodejs18.x"
+      },
+      "us-iso-east-1": {
+        "value": "nodejs18.x"
+      },
+      "us-iso-west-1": {
+        "value": "nodejs18.x"
+      },
+      "us-isob-east-1": {
+        "value": "nodejs18.x"
+      },
+      "us-west-1": {
+        "value": "nodejs20.x"
+      },
+      "us-west-2": {
+        "value": "nodejs20.x"
+      }
+    }
+  },
+  "Conditions": {
+    "CDKMetadataAvailable": {
+      "Fn::Or": [
+        {
+          "Fn::Or": [
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "af-south-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-east-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-northeast-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-northeast-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-northeast-3"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-south-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-south-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-southeast-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-southeast-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-southeast-3"
+              ]
+            }
+          ]
+        },
+        {
+          "Fn::Or": [
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-southeast-4"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ca-central-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ca-west-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "cn-north-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "cn-northwest-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-central-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-central-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-north-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-south-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-south-2"
+              ]
+            }
+          ]
+        },
+        {
+          "Fn::Or": [
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-west-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-west-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-west-3"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "il-central-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "me-central-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "me-south-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "sa-east-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "us-east-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "us-east-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "us-west-1"
+              ]
+            }
+          ]
+        },
+        {
+          "Fn::Equals": [
+            {
+              "Ref": "AWS::Region"
+            },
+            "us-west-2"
+          ]
+        }
+      ]
+    }
+  },
+  "Outputs": {
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPool35006F41Ref": {
+      "Value": {
+        "Ref": "amplifyAuthUserPool4BA7F805"
+      }
+    },
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPoolAppClient2FF46763Ref": {
+      "Value": {
+        "Ref": "amplifyAuthUserPoolAppClient2626C6F8"
+      }
+    },
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthIdentityPoolE649E272Ref": {
+      "Value": {
+        "Ref": "amplifyAuthIdentityPool3FDE84CC"
+      }
+    },
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPoolUserPoolDomain922BB047Ref": {
+      "Value": {
+        "Ref": "amplifyAuthUserPoolUserPoolDomain1F688B5B"
+      }
+    },
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthauthenticatedUserRole25B64256Ref": {
+      "Value": {
+        "Ref": "amplifyAuthauthenticatedUserRoleD8DA3689"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate.json b/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate.json
new file mode 100644
index 00000000000..45fada723ea
--- /dev/null
+++ b/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate.json
@@ -0,0 +1,838 @@
+{
+  "Description": "{\"createdOn\":\"Mac\",\"createdBy\":\"AmplifySandbox\",\"createdWith\":\"1.3.1\",\"stackType\":\"auth-Cognito\",\"metadata\":{}}",
+  "Resources": {
+    "SecretFetcherResourceProviderLambdaServiceRole5ABAF823": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          {
+            "Fn::Join": [
+              "",
+              [
+                "arn:",
+                {
+                  "Ref": "AWS::Partition"
+                },
+                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+              ]
+            ]
+          }
+        ],
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/ServiceRole/Resource"
+      }
+    },
+    "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "ssm:GetParameter",
+              "Effect": "Allow",
+              "Resource": [
+                "arn:aws:ssm:*:*:parameter/amplify/mygen2app/rjabhi-sandbox-a7ef9235a4/*",
+                "arn:aws:ssm:*:*:parameter/amplify/shared/my-gen2-app/*"
+              ]
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB",
+        "Roles": [
+          {
+            "Ref": "SecretFetcherResourceProviderLambdaServiceRole5ABAF823"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/ServiceRole/DefaultPolicy/Resource"
+      }
+    },
+    "SecretFetcherResourceProviderLambda1ECC380E": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": {
+            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+          },
+          "S3Key": "7030e6070d15a14e086f45c2b3244fd1c4e437a570d01e6bc71d38b2fe98aa1f.zip"
+        },
+        "Handler": "index.handler",
+        "Role": {
+          "Fn::GetAtt": [
+            "SecretFetcherResourceProviderLambdaServiceRole5ABAF823",
+            "Arn"
+          ]
+        },
+        "Runtime": "nodejs18.x",
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ],
+        "Timeout": 10
+      },
+      "DependsOn": [
+        "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB",
+        "SecretFetcherResourceProviderLambdaServiceRole5ABAF823"
+      ],
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/Resource",
+        "aws:asset:path": "asset.7030e6070d15a14e086f45c2b3244fd1c4e437a570d01e6bc71d38b2fe98aa1f",
+        "aws:asset:is-bundled": true,
+        "aws:asset:property": "Code"
+      }
+    },
+    "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRole",
+              "Effect": "Allow",
+              "Principal": {
+                "Service": "lambda.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "ManagedPolicyArns": [
+          {
+            "Fn::Join": [
+              "",
+              [
+                "arn:",
+                {
+                  "Ref": "AWS::Partition"
+                },
+                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+              ]
+            ]
+          }
+        ],
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/ServiceRole/Resource"
+      }
+    },
+    "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916": {
+      "Type": "AWS::IAM::Policy",
+      "Properties": {
+        "PolicyDocument": {
+          "Statement": [
+            {
+              "Action": "lambda:InvokeFunction",
+              "Effect": "Allow",
+              "Resource": [
+                {
+                  "Fn::GetAtt": [
+                    "SecretFetcherResourceProviderLambda1ECC380E",
+                    "Arn"
+                  ]
+                },
+                {
+                  "Fn::Join": [
+                    "",
+                    [
+                      {
+                        "Fn::GetAtt": [
+                          "SecretFetcherResourceProviderLambda1ECC380E",
+                          "Arn"
+                        ]
+                      },
+                      ":*"
+                    ]
+                  ]
+                }
+              ]
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "PolicyName": "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916",
+        "Roles": [
+          {
+            "Ref": "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource"
+      }
+    },
+    "SecretFetcherResourceProviderframeworkonEvent960CF056": {
+      "Type": "AWS::Lambda::Function",
+      "Properties": {
+        "Code": {
+          "S3Bucket": {
+            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+          },
+          "S3Key": "4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e.zip"
+        },
+        "Description": "AWS CDK resource provider framework - onEvent (amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider)",
+        "Environment": {
+          "Variables": {
+            "USER_ON_EVENT_FUNCTION_ARN": {
+              "Fn::GetAtt": [
+                "SecretFetcherResourceProviderLambda1ECC380E",
+                "Arn"
+              ]
+            }
+          }
+        },
+        "Handler": "framework.onEvent",
+        "Role": {
+          "Fn::GetAtt": [
+            "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041",
+            "Arn"
+          ]
+        },
+        "Runtime": {
+          "Fn::FindInMap": [
+            "LatestNodeRuntimeMap",
+            {
+              "Ref": "AWS::Region"
+            },
+            "value"
+          ]
+        },
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ],
+        "Timeout": 900
+      },
+      "DependsOn": [
+        "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916",
+        "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041"
+      ],
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/Resource",
+        "aws:asset:path": "asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e",
+        "aws:asset:is-bundled": false,
+        "aws:asset:property": "Code"
+      }
+    },
+    "FACEBOOKCLIENTIDSecretFetcherResource": {
+      "Type": "Custom::SecretFetcherResource",
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "SecretFetcherResourceProviderframeworkonEvent960CF056",
+            "Arn"
+          ]
+        },
+        "namespace": "my-gen2-app",
+        "name": "rjabhi",
+        "type": "sandbox",
+        "secretName": "FACEBOOK_CLIENT_ID",
+        "secretLastUpdated": "1727477216522"
+      },
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete",
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/FACEBOOK_CLIENT_IDSecretFetcherResource/Default"
+      }
+    },
+    "FACEBOOKCLIENTSECRETSecretFetcherResource": {
+      "Type": "Custom::SecretFetcherResource",
+      "Properties": {
+        "ServiceToken": {
+          "Fn::GetAtt": [
+            "SecretFetcherResourceProviderframeworkonEvent960CF056",
+            "Arn"
+          ]
+        },
+        "namespace": "my-gen2-app",
+        "name": "rjabhi",
+        "type": "sandbox",
+        "secretName": "FACEBOOK_CLIENT_SECRET",
+        "secretLastUpdated": "1727477216522"
+      },
+      "UpdateReplacePolicy": "Delete",
+      "DeletionPolicy": "Delete",
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/FACEBOOK_CLIENT_SECRETSecretFetcherResource/Default"
+      }
+    },
+    "amplifyAuthFacebookIDP7CB5B5CC": {
+      "Type": "AWS::Cognito::UserPoolIdentityProvider",
+      "Properties": {
+        "AttributeMapping": {
+          "email": "email"
+        },
+        "ProviderDetails": {
+          "client_id": {
+            "Fn::GetAtt": [
+              "FACEBOOKCLIENTIDSecretFetcherResource",
+              "secretValue"
+            ]
+          },
+          "client_secret": {
+            "Fn::GetAtt": [
+              "FACEBOOKCLIENTSECRETSecretFetcherResource",
+              "secretValue"
+            ]
+          },
+          "authorize_scopes": "public_profile"
+        },
+        "ProviderName": "Facebook",
+        "ProviderType": "Facebook",
+        "UserPoolId": "[object Object]"
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/FacebookIDP/Resource"
+      }
+    },
+    "amplifyAuthauthenticatedUserRoleD8DA3689": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": "[object Object]"
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "authenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "amplify:friendly-name",
+            "Value": "amplifyAuth"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/authenticatedUserRole/Resource"
+      }
+    },
+    "amplifyAuthunauthenticatedUserRole2B524D9E": {
+      "Type": "AWS::IAM::Role",
+      "Properties": {
+        "AssumeRolePolicyDocument": {
+          "Statement": [
+            {
+              "Action": "sts:AssumeRoleWithWebIdentity",
+              "Condition": {
+                "StringEquals": {
+                  "cognito-identity.amazonaws.com:aud": "[object Object]"
+                },
+                "ForAnyValue:StringLike": {
+                  "cognito-identity.amazonaws.com:amr": "unauthenticated"
+                }
+              },
+              "Effect": "Allow",
+              "Principal": {
+                "Federated": "cognito-identity.amazonaws.com"
+              }
+            }
+          ],
+          "Version": "2012-10-17"
+        },
+        "Tags": [
+          {
+            "Key": "amplify:deployment-type",
+            "Value": "sandbox"
+          },
+          {
+            "Key": "amplify:friendly-name",
+            "Value": "amplifyAuth"
+          },
+          {
+            "Key": "created-by",
+            "Value": "amplify"
+          }
+        ]
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/unauthenticatedUserRole/Resource"
+      }
+    },
+    "CDKMetadata": {
+      "Type": "AWS::CDK::Metadata",
+      "Properties": {
+        "Analytics": "v2:deflate64:H4sIAAAAAAAA/11RQW7CQAx8C/fFDaD2DqmQeihCoJ6jZdeASbJGsQNCUf5ebQJp1NOM7fHIGs9h9pFAMrF3mTqfTws6QLNBUfR7tS439i5ZU9jy4G0W2ONFYNPBug5OiYMhW0Kz4wJNegwdbrkg94hlz1oji8yKoAosIxhZwKp2OerKCpreHpr0GAbXF2mN41MgZWh+BKstcxGNB/4in1xaCuPRs/MqvzwGJX1sK76Rx2ptHR6Y8/HKf82wnBaEQcfSv86w9DxtXMc4lqrWnUsM2rZmh8J15dB0OezVniicjKtFucyq51BgOCA9hm97vUZR2okGgxj2iKccPPWBxTfBRd5u8wRm75BMLkI0reqgVCLsevwFXhK6UfkBAAA="
+      },
+      "Metadata": {
+        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/CDKMetadata/Default"
+      },
+      "Condition": "CDKMetadataAvailable"
+    }
+  },
+  "Mappings": {
+    "LatestNodeRuntimeMap": {
+      "af-south-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-east-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-northeast-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-northeast-2": {
+        "value": "nodejs20.x"
+      },
+      "ap-northeast-3": {
+        "value": "nodejs20.x"
+      },
+      "ap-south-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-south-2": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-1": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-2": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-3": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-4": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-5": {
+        "value": "nodejs20.x"
+      },
+      "ap-southeast-7": {
+        "value": "nodejs20.x"
+      },
+      "ca-central-1": {
+        "value": "nodejs20.x"
+      },
+      "ca-west-1": {
+        "value": "nodejs20.x"
+      },
+      "cn-north-1": {
+        "value": "nodejs18.x"
+      },
+      "cn-northwest-1": {
+        "value": "nodejs18.x"
+      },
+      "eu-central-1": {
+        "value": "nodejs20.x"
+      },
+      "eu-central-2": {
+        "value": "nodejs20.x"
+      },
+      "eu-isoe-west-1": {
+        "value": "nodejs18.x"
+      },
+      "eu-north-1": {
+        "value": "nodejs20.x"
+      },
+      "eu-south-1": {
+        "value": "nodejs20.x"
+      },
+      "eu-south-2": {
+        "value": "nodejs20.x"
+      },
+      "eu-west-1": {
+        "value": "nodejs20.x"
+      },
+      "eu-west-2": {
+        "value": "nodejs20.x"
+      },
+      "eu-west-3": {
+        "value": "nodejs20.x"
+      },
+      "il-central-1": {
+        "value": "nodejs20.x"
+      },
+      "me-central-1": {
+        "value": "nodejs20.x"
+      },
+      "me-south-1": {
+        "value": "nodejs20.x"
+      },
+      "mx-central-1": {
+        "value": "nodejs20.x"
+      },
+      "sa-east-1": {
+        "value": "nodejs20.x"
+      },
+      "us-east-1": {
+        "value": "nodejs20.x"
+      },
+      "us-east-2": {
+        "value": "nodejs20.x"
+      },
+      "us-gov-east-1": {
+        "value": "nodejs18.x"
+      },
+      "us-gov-west-1": {
+        "value": "nodejs18.x"
+      },
+      "us-iso-east-1": {
+        "value": "nodejs18.x"
+      },
+      "us-iso-west-1": {
+        "value": "nodejs18.x"
+      },
+      "us-isob-east-1": {
+        "value": "nodejs18.x"
+      },
+      "us-west-1": {
+        "value": "nodejs20.x"
+      },
+      "us-west-2": {
+        "value": "nodejs20.x"
+      }
+    }
+  },
+  "Conditions": {
+    "CDKMetadataAvailable": {
+      "Fn::Or": [
+        {
+          "Fn::Or": [
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "af-south-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-east-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-northeast-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-northeast-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-northeast-3"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-south-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-south-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-southeast-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-southeast-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-southeast-3"
+              ]
+            }
+          ]
+        },
+        {
+          "Fn::Or": [
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ap-southeast-4"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ca-central-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "ca-west-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "cn-north-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "cn-northwest-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-central-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-central-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-north-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-south-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-south-2"
+              ]
+            }
+          ]
+        },
+        {
+          "Fn::Or": [
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-west-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-west-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "eu-west-3"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "il-central-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "me-central-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "me-south-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "sa-east-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "us-east-1"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "us-east-2"
+              ]
+            },
+            {
+              "Fn::Equals": [
+                {
+                  "Ref": "AWS::Region"
+                },
+                "us-west-1"
+              ]
+            }
+          ]
+        },
+        {
+          "Fn::Equals": [
+            {
+              "Ref": "AWS::Region"
+            },
+            "us-west-2"
+          ]
+        }
+      ]
+    }
+  },
+  "Outputs": {
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPool35006F41Ref": {
+      "Value": "[object Object]"
+    },
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPoolAppClient2FF46763Ref": {
+      "Value": "[object Object]"
+    },
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthIdentityPoolE649E272Ref": {
+      "Value": "[object Object]"
+    },
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPoolUserPoolDomain922BB047Ref": {
+      "Value": "[object Object]"
+    },
+    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthauthenticatedUserRole25B64256Ref": {
+      "Value": {
+        "Ref": "amplifyAuthauthenticatedUserRoleD8DA3689"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/packages/amplify-migration/src/app_auth_definition_fetcher.test.ts b/packages/amplify-migration/src/app_auth_definition_fetcher.test.ts
new file mode 100644
index 00000000000..eb2fc5bd822
--- /dev/null
+++ b/packages/amplify-migration/src/app_auth_definition_fetcher.test.ts
@@ -0,0 +1,211 @@
+import { CognitoIdentityProviderClient, DescribeUserPoolCommand, ListGroupsCommand } from '@aws-sdk/client-cognito-identity-provider';
+import { CognitoIdentityClient, GetIdentityPoolRolesCommand, ListIdentityPoolsCommand } from '@aws-sdk/client-cognito-identity';
+import { CloudFormationClient } from '@aws-sdk/client-cloudformation';
+import { AmplifyClient, ListBackendEnvironmentsCommand } from '@aws-sdk/client-amplify';
+import { GetObjectCommand, S3Client } from '@aws-sdk/client-s3';
+
+import { AmplifyStackParser } from './amplify_stack_parser';
+import { BackendEnvironmentResolver } from './backend_environment_selector';
+import { AppAuthDefinitionFetcher } from './app_auth_definition_fetcher';
+import { BackendDownloader } from './backend_downloader';
+
+const mockUserPoolName = 'mockUserPoolName';
+const mockUserPoolID = 'UserPoolId';
+const mockIdentityPoolName = 'mockIdentityPoolName';
+const mockIdentityPoolId = 'IdentityPoolId';
+const mockAppClientId = 'AppClientID';
+const mockAppClientIdWeb = 'AppClientIDWeb';
+const mockAuthenticatedRoleARN = 'authenticated';
+const mockUnauthenticatedRoleARN = 'unauthenticated';
+const mockCognitoIdentityProviderClientSendFn = jest.fn();
+
+const mockImportedAuthMeta = JSON.stringify({
+  auth: {
+    importedAuth: {
+      service: 'Cognito',
+      serviceType: 'imported',
+      output: {
+        UserPoolId: mockUserPoolID,
+        UserPoolName: mockUserPoolName,
+        AppClientID: mockAppClientId,
+        AppClientIDWeb: mockAppClientIdWeb,
+        IdentityPoolId: mockIdentityPoolId,
+        IdentityPoolName: mockIdentityPoolName,
+      },
+    },
+  },
+});
+
+const mockReadFile = jest.fn().mockResolvedValue(mockImportedAuthMeta);
+
+jest.mock('unzipper', () => ({
+  Open: {
+    file: jest.fn().mockResolvedValue({
+      extract: jest.fn().mockResolvedValue(undefined),
+    }),
+  },
+}));
+
+jest.mock('node:fs/promises', () => {
+  return {
+    mkdtemp: jest.fn().mockResolvedValue('tmp'),
+    writeFile: jest.fn().mockResolvedValue(undefined),
+    access: jest.fn().mockResolvedValue(true),
+    readFile: () => mockReadFile(),
+  };
+});
+jest.mock('@aws-sdk/client-cognito-identity-provider', () => {
+  return {
+    ...jest.requireActual('@aws-sdk/client-cognito-identity-provider'),
+    CognitoIdentityProviderClient: function () {
+      return {
+        send: mockCognitoIdentityProviderClientSendFn.mockImplementation((command) => {
+          if (command instanceof DescribeUserPoolCommand) {
+            return Promise.resolve({
+              UserPoolClient: {
+                ClientId: 'ClientId',
+                UserPoolId: 'UserPoolId',
+                ClientName: 'ClientName',
+              },
+            });
+          } else if (command instanceof ListGroupsCommand) {
+            return Promise.resolve({
+              Groups: [
+                {
+                  GroupName: 'Admin',
+                  RoleArn: 'RoleArn',
+                  Description: 'Description',
+                  Precedence: 1,
+                  LastModifiedDate: 'LastModifiedDate',
+                  CreationDate: 'CreationDate',
+                },
+              ],
+            });
+          }
+          return undefined;
+        }),
+      };
+    },
+  };
+});
+
+jest.mock('@aws-sdk/client-cognito-identity', () => {
+  return {
+    ...jest.requireActual('@aws-sdk/client-cognito-identity'),
+    CognitoIdentityClient: function () {
+      return {
+        send: jest.fn().mockImplementation((command) => {
+          if (command instanceof ListIdentityPoolsCommand) {
+            return Promise.resolve({
+              IdentityPools: [
+                {
+                  IdentityPoolId: 'IdentityPoolId',
+                  IdentityPoolName: 'IdentityPoolName',
+                },
+              ],
+            });
+          } else if (command instanceof GetIdentityPoolRolesCommand) {
+            return Promise.resolve({
+              Roles: {
+                authenticated: mockAuthenticatedRoleARN,
+                unauthenticated: mockUnauthenticatedRoleARN,
+              },
+            });
+          }
+          return Promise.resolve();
+        }),
+      };
+    },
+  };
+});
+
+jest.mock('@aws-sdk/client-amplify', () => {
+  return {
+    ...jest.requireActual('@aws-sdk/client-amplify'),
+    AmplifyClient: function () {
+      return {
+        send: jest.fn().mockImplementation((command) => {
+          if (command instanceof ListBackendEnvironmentsCommand) {
+            return Promise.resolve({
+              backendEnvironments: [
+                {
+                  environmentName: 'dev',
+                  deploymentArtifacts: 's3://deploymentArtifacts',
+                },
+              ],
+            });
+          }
+          return Promise.resolve();
+        }),
+      };
+    },
+  };
+});
+
+jest.mock('@aws-sdk/client-s3', () => {
+  return {
+    ...jest.requireActual('@aws-sdk/client-s3'),
+    S3Client: function () {
+      return {
+        send: jest.fn().mockImplementation((command) => {
+          if (command instanceof GetObjectCommand) {
+            return Promise.resolve({
+              Body: mockImportedAuthMeta,
+            });
+          }
+          return Promise.resolve();
+        }),
+      };
+    },
+  };
+});
+
+const cognitoIdentityProviderClient = new CognitoIdentityProviderClient();
+const cognitoIdentityClient = new CognitoIdentityClient();
+const cloudFormationClient = new CloudFormationClient();
+const amplifyStackParser = new AmplifyStackParser(cloudFormationClient);
+const amplifyClient = new AmplifyClient();
+const s3Client = new S3Client();
+const appId = 'appId';
+const backendEnvironmentResolver = new BackendEnvironmentResolver(appId, amplifyClient);
+const ccbFetcher = new BackendDownloader(s3Client);
+
+describe('Auth definition Fetcher tests', () => {
+  const appAuthDefinitionFetcher = new AppAuthDefinitionFetcher(
+    cognitoIdentityClient,
+    cognitoIdentityProviderClient,
+    amplifyStackParser,
+    backendEnvironmentResolver,
+    () => Promise.resolve({}),
+    ccbFetcher,
+  );
+  it('should fetch imported auth definitions', async () => {
+    await expect(appAuthDefinitionFetcher.getDefinition()).resolves.toEqual({
+      referenceAuth: {
+        groups: {
+          Admin: 'RoleArn',
+        },
+        identityPoolId: mockIdentityPoolId,
+        authRoleArn: mockAuthenticatedRoleARN,
+        unauthRoleArn: mockUnauthenticatedRoleARN,
+        userPoolClientId: mockAppClientIdWeb,
+        userPoolId: mockUserPoolID,
+      },
+    });
+  });
+
+  it('should not fetch imported auth definitions if there is no related cognito resource information', async () => {
+    mockReadFile.mockResolvedValue(
+      JSON.stringify({
+        auth: {
+          importedAuth: {
+            service: 'Cognito',
+            serviceType: 'imported',
+            output: {},
+          },
+        },
+      }),
+    );
+    await expect(appAuthDefinitionFetcher.getDefinition()).rejects.toEqual(new Error('No user pool or identity pool found for import.'));
+  });
+});
diff --git a/packages/amplify-migration/src/app_auth_definition_fetcher.ts b/packages/amplify-migration/src/app_auth_definition_fetcher.ts
index 76fb81d24a0..ce93cbd62b0 100644
--- a/packages/amplify-migration/src/app_auth_definition_fetcher.ts
+++ b/packages/amplify-migration/src/app_auth_definition_fetcher.ts
@@ -14,8 +14,12 @@ import {
   DescribeIdentityProviderCommand,
   GetUserPoolMfaConfigCommand,
 } from '@aws-sdk/client-cognito-identity-provider';
-import { CognitoIdentityClient, DescribeIdentityPoolCommand } from '@aws-sdk/client-cognito-identity';
+import { CognitoIdentityClient, DescribeIdentityPoolCommand, GetIdentityPoolRolesCommand } from '@aws-sdk/client-cognito-identity';
 import { getAuthDefinition } from '@aws-amplify/amplify-gen1-codegen-auth-adapter';
+import { fileOrDirectoryExists } from './directory_exists';
+import { BackendDownloader } from './backend_downloader.js';
+import path from 'node:path';
+import fs from 'node:fs/promises';
 
 export interface AppAuthDefinitionFetcher {
   getDefinition(): Promise<AuthDefinition | undefined>;
@@ -28,9 +32,92 @@ export class AppAuthDefinitionFetcher {
     private stackParser: AmplifyStackParser,
     private backendEnvironmentResolver: BackendEnvironmentResolver,
     private getAuthTriggerConnections: AuthTriggerConnectionsFetcher,
+    private ccbFetcher: BackendDownloader,
   ) {}
 
+  private readJsonFile = async (filePath: string) => {
+    const contents = await fs.readFile(filePath, { encoding: 'utf8' });
+    return JSON.parse(contents);
+  };
+
+  private getReferenceAuth = async () => {
+    const backendEnvironment = await this.backendEnvironmentResolver.selectBackendEnvironment();
+    if (!backendEnvironment?.deploymentArtifacts) return undefined;
+    const currentCloudBackendDirectory = await this.ccbFetcher.getCurrentCloudBackend(backendEnvironment.deploymentArtifacts);
+    const amplifyMetaPath = path.join(currentCloudBackendDirectory, 'amplify-meta.json');
+
+    if (!(await fileOrDirectoryExists(amplifyMetaPath))) {
+      throw new Error('Could not find amplify-meta.json');
+    }
+
+    const amplifyMeta = (await this.readJsonFile(amplifyMetaPath)) ?? {};
+    const isImported = Object.keys(amplifyMeta.auth).map((key) => amplifyMeta.auth[key])[0].serviceType === 'imported';
+
+    if (isImported) {
+      const {
+        UserPoolId: userPoolId,
+        AppClientIDWeb: userPoolClientId,
+        IdentityPoolId: identityPoolId,
+      } = Object.keys(amplifyMeta.auth).map((key) => amplifyMeta.auth[key])[0].output;
+      if (!userPoolId || !userPoolClientId || !identityPoolId) {
+        throw new Error('No user pool or identity pool found for import.');
+      }
+
+      let authRoleArn: string | undefined;
+      let unauthRoleArn: string | undefined;
+      let groups: Record<string, string> | undefined;
+
+      if (identityPoolId) {
+        const { Roles } = await this.cognitoIdentityPoolClient.send(
+          new GetIdentityPoolRolesCommand({
+            IdentityPoolId: identityPoolId,
+          }),
+        );
+        if (Roles) {
+          authRoleArn = Roles.authenticated;
+          unauthRoleArn = Roles.unauthenticated;
+        }
+      }
+
+      if (userPoolId) {
+        const { Groups } = await this.cognitoIdentityProviderClient.send(
+          new ListGroupsCommand({
+            UserPoolId: userPoolId,
+          }),
+        );
+
+        if (Groups && Groups.length > 0) {
+          groups = Groups.reduce((acc: Record<string, string>, { GroupName, RoleArn }) => {
+            assert(GroupName);
+            assert(RoleArn);
+            return {
+              ...acc,
+              [GroupName]: RoleArn,
+            };
+          }, {});
+        }
+      }
+
+      return {
+        userPoolId,
+        userPoolClientId,
+        identityPoolId,
+        unauthRoleArn,
+        authRoleArn,
+        groups,
+      };
+    }
+    return undefined;
+  };
+
   getDefinition = async (): Promise<AuthDefinition | undefined> => {
+    const referenceAuth = await this.getReferenceAuth();
+    if (referenceAuth) {
+      return {
+        referenceAuth,
+      };
+    }
+
     const backendEnvironment = await this.backendEnvironmentResolver.selectBackendEnvironment();
     assert(backendEnvironment?.stackName);
     const stackResources = await this.stackParser.getAllStackResources(backendEnvironment.stackName);
diff --git a/packages/amplify-migration/src/command-handlers.ts b/packages/amplify-migration/src/command-handlers.ts
index a11b1bb0fe8..d3f9d0643b9 100644
--- a/packages/amplify-migration/src/command-handlers.ts
+++ b/packages/amplify-migration/src/command-handlers.ts
@@ -207,6 +207,7 @@ export async function execute() {
   const amplifyStackParser = new AmplifyStackParser(cloudFormationClient);
   const backendEnvironmentResolver = new BackendEnvironmentResolver(appId, amplifyClient);
   const backendEnvironment = await backendEnvironmentResolver.selectBackendEnvironment();
+  const ccbFetcher = new BackendDownloader(s3Client);
 
   await generateGen2Code({
     outputDirectory: TEMP_GEN_2_OUTPUT_DIR,
@@ -217,6 +218,7 @@ export async function execute() {
       amplifyStackParser,
       backendEnvironmentResolver,
       () => getAuthTriggersConnections(),
+      ccbFetcher,
     ),
     dataDefinitionFetcher: new DataDefinitionFetcher(backendEnvironmentResolver, amplifyStackParser),
     functionsDefinitionFetcher: new AppFunctionsDefinitionFetcher(lambdaClient, backendEnvironmentResolver, stateManager),

From a76b71bdf8eca2bc10a42bd4d90cbea1971141ed Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 15:58:27 -0800
Subject: [PATCH 02/10] fix: import auth validation condition

---
 packages/amplify-migration/src/app_auth_definition_fetcher.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/amplify-migration/src/app_auth_definition_fetcher.ts b/packages/amplify-migration/src/app_auth_definition_fetcher.ts
index ce93cbd62b0..7d0852af457 100644
--- a/packages/amplify-migration/src/app_auth_definition_fetcher.ts
+++ b/packages/amplify-migration/src/app_auth_definition_fetcher.ts
@@ -59,7 +59,7 @@ export class AppAuthDefinitionFetcher {
         AppClientIDWeb: userPoolClientId,
         IdentityPoolId: identityPoolId,
       } = Object.keys(amplifyMeta.auth).map((key) => amplifyMeta.auth[key])[0].output;
-      if (!userPoolId || !userPoolClientId || !identityPoolId) {
+      if (!userPoolId && !userPoolClientId && !identityPoolId) {
         throw new Error('No user pool or identity pool found for import.');
       }
 

From 71cc41bbfe62cbede225b31b5fd6ad37ce986b58 Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 16:10:40 -0800
Subject: [PATCH 03/10] fix: delete codegen e2e package

---
 .../src/backend/synthesizer.ts                   | 12 ++++++------
 .../output/amplify/auth/resource.ts              |  6 ------
 .../output/amplify/backend.ts                    |  5 -----
 .../output/amplify/package.json                  |  3 ---
 .../output/package.json                          | 16 ----------------
 5 files changed, 6 insertions(+), 36 deletions(-)
 delete mode 100644 packages/amplify-migration-codegen-e2e/output/amplify/auth/resource.ts
 delete mode 100644 packages/amplify-migration-codegen-e2e/output/amplify/backend.ts
 delete mode 100644 packages/amplify-migration-codegen-e2e/output/amplify/package.json
 delete mode 100644 packages/amplify-migration-codegen-e2e/output/package.json

diff --git a/packages/amplify-gen2-codegen/src/backend/synthesizer.ts b/packages/amplify-gen2-codegen/src/backend/synthesizer.ts
index 4e2a577fe49..2d75ce9854c 100644
--- a/packages/amplify-gen2-codegen/src/backend/synthesizer.ts
+++ b/packages/amplify-gen2-codegen/src/backend/synthesizer.ts
@@ -388,12 +388,12 @@ export class BackendSynthesizer {
                                     renderArgs.storage.bucketEncryptionAlgorithm.serverSideEncryptionByDefault.SSEAlgorithm!,
                                   ),
                                 ),
-                                // factory.createPropertyAssignment(
-                                //   factory.createIdentifier('kmsMasterKeyId'),
-                                //   factory.createStringLiteral(
-                                //     renderArgs.storage.bucketEncryptionAlgorithm.serverSideEncryptionByDefault.KMSMasterKeyID!,
-                                //   ),
-                                // ),
+                                factory.createPropertyAssignment(
+                                  factory.createIdentifier('kmsMasterKeyId'),
+                                  factory.createStringLiteral(
+                                    renderArgs.storage.bucketEncryptionAlgorithm.serverSideEncryptionByDefault.KMSMasterKeyID!,
+                                  ),
+                                ),
                               ],
                               true,
                             ),
diff --git a/packages/amplify-migration-codegen-e2e/output/amplify/auth/resource.ts b/packages/amplify-migration-codegen-e2e/output/amplify/auth/resource.ts
deleted file mode 100644
index 6179d6e03dd..00000000000
--- a/packages/amplify-migration-codegen-e2e/output/amplify/auth/resource.ts
+++ /dev/null
@@ -1,6 +0,0 @@
-import { defineAuth } from '@aws-amplify/backend';
-export const auth = defineAuth({
-  loginWith: {
-    email: true,
-  },
-});
diff --git a/packages/amplify-migration-codegen-e2e/output/amplify/backend.ts b/packages/amplify-migration-codegen-e2e/output/amplify/backend.ts
deleted file mode 100644
index 8f3471375a8..00000000000
--- a/packages/amplify-migration-codegen-e2e/output/amplify/backend.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-import { auth } from './auth/resource';
-import { defineBackend } from '@aws-amplify/backend';
-const backend = defineBackend({
-  auth,
-});
diff --git a/packages/amplify-migration-codegen-e2e/output/amplify/package.json b/packages/amplify-migration-codegen-e2e/output/amplify/package.json
deleted file mode 100644
index aead43de364..00000000000
--- a/packages/amplify-migration-codegen-e2e/output/amplify/package.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "type": "module"
-}
\ No newline at end of file
diff --git a/packages/amplify-migration-codegen-e2e/output/package.json b/packages/amplify-migration-codegen-e2e/output/package.json
deleted file mode 100644
index 74a57caa2a1..00000000000
--- a/packages/amplify-migration-codegen-e2e/output/package.json
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-  "name": "my-gen2-app",
-  "devDependencies": {
-    "@aws-amplify/backend": "*",
-    "@aws-amplify/backend-cli": "*",
-    "aws-cdk": "*",
-    "aws-cdk-lib": "*",
-    "constructs": "*",
-    "esbuild": "*",
-    "tsx": "*",
-    "typescript": "*"
-  },
-  "dependencies": {
-    "aws-amplify": "*"
-  }
-}
\ No newline at end of file

From 822bc5844aa59f22068b4dcb6b09766a5de3ad52 Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 17:54:02 -0800
Subject: [PATCH 04/10] fix: remove duplicate code and .amplify dir

---
 .../src/auth/source_builder.test.ts           |   33 -
 .../templates/auth/MIGRATION_README.md        |   30 -
 ...reProcessUpdateStackTemplate-rollback.json |  741 -----------
 ...ep1-gen1PreProcessUpdateStackTemplate.json |  741 -----------
 ...esourcesRemovalStackTemplate-rollback.json | 1157 -----------------
 ...ep2-gen2ResourcesRemovalStackTemplate.json |  838 ------------
 6 files changed, 3540 deletions(-)
 delete mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/MIGRATION_README.md
 delete mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json
 delete mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json
 delete mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate-rollback.json
 delete mode 100644 packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate.json

diff --git a/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts b/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
index 4d9addd44c1..1a397c4d840 100644
--- a/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
+++ b/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
@@ -376,39 +376,6 @@ describe('render auth node', () => {
       const source = printNodeArray(node);
       assert.match(source, /defineAuth\(\{[\s\S]*attributeMapping:\s\{[\s\S]*fullname:\s"name"/);
     });
-    describe('phone', () => {
-      it('renders `phone: true`', () => {
-        const authDefinition: AuthDefinition = {
-          loginOptions: {
-            phone: true,
-          },
-        };
-        const node = renderAuthNode(authDefinition);
-        const source = printNodeArray(node);
-        assert.match(source, /defineAuth\(\{\s+loginWith:\s+\{\s+phone:\s?true\s+\}\s+\}\)/);
-      });
-    });
-    describe('OAuth scopes', () => {
-      it('renders oauth scopes', () => {
-        const authDefinition: AuthDefinition = {
-          loginOptions: {
-            googleLogin: true,
-            scopes: ['EMAIL', 'OPENID'],
-          },
-        };
-        const node = renderAuthNode(authDefinition);
-        const source = printNodeArray(node);
-        assert.match(source, /defineAuth\(\{[\s\S]*scopes:\s\["EMAIL",\s"OPENID"\]/);
-      });
-      it('renders no oauth scopes if not passed', () => {
-        const authDefinition: AuthDefinition = {
-          loginOptions: {},
-        };
-        const node = renderAuthNode(authDefinition);
-        const source = printNodeArray(node);
-        assert.doesNotMatch(source, /scopes:/);
-      });
-    });
     it('renders attributeMapping if passed along with Google login', () => {
       const authDefinition: AuthDefinition = {
         loginOptions: {
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/MIGRATION_README.md b/packages/amplify-migration/.amplify/migration/templates/auth/MIGRATION_README.md
deleted file mode 100644
index 546076e2c7a..00000000000
--- a/packages/amplify-migration/.amplify/migration/templates/auth/MIGRATION_README.md
+++ /dev/null
@@ -1,30 +0,0 @@
-## Stack refactor steps for auth category
-### STEP 1: UPDATE GEN-1 AUTH STACK
-It is a non-disruptive update since the template only replaces resource references with their resolved values. This is a required step to execute cloudformation stack refactor later.
-```
-aws cloudformation update-stack \
- --stack-name amplify-testauth-dev-36113-authtestauth94a32e09-10D2TA5P5OHDH \
- --template-body file://.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json \
- --parameters '[{"ParameterKey":"hostedUIDomainName","ParameterValue":"testauth5cb39772-5cb39772"},{"ParameterKey":"authRoleArn","ParameterValue":"arn:aws:iam::517770102601:role/amplify-testauth-dev-36113-authRole"},{"ParameterKey":"authProviders","ParameterValue":""},{"ParameterKey":"autoVerifiedAttributes","ParameterValue":"email"},{"ParameterKey":"allowUnauthenticatedIdentities","ParameterValue":"false"},{"ParameterKey":"hostedUI","ParameterValue":"true"},{"ParameterKey":"smsVerificationMessage","ParameterValue":"Your verification code is {####}"},{"ParameterKey":"userpoolClientReadAttributes","ParameterValue":"email"},{"ParameterKey":"breakCircularDependency","ParameterValue":"true"},{"ParameterKey":"oAuthMetadata","ParameterValue":"{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"http://localhost:3000/signout/\"]}"},{"ParameterKey":"mfaTypes","ParameterValue":"SMS Text Message"},{"ParameterKey":"emailVerificationSubject","ParameterValue":"Your verification code"},{"ParameterKey":"sharedId","ParameterValue":"94a32e09"},{"ParameterKey":"useDefault","ParameterValue":"defaultSocial"},{"ParameterKey":"userpoolClientGenerateSecret","ParameterValue":"false"},{"ParameterKey":"mfaConfiguration","ParameterValue":"OFF"},{"ParameterKey":"identityPoolName","ParameterValue":"testauth94a32e09_identitypool_94a32e09"},{"ParameterKey":"authProvidersUserPool","ParameterValue":"Facebook"},{"ParameterKey":"userPoolGroupList","ParameterValue":""},{"ParameterKey":"authSelections","ParameterValue":"identityPoolAndUserPool"},{"ParameterKey":"resourceNameTruncated","ParameterValue":"testau94a32e09"},{"ParameterKey":"smsAuthenticationMessage","ParameterValue":"Your authentication code is {####}"},{"ParameterKey":"passwordPolicyMinLength","ParameterValue":"8"},{"ParameterKey":"userPoolName","ParameterValue":"testauth94a32e09_userpool_94a32e09"},{"ParameterKey":"hostedUIProviderMeta","ParameterValue":"[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"id\"}}]"},{"ParameterKey":"userpoolClientWriteAttributes","ParameterValue":"email"},{"ParameterKey":"dependsOn","ParameterValue":""},{"ParameterKey":"useEnabledMfas","ParameterValue":"true"},{"ParameterKey":"usernameCaseSensitive","ParameterValue":"false"},{"ParameterKey":"resourceName","ParameterValue":"testauth94a32e09"},{"ParameterKey":"env","ParameterValue":"dev"},{"ParameterKey":"serviceName","ParameterValue":"Cognito"},{"ParameterKey":"emailVerificationMessage","ParameterValue":"Your verification code is {####}"},{"ParameterKey":"userpoolClientRefreshTokenValidity","ParameterValue":"30"},{"ParameterKey":"userpoolClientSetAttributes","ParameterValue":"false"},{"ParameterKey":"unauthRoleArn","ParameterValue":"arn:aws:iam::517770102601:role/amplify-testauth-dev-36113-unauthRole"},{"ParameterKey":"requiredAttributes","ParameterValue":"email"},{"ParameterKey":"passwordPolicyCharacters","ParameterValue":""},{"ParameterKey":"aliasAttributes","ParameterValue":""},{"ParameterKey":"userpoolClientLambdaRole","ParameterValue":"testau94a32e09_userpoolclient_lambda_role"},{"ParameterKey":"defaultPasswordPolicy","ParameterValue":"false"},{"ParameterKey":"hostedUIProviderCreds","ParameterValue":"****"}]' \
- --capabilities CAPABILITY_NAMED_IAM
- ```
- 
-  ```
-aws cloudformation describe-stacks \
- --stack-name amplify-testauth-dev-36113-authtestauth94a32e09-10D2TA5P5OHDH
- ```
- 
- #### Rollback step:
- ```
- aws cloudformation update-stack \
- --stack-name amplify-testauth-dev-36113-authtestauth94a32e09-10D2TA5P5OHDH \
- --template-body file://.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json
- --parameters '[{"ParameterKey":"hostedUIDomainName","ParameterValue":"testauth5cb39772-5cb39772"},{"ParameterKey":"authRoleArn","ParameterValue":"arn:aws:iam::517770102601:role/amplify-testauth-dev-36113-authRole"},{"ParameterKey":"authProviders","ParameterValue":""},{"ParameterKey":"autoVerifiedAttributes","ParameterValue":"email"},{"ParameterKey":"allowUnauthenticatedIdentities","ParameterValue":"false"},{"ParameterKey":"hostedUI","ParameterValue":"true"},{"ParameterKey":"smsVerificationMessage","ParameterValue":"Your verification code is {####}"},{"ParameterKey":"userpoolClientReadAttributes","ParameterValue":"email"},{"ParameterKey":"breakCircularDependency","ParameterValue":"true"},{"ParameterKey":"oAuthMetadata","ParameterValue":"{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"http://localhost:3000/signout/\"]}"},{"ParameterKey":"mfaTypes","ParameterValue":"SMS Text Message"},{"ParameterKey":"emailVerificationSubject","ParameterValue":"Your verification code"},{"ParameterKey":"sharedId","ParameterValue":"94a32e09"},{"ParameterKey":"useDefault","ParameterValue":"defaultSocial"},{"ParameterKey":"userpoolClientGenerateSecret","ParameterValue":"false"},{"ParameterKey":"mfaConfiguration","ParameterValue":"OFF"},{"ParameterKey":"identityPoolName","ParameterValue":"testauth94a32e09_identitypool_94a32e09"},{"ParameterKey":"authProvidersUserPool","ParameterValue":"Facebook"},{"ParameterKey":"userPoolGroupList","ParameterValue":""},{"ParameterKey":"authSelections","ParameterValue":"identityPoolAndUserPool"},{"ParameterKey":"resourceNameTruncated","ParameterValue":"testau94a32e09"},{"ParameterKey":"smsAuthenticationMessage","ParameterValue":"Your authentication code is {####}"},{"ParameterKey":"passwordPolicyMinLength","ParameterValue":"8"},{"ParameterKey":"userPoolName","ParameterValue":"testauth94a32e09_userpool_94a32e09"},{"ParameterKey":"hostedUIProviderMeta","ParameterValue":"[{\"ProviderName\":\"Facebook\",\"authorize_scopes\":\"email,public_profile\",\"AttributeMapping\":{\"email\":\"email\",\"username\":\"id\"}}]"},{"ParameterKey":"userpoolClientWriteAttributes","ParameterValue":"email"},{"ParameterKey":"dependsOn","ParameterValue":""},{"ParameterKey":"useEnabledMfas","ParameterValue":"true"},{"ParameterKey":"usernameCaseSensitive","ParameterValue":"false"},{"ParameterKey":"resourceName","ParameterValue":"testauth94a32e09"},{"ParameterKey":"env","ParameterValue":"dev"},{"ParameterKey":"serviceName","ParameterValue":"Cognito"},{"ParameterKey":"emailVerificationMessage","ParameterValue":"Your verification code is {####}"},{"ParameterKey":"userpoolClientRefreshTokenValidity","ParameterValue":"30"},{"ParameterKey":"userpoolClientSetAttributes","ParameterValue":"false"},{"ParameterKey":"unauthRoleArn","ParameterValue":"arn:aws:iam::517770102601:role/amplify-testauth-dev-36113-unauthRole"},{"ParameterKey":"requiredAttributes","ParameterValue":"email"},{"ParameterKey":"passwordPolicyCharacters","ParameterValue":""},{"ParameterKey":"aliasAttributes","ParameterValue":""},{"ParameterKey":"userpoolClientLambdaRole","ParameterValue":"testau94a32e09_userpoolclient_lambda_role"},{"ParameterKey":"defaultPasswordPolicy","ParameterValue":"false"},{"ParameterKey":"hostedUIProviderCreds","ParameterValue":"****"}]' \
- --capabilities CAPABILITY_NAMED_IAM
- ```
- 
-  ```
-aws cloudformation describe-stacks \
- --stack-name amplify-testauth-dev-36113-authtestauth94a32e09-10D2TA5P5OHDH
- ```
- 
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json b/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json
deleted file mode 100644
index dfced517b39..00000000000
--- a/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate-rollback.json
+++ /dev/null
@@ -1,741 +0,0 @@
-{
-  "Description": "Amplify Cognito Stack for AWS Amplify CLI",
-  "AWSTemplateFormatVersion": "2010-09-09",
-  "Parameters": {
-    "env": {
-      "Type": "String"
-    },
-    "identityPoolName": {
-      "Type": "String"
-    },
-    "allowUnauthenticatedIdentities": {
-      "Type": "String"
-    },
-    "resourceNameTruncated": {
-      "Type": "String"
-    },
-    "userPoolName": {
-      "Type": "String"
-    },
-    "autoVerifiedAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "mfaConfiguration": {
-      "Type": "String"
-    },
-    "mfaTypes": {
-      "Type": "CommaDelimitedList"
-    },
-    "smsAuthenticationMessage": {
-      "Type": "String"
-    },
-    "smsVerificationMessage": {
-      "Type": "String"
-    },
-    "emailVerificationSubject": {
-      "Type": "String"
-    },
-    "emailVerificationMessage": {
-      "Type": "String"
-    },
-    "defaultPasswordPolicy": {
-      "Type": "String"
-    },
-    "passwordPolicyMinLength": {
-      "Type": "String"
-    },
-    "passwordPolicyCharacters": {
-      "Type": "CommaDelimitedList"
-    },
-    "requiredAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "aliasAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "userpoolClientGenerateSecret": {
-      "Type": "String"
-    },
-    "userpoolClientRefreshTokenValidity": {
-      "Type": "String"
-    },
-    "userpoolClientWriteAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "userpoolClientReadAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "userpoolClientLambdaRole": {
-      "Type": "String"
-    },
-    "userpoolClientSetAttributes": {
-      "Type": "String"
-    },
-    "sharedId": {
-      "Type": "String"
-    },
-    "resourceName": {
-      "Type": "String"
-    },
-    "authSelections": {
-      "Type": "String"
-    },
-    "useDefault": {
-      "Type": "String"
-    },
-    "userPoolGroupList": {
-      "Type": "CommaDelimitedList"
-    },
-    "serviceName": {
-      "Type": "String"
-    },
-    "usernameCaseSensitive": {
-      "Type": "String"
-    },
-    "useEnabledMfas": {
-      "Type": "String"
-    },
-    "authRoleArn": {
-      "Type": "String"
-    },
-    "unauthRoleArn": {
-      "Type": "String"
-    },
-    "breakCircularDependency": {
-      "Type": "String"
-    },
-    "dependsOn": {
-      "Type": "CommaDelimitedList"
-    },
-    "hostedUI": {
-      "Type": "String"
-    },
-    "hostedUIDomainName": {
-      "Type": "String"
-    },
-    "authProvidersUserPool": {
-      "Type": "CommaDelimitedList"
-    },
-    "hostedUIProviderMeta": {
-      "Type": "String"
-    },
-    "oAuthMetadata": {
-      "Type": "String"
-    },
-    "authProviders": {
-      "Type": "CommaDelimitedList"
-    },
-    "hostedUIProviderCreds": {
-      "Type": "String",
-      "NoEcho": true
-    }
-  },
-  "Conditions": {
-    "ShouldNotCreateEnvResources": {
-      "Fn::Equals": [
-        {
-          "Ref": "env"
-        },
-        "NONE"
-      ]
-    }
-  },
-  "Resources": {
-    "UserPool": {
-      "Type": "AWS::Cognito::UserPool",
-      "Properties": {
-        "AutoVerifiedAttributes": [
-          "email"
-        ],
-        "EmailVerificationMessage": {
-          "Ref": "emailVerificationMessage"
-        },
-        "EmailVerificationSubject": {
-          "Ref": "emailVerificationSubject"
-        },
-        "MfaConfiguration": {
-          "Ref": "mfaConfiguration"
-        },
-        "Policies": {
-          "PasswordPolicy": {
-            "MinimumLength": {
-              "Ref": "passwordPolicyMinLength"
-            },
-            "RequireLowercase": false,
-            "RequireNumbers": false,
-            "RequireSymbols": false,
-            "RequireUppercase": false
-          }
-        },
-        "Schema": [
-          {
-            "Mutable": true,
-            "Name": "email",
-            "Required": true
-          }
-        ],
-        "UserAttributeUpdateSettings": {
-          "AttributesRequireVerificationBeforeUpdate": [
-            "email"
-          ]
-        },
-        "UserPoolName": {
-          "Fn::Join": [
-            "",
-            [
-              {
-                "Ref": "userPoolName"
-              },
-              "-",
-              {
-                "Ref": "env"
-              }
-            ]
-          ]
-        },
-        "UsernameConfiguration": {
-          "CaseSensitive": false
-        }
-      }
-    },
-    "UserPoolClientWeb": {
-      "Type": "AWS::Cognito::UserPoolClient",
-      "Properties": {
-        "AllowedOAuthFlows": [
-          "code"
-        ],
-        "AllowedOAuthFlowsUserPoolClient": true,
-        "AllowedOAuthScopes": [
-          "phone",
-          "email",
-          "openid",
-          "profile",
-          "aws.cognito.signin.user.admin"
-        ],
-        "CallbackURLs": [
-          "http://localhost:3000/"
-        ],
-        "ClientName": "testau94a32e09_app_clientWeb",
-        "LogoutURLs": [
-          "http://localhost:3000/signout/"
-        ],
-        "RefreshTokenValidity": {
-          "Ref": "userpoolClientRefreshTokenValidity"
-        },
-        "SupportedIdentityProviders": [
-          "Facebook",
-          "COGNITO"
-        ],
-        "TokenValidityUnits": {
-          "RefreshToken": "days"
-        },
-        "UserPoolId": {
-          "Ref": "UserPool"
-        }
-      },
-      "DependsOn": [
-        "UserPool"
-      ]
-    },
-    "UserPoolClient": {
-      "Type": "AWS::Cognito::UserPoolClient",
-      "Properties": {
-        "AllowedOAuthFlows": [
-          "code"
-        ],
-        "AllowedOAuthFlowsUserPoolClient": true,
-        "AllowedOAuthScopes": [
-          "phone",
-          "email",
-          "openid",
-          "profile",
-          "aws.cognito.signin.user.admin"
-        ],
-        "CallbackURLs": [
-          "http://localhost:3000/"
-        ],
-        "ClientName": "testau94a32e09_app_client",
-        "GenerateSecret": {
-          "Ref": "userpoolClientGenerateSecret"
-        },
-        "LogoutURLs": [
-          "http://localhost:3000/signout/"
-        ],
-        "RefreshTokenValidity": {
-          "Ref": "userpoolClientRefreshTokenValidity"
-        },
-        "SupportedIdentityProviders": [
-          "Facebook",
-          "COGNITO"
-        ],
-        "TokenValidityUnits": {
-          "RefreshToken": "days"
-        },
-        "UserPoolId": {
-          "Ref": "UserPool"
-        }
-      },
-      "DependsOn": [
-        "HostedUIProvidersCustomResourceInputs"
-      ]
-    },
-    "UserPoolClientRole": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Principal": {
-                "Service": "lambda.amazonaws.com"
-              },
-              "Action": "sts:AssumeRole"
-            }
-          ]
-        },
-        "RoleName": {
-          "Fn::Join": [
-            "",
-            [
-              "upClientLambdaRole94a32e09",
-              {
-                "Fn::Select": [
-                  3,
-                  {
-                    "Fn::Split": [
-                      "-",
-                      {
-                        "Ref": "AWS::StackName"
-                      }
-                    ]
-                  }
-                ]
-              },
-              "-",
-              {
-                "Ref": "env"
-              }
-            ]
-          ]
-        }
-      }
-    },
-    "HostedUICustomResource": {
-      "Type": "AWS::Lambda::Function",
-      "Properties": {
-        "Code": {
-          "ZipFile": "const response = require('cfn-response');\nconst {\n  CognitoIdentityProviderClient,\n  CreateUserPoolDomainCommand,\n  DeleteUserPoolDomainCommand,\n  DescribeUserPoolCommand,\n  DescribeUserPoolDomainCommand,\n} = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n  // Don't return promise, response.send() marks context as done internally\n  void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n  try {\n    await handleEvent(event);\n    response.send(event, context, response.SUCCESS, {});\n  } catch (err) {\n    console.log(err);\n    response.send(event, context, response.FAILED, { err });\n  }\n}\n\nasync function handleEvent(event) {\n  const userPoolId = event.ResourceProperties.userPoolId;\n  const inputDomainName = event.ResourceProperties.hostedUIDomainName;\n  if (event.RequestType === 'Delete') {\n    await deleteUserPoolDomain(inputDomainName, userPoolId);\n  } else if (event.RequestType === 'Update' || event.RequestType === 'Create') {\n    await createOrUpdateDomain(inputDomainName, userPoolId);\n  }\n}\n\nasync function checkDomainAvailability(domainName) {\n  const params = { Domain: domainName };\n  try {\n    const res = await identity.send(new DescribeUserPoolDomainCommand(params));\n    return !(res.DomainDescription && res.DomainDescription.UserPoolId);\n  } catch (err) {\n    return false;\n  }\n}\n\nasync function deleteUserPoolDomain(domainName, userPoolId) {\n  const params = { Domain: domainName, UserPoolId: userPoolId };\n  await identity.send(new DeleteUserPoolDomainCommand(params));\n}\n\nasync function createUserPoolDomain(domainName, userPoolId) {\n  const params = {\n    Domain: domainName,\n    UserPoolId: userPoolId,\n  };\n  await identity.send(new CreateUserPoolDomainCommand(params));\n}\n\nasync function createOrUpdateDomain(inputDomainName, userPoolId) {\n  const result = await identity.send(new DescribeUserPoolCommand({ UserPoolId: userPoolId }));\n  if (result.UserPool.Domain === inputDomainName) {\n    // if existing domain is same as input domain do nothing.\n    return;\n  }\n  if (inputDomainName) {\n    // create new or replace existing domain.\n    const isDomainAvailable = await checkDomainAvailability(inputDomainName);\n    if (isDomainAvailable) {\n      if (result.UserPool.Domain) {\n        await deleteUserPoolDomain(result.UserPool.Domain, userPoolId);\n      }\n      await createUserPoolDomain(inputDomainName, userPoolId);\n    } else {\n      throw new Error('Domain not available');\n    }\n  } else if (result.UserPool.Domain) {\n    // if input domain is undefined delete existing domain if exists.\n    await deleteUserPoolDomain(result.UserPool.Domain, userPoolId);\n  }\n}\n"
-        },
-        "Handler": "index.handler",
-        "Role": {
-          "Fn::GetAtt": [
-            "UserPoolClientRole",
-            "Arn"
-          ]
-        },
-        "Runtime": "nodejs18.x",
-        "Timeout": 300
-      },
-      "DependsOn": [
-        "UserPoolClientRole"
-      ]
-    },
-    "HostedUICustomResourcePolicy": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "cognito-idp:CreateUserPoolDomain",
-                "cognito-idp:DescribeUserPool",
-                "cognito-idp:DeleteUserPoolDomain"
-              ],
-              "Resource": {
-                "Fn::GetAtt": [
-                  "UserPool",
-                  "Arn"
-                ]
-              }
-            },
-            {
-              "Effect": "Allow",
-              "Action": [
-                "cognito-idp:DescribeUserPoolDomain"
-              ],
-              "Resource": "*"
-            }
-          ]
-        },
-        "PolicyName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "UserPool"
-              },
-              {
-                "Ref": "hostedUI"
-              }
-            ]
-          ]
-        },
-        "Roles": [
-          {
-            "Ref": "UserPoolClientRole"
-          }
-        ]
-      },
-      "DependsOn": [
-        "HostedUICustomResource"
-      ]
-    },
-    "HostedUICustomResourceLogPolicy": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "logs:CreateLogGroup",
-                "logs:CreateLogStream",
-                "logs:PutLogEvents"
-              ],
-              "Resource": {
-                "Fn::Sub": [
-                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
-                  {
-                    "region": {
-                      "Ref": "AWS::Region"
-                    },
-                    "account": {
-                      "Ref": "AWS::AccountId"
-                    },
-                    "lambda": {
-                      "Ref": "HostedUICustomResource"
-                    }
-                  }
-                ]
-              }
-            }
-          ]
-        },
-        "PolicyName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "UserPool"
-              },
-              "hostedUILogPolicy"
-            ]
-          ]
-        },
-        "Roles": [
-          {
-            "Ref": "UserPoolClientRole"
-          }
-        ]
-      },
-      "DependsOn": [
-        "HostedUICustomResourcePolicy"
-      ]
-    },
-    "HostedUICustomResourceInputs": {
-      "Type": "Custom::LambdaCallout",
-      "Properties": {
-        "ServiceToken": {
-          "Fn::GetAtt": [
-            "HostedUICustomResource",
-            "Arn"
-          ]
-        },
-        "hostedUIDomainName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "hostedUIDomainName"
-              },
-              {
-                "Ref": "env"
-              }
-            ]
-          ]
-        },
-        "userPoolId": {
-          "Ref": "UserPool"
-        }
-      },
-      "DependsOn": [
-        "HostedUICustomResourceLogPolicy"
-      ],
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete"
-    },
-    "HostedUIProvidersCustomResource": {
-      "Type": "AWS::Lambda::Function",
-      "Properties": {
-        "Code": {
-          "ZipFile": "const response = require('cfn-response');\nconst {\n  CognitoIdentityProviderClient,\n  CreateIdentityProviderCommand,\n  DeleteIdentityProviderCommand,\n  ListIdentityProvidersCommand,\n  UpdateIdentityProviderCommand,\n} = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n  // Don't return promise, response.send() marks context as done internally\n  void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n  try {\n    await handleEvent(event);\n    response.send(event, context, response.SUCCESS, {});\n  } catch (err) {\n    console.log(err.stack);\n    response.send(event, context, response.FAILED, { err });\n  }\n}\n\nasync function handleEvent(event) {\n  const userPoolId = event.ResourceProperties.userPoolId;\n  const hostedUIProviderMeta = JSON.parse(event.ResourceProperties.hostedUIProviderMeta);\n  const hostedUIProviderCreds = JSON.parse(event.ResourceProperties.hostedUIProviderCreds);\n  const hasHostedUIProviderCreds = hostedUIProviderCreds.length && hostedUIProviderCreds.length > 0;\n  if (hasHostedUIProviderCreds && (event.RequestType === 'Update' || event.RequestType === 'Create')) {\n    const listIdentityProvidersResponse = await identity.send(\n      new ListIdentityProvidersCommand({\n        UserPoolId: userPoolId,\n        MaxResults: 60,\n      }),\n    );\n    console.log(listIdentityProvidersResponse);\n    const providerList = listIdentityProvidersResponse.Providers.map((provider) => provider.ProviderName);\n    const providerListInParameters = hostedUIProviderMeta.map((provider) => provider.ProviderName);\n    for (const providerMetadata of hostedUIProviderMeta) {\n      if (providerList.indexOf(providerMetadata.ProviderName) > -1) {\n        await updateIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n      } else {\n        await createIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n      }\n    }\n    for (const provider of providerList) {\n      if (providerListInParameters.indexOf(provider) < 0) {\n        await deleteIdentityProvider(provider, userPoolId);\n      }\n    }\n  }\n}\n\nfunction getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const providerMeta = hostedUIProviderMeta.find((provider) => provider.ProviderName === providerName);\n  const providerCreds = hostedUIProviderCreds.find((provider) => provider.ProviderName === providerName);\n  let requestParams = {\n    ProviderName: providerMeta.ProviderName,\n    UserPoolId: userPoolId,\n    AttributeMapping: providerMeta.AttributeMapping,\n  };\n  if (providerMeta.ProviderName === 'SignInWithApple') {\n    if (providerCreds.client_id && providerCreds.team_id && providerCreds.key_id && providerCreds.private_key) {\n      requestParams.ProviderDetails = {\n        client_id: providerCreds.client_id,\n        team_id: providerCreds.team_id,\n        key_id: providerCreds.key_id,\n        private_key: providerCreds.private_key,\n        authorize_scopes: providerMeta.authorize_scopes,\n      };\n    } else {\n      requestParams = null;\n    }\n  } else {\n    if (providerCreds.client_id && providerCreds.client_secret) {\n      requestParams.ProviderDetails = {\n        client_id: providerCreds.client_id,\n        client_secret: providerCreds.client_secret,\n        authorize_scopes: providerMeta.authorize_scopes,\n      };\n    } else {\n      requestParams = null;\n    }\n  }\n  return requestParams;\n}\n\nasync function createIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n  if (!requestParams) {\n    return;\n  }\n  requestParams.ProviderType = requestParams.ProviderName;\n  await identity.send(new CreateIdentityProviderCommand(requestParams));\n}\n\nasync function updateIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n  if (!requestParams) {\n    return;\n  }\n  await identity.send(new UpdateIdentityProviderCommand(requestParams));\n}\n\nasync function deleteIdentityProvider(providerName, userPoolId) {\n  const params = { ProviderName: providerName, UserPoolId: userPoolId };\n  await identity.send(new DeleteIdentityProviderCommand(params));\n}\n"
-        },
-        "Handler": "index.handler",
-        "Role": {
-          "Fn::GetAtt": [
-            "UserPoolClientRole",
-            "Arn"
-          ]
-        },
-        "Runtime": "nodejs18.x",
-        "Timeout": 300
-      },
-      "DependsOn": [
-        "UserPoolClientRole"
-      ]
-    },
-    "HostedUIProvidersCustomResourcePolicy": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "cognito-idp:CreateIdentityProvider",
-                "cognito-idp:UpdateIdentityProvider",
-                "cognito-idp:ListIdentityProviders",
-                "cognito-idp:DeleteIdentityProvider"
-              ],
-              "Resource": {
-                "Fn::GetAtt": [
-                  "UserPool",
-                  "Arn"
-                ]
-              }
-            },
-            {
-              "Effect": "Allow",
-              "Action": [
-                "cognito-idp:DescribeUserPoolDomain"
-              ],
-              "Resource": "*"
-            }
-          ]
-        },
-        "PolicyName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "UserPool"
-              },
-              "hostedUIProvider"
-            ]
-          ]
-        },
-        "Roles": [
-          {
-            "Ref": "UserPoolClientRole"
-          }
-        ]
-      },
-      "DependsOn": [
-        "HostedUIProvidersCustomResource"
-      ]
-    },
-    "HostedUIProvidersCustomResourceLogPolicy": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "logs:CreateLogGroup",
-                "logs:CreateLogStream",
-                "logs:PutLogEvents"
-              ],
-              "Resource": {
-                "Fn::Sub": [
-                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
-                  {
-                    "region": {
-                      "Ref": "AWS::Region"
-                    },
-                    "account": {
-                      "Ref": "AWS::AccountId"
-                    },
-                    "lambda": {
-                      "Ref": "HostedUIProvidersCustomResource"
-                    }
-                  }
-                ]
-              }
-            }
-          ]
-        },
-        "PolicyName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "UserPool"
-              },
-              "hostedUIProviderLogPolicy"
-            ]
-          ]
-        },
-        "Roles": [
-          {
-            "Ref": "UserPoolClientRole"
-          }
-        ]
-      },
-      "DependsOn": [
-        "HostedUIProvidersCustomResourcePolicy"
-      ]
-    },
-    "HostedUIProvidersCustomResourceInputs": {
-      "Type": "Custom::LambdaCallout",
-      "Properties": {
-        "ServiceToken": {
-          "Fn::GetAtt": [
-            "HostedUIProvidersCustomResource",
-            "Arn"
-          ]
-        },
-        "hostedUIProviderMeta": {
-          "Ref": "hostedUIProviderMeta"
-        },
-        "hostedUIProviderCreds": {
-          "Ref": "hostedUIProviderCreds"
-        },
-        "userPoolId": {
-          "Ref": "UserPool"
-        }
-      },
-      "DependsOn": [
-        "HostedUIProvidersCustomResourceLogPolicy"
-      ],
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete"
-    },
-    "IdentityPool": {
-      "Type": "AWS::Cognito::IdentityPool",
-      "Properties": {
-        "AllowUnauthenticatedIdentities": {
-          "Ref": "allowUnauthenticatedIdentities"
-        },
-        "CognitoIdentityProviders": [
-          {
-            "ClientId": {
-              "Ref": "UserPoolClient"
-            },
-            "ProviderName": {
-              "Fn::Sub": [
-                "cognito-idp.${region}.amazonaws.com/${client}",
-                {
-                  "region": {
-                    "Ref": "AWS::Region"
-                  },
-                  "client": {
-                    "Ref": "UserPool"
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "ClientId": {
-              "Ref": "UserPoolClientWeb"
-            },
-            "ProviderName": {
-              "Fn::Sub": [
-                "cognito-idp.${region}.amazonaws.com/${client}",
-                {
-                  "region": {
-                    "Ref": "AWS::Region"
-                  },
-                  "client": {
-                    "Ref": "UserPool"
-                  }
-                }
-              ]
-            }
-          }
-        ],
-        "IdentityPoolName": {
-          "Fn::Join": [
-            "",
-            [
-              "testauth94a32e09_identitypool_94a32e09__",
-              {
-                "Ref": "env"
-              }
-            ]
-          ]
-        }
-      }
-    },
-    "IdentityPoolRoleMap": {
-      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
-      "Properties": {
-        "IdentityPoolId": {
-          "Ref": "IdentityPool"
-        },
-        "Roles": {
-          "unauthenticated": {
-            "Ref": "unauthRoleArn"
-          },
-          "authenticated": {
-            "Ref": "authRoleArn"
-          }
-        }
-      },
-      "DependsOn": [
-        "IdentityPool"
-      ]
-    }
-  },
-  "Outputs": {
-    "IdentityPoolId": {
-      "Description": "Id for the identity pool",
-      "Value": "us-east-1:6588b8b4-10ae-4cda-9bd7-3a2203e41a1b"
-    },
-    "IdentityPoolName": {
-      "Value": "testauth94a32e09_identitypool_94a32e09__dev"
-    },
-    "HostedUIDomain": {
-      "Value": "testauth5cb39772-5cb39772-dev"
-    },
-    "OAuthMetadata": {
-      "Value": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"http://localhost:3000/signout/\"]}"
-    },
-    "UserPoolId": {
-      "Description": "Id for the user pool",
-      "Value": "us-east-1_kn6MwHksP"
-    },
-    "UserPoolArn": {
-      "Description": "Arn for the user pool",
-      "Value": "arn:aws:cognito-idp:us-east-1:517770102601:userpool/us-east-1_kn6MwHksP"
-    },
-    "UserPoolName": {
-      "Value": "testauth94a32e09_userpool_94a32e09"
-    },
-    "AppClientIDWeb": {
-      "Description": "The user pool app client id for web",
-      "Value": "7pjaotu0rf3n2oqoh2s11lad88"
-    },
-    "AppClientID": {
-      "Description": "The user pool app client id",
-      "Value": "27o147nc4bl486e62gp7t3l2os"
-    }
-  }
-}
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json b/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json
deleted file mode 100644
index dfced517b39..00000000000
--- a/packages/amplify-migration/.amplify/migration/templates/auth/step1-gen1PreProcessUpdateStackTemplate.json
+++ /dev/null
@@ -1,741 +0,0 @@
-{
-  "Description": "Amplify Cognito Stack for AWS Amplify CLI",
-  "AWSTemplateFormatVersion": "2010-09-09",
-  "Parameters": {
-    "env": {
-      "Type": "String"
-    },
-    "identityPoolName": {
-      "Type": "String"
-    },
-    "allowUnauthenticatedIdentities": {
-      "Type": "String"
-    },
-    "resourceNameTruncated": {
-      "Type": "String"
-    },
-    "userPoolName": {
-      "Type": "String"
-    },
-    "autoVerifiedAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "mfaConfiguration": {
-      "Type": "String"
-    },
-    "mfaTypes": {
-      "Type": "CommaDelimitedList"
-    },
-    "smsAuthenticationMessage": {
-      "Type": "String"
-    },
-    "smsVerificationMessage": {
-      "Type": "String"
-    },
-    "emailVerificationSubject": {
-      "Type": "String"
-    },
-    "emailVerificationMessage": {
-      "Type": "String"
-    },
-    "defaultPasswordPolicy": {
-      "Type": "String"
-    },
-    "passwordPolicyMinLength": {
-      "Type": "String"
-    },
-    "passwordPolicyCharacters": {
-      "Type": "CommaDelimitedList"
-    },
-    "requiredAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "aliasAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "userpoolClientGenerateSecret": {
-      "Type": "String"
-    },
-    "userpoolClientRefreshTokenValidity": {
-      "Type": "String"
-    },
-    "userpoolClientWriteAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "userpoolClientReadAttributes": {
-      "Type": "CommaDelimitedList"
-    },
-    "userpoolClientLambdaRole": {
-      "Type": "String"
-    },
-    "userpoolClientSetAttributes": {
-      "Type": "String"
-    },
-    "sharedId": {
-      "Type": "String"
-    },
-    "resourceName": {
-      "Type": "String"
-    },
-    "authSelections": {
-      "Type": "String"
-    },
-    "useDefault": {
-      "Type": "String"
-    },
-    "userPoolGroupList": {
-      "Type": "CommaDelimitedList"
-    },
-    "serviceName": {
-      "Type": "String"
-    },
-    "usernameCaseSensitive": {
-      "Type": "String"
-    },
-    "useEnabledMfas": {
-      "Type": "String"
-    },
-    "authRoleArn": {
-      "Type": "String"
-    },
-    "unauthRoleArn": {
-      "Type": "String"
-    },
-    "breakCircularDependency": {
-      "Type": "String"
-    },
-    "dependsOn": {
-      "Type": "CommaDelimitedList"
-    },
-    "hostedUI": {
-      "Type": "String"
-    },
-    "hostedUIDomainName": {
-      "Type": "String"
-    },
-    "authProvidersUserPool": {
-      "Type": "CommaDelimitedList"
-    },
-    "hostedUIProviderMeta": {
-      "Type": "String"
-    },
-    "oAuthMetadata": {
-      "Type": "String"
-    },
-    "authProviders": {
-      "Type": "CommaDelimitedList"
-    },
-    "hostedUIProviderCreds": {
-      "Type": "String",
-      "NoEcho": true
-    }
-  },
-  "Conditions": {
-    "ShouldNotCreateEnvResources": {
-      "Fn::Equals": [
-        {
-          "Ref": "env"
-        },
-        "NONE"
-      ]
-    }
-  },
-  "Resources": {
-    "UserPool": {
-      "Type": "AWS::Cognito::UserPool",
-      "Properties": {
-        "AutoVerifiedAttributes": [
-          "email"
-        ],
-        "EmailVerificationMessage": {
-          "Ref": "emailVerificationMessage"
-        },
-        "EmailVerificationSubject": {
-          "Ref": "emailVerificationSubject"
-        },
-        "MfaConfiguration": {
-          "Ref": "mfaConfiguration"
-        },
-        "Policies": {
-          "PasswordPolicy": {
-            "MinimumLength": {
-              "Ref": "passwordPolicyMinLength"
-            },
-            "RequireLowercase": false,
-            "RequireNumbers": false,
-            "RequireSymbols": false,
-            "RequireUppercase": false
-          }
-        },
-        "Schema": [
-          {
-            "Mutable": true,
-            "Name": "email",
-            "Required": true
-          }
-        ],
-        "UserAttributeUpdateSettings": {
-          "AttributesRequireVerificationBeforeUpdate": [
-            "email"
-          ]
-        },
-        "UserPoolName": {
-          "Fn::Join": [
-            "",
-            [
-              {
-                "Ref": "userPoolName"
-              },
-              "-",
-              {
-                "Ref": "env"
-              }
-            ]
-          ]
-        },
-        "UsernameConfiguration": {
-          "CaseSensitive": false
-        }
-      }
-    },
-    "UserPoolClientWeb": {
-      "Type": "AWS::Cognito::UserPoolClient",
-      "Properties": {
-        "AllowedOAuthFlows": [
-          "code"
-        ],
-        "AllowedOAuthFlowsUserPoolClient": true,
-        "AllowedOAuthScopes": [
-          "phone",
-          "email",
-          "openid",
-          "profile",
-          "aws.cognito.signin.user.admin"
-        ],
-        "CallbackURLs": [
-          "http://localhost:3000/"
-        ],
-        "ClientName": "testau94a32e09_app_clientWeb",
-        "LogoutURLs": [
-          "http://localhost:3000/signout/"
-        ],
-        "RefreshTokenValidity": {
-          "Ref": "userpoolClientRefreshTokenValidity"
-        },
-        "SupportedIdentityProviders": [
-          "Facebook",
-          "COGNITO"
-        ],
-        "TokenValidityUnits": {
-          "RefreshToken": "days"
-        },
-        "UserPoolId": {
-          "Ref": "UserPool"
-        }
-      },
-      "DependsOn": [
-        "UserPool"
-      ]
-    },
-    "UserPoolClient": {
-      "Type": "AWS::Cognito::UserPoolClient",
-      "Properties": {
-        "AllowedOAuthFlows": [
-          "code"
-        ],
-        "AllowedOAuthFlowsUserPoolClient": true,
-        "AllowedOAuthScopes": [
-          "phone",
-          "email",
-          "openid",
-          "profile",
-          "aws.cognito.signin.user.admin"
-        ],
-        "CallbackURLs": [
-          "http://localhost:3000/"
-        ],
-        "ClientName": "testau94a32e09_app_client",
-        "GenerateSecret": {
-          "Ref": "userpoolClientGenerateSecret"
-        },
-        "LogoutURLs": [
-          "http://localhost:3000/signout/"
-        ],
-        "RefreshTokenValidity": {
-          "Ref": "userpoolClientRefreshTokenValidity"
-        },
-        "SupportedIdentityProviders": [
-          "Facebook",
-          "COGNITO"
-        ],
-        "TokenValidityUnits": {
-          "RefreshToken": "days"
-        },
-        "UserPoolId": {
-          "Ref": "UserPool"
-        }
-      },
-      "DependsOn": [
-        "HostedUIProvidersCustomResourceInputs"
-      ]
-    },
-    "UserPoolClientRole": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Principal": {
-                "Service": "lambda.amazonaws.com"
-              },
-              "Action": "sts:AssumeRole"
-            }
-          ]
-        },
-        "RoleName": {
-          "Fn::Join": [
-            "",
-            [
-              "upClientLambdaRole94a32e09",
-              {
-                "Fn::Select": [
-                  3,
-                  {
-                    "Fn::Split": [
-                      "-",
-                      {
-                        "Ref": "AWS::StackName"
-                      }
-                    ]
-                  }
-                ]
-              },
-              "-",
-              {
-                "Ref": "env"
-              }
-            ]
-          ]
-        }
-      }
-    },
-    "HostedUICustomResource": {
-      "Type": "AWS::Lambda::Function",
-      "Properties": {
-        "Code": {
-          "ZipFile": "const response = require('cfn-response');\nconst {\n  CognitoIdentityProviderClient,\n  CreateUserPoolDomainCommand,\n  DeleteUserPoolDomainCommand,\n  DescribeUserPoolCommand,\n  DescribeUserPoolDomainCommand,\n} = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n  // Don't return promise, response.send() marks context as done internally\n  void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n  try {\n    await handleEvent(event);\n    response.send(event, context, response.SUCCESS, {});\n  } catch (err) {\n    console.log(err);\n    response.send(event, context, response.FAILED, { err });\n  }\n}\n\nasync function handleEvent(event) {\n  const userPoolId = event.ResourceProperties.userPoolId;\n  const inputDomainName = event.ResourceProperties.hostedUIDomainName;\n  if (event.RequestType === 'Delete') {\n    await deleteUserPoolDomain(inputDomainName, userPoolId);\n  } else if (event.RequestType === 'Update' || event.RequestType === 'Create') {\n    await createOrUpdateDomain(inputDomainName, userPoolId);\n  }\n}\n\nasync function checkDomainAvailability(domainName) {\n  const params = { Domain: domainName };\n  try {\n    const res = await identity.send(new DescribeUserPoolDomainCommand(params));\n    return !(res.DomainDescription && res.DomainDescription.UserPoolId);\n  } catch (err) {\n    return false;\n  }\n}\n\nasync function deleteUserPoolDomain(domainName, userPoolId) {\n  const params = { Domain: domainName, UserPoolId: userPoolId };\n  await identity.send(new DeleteUserPoolDomainCommand(params));\n}\n\nasync function createUserPoolDomain(domainName, userPoolId) {\n  const params = {\n    Domain: domainName,\n    UserPoolId: userPoolId,\n  };\n  await identity.send(new CreateUserPoolDomainCommand(params));\n}\n\nasync function createOrUpdateDomain(inputDomainName, userPoolId) {\n  const result = await identity.send(new DescribeUserPoolCommand({ UserPoolId: userPoolId }));\n  if (result.UserPool.Domain === inputDomainName) {\n    // if existing domain is same as input domain do nothing.\n    return;\n  }\n  if (inputDomainName) {\n    // create new or replace existing domain.\n    const isDomainAvailable = await checkDomainAvailability(inputDomainName);\n    if (isDomainAvailable) {\n      if (result.UserPool.Domain) {\n        await deleteUserPoolDomain(result.UserPool.Domain, userPoolId);\n      }\n      await createUserPoolDomain(inputDomainName, userPoolId);\n    } else {\n      throw new Error('Domain not available');\n    }\n  } else if (result.UserPool.Domain) {\n    // if input domain is undefined delete existing domain if exists.\n    await deleteUserPoolDomain(result.UserPool.Domain, userPoolId);\n  }\n}\n"
-        },
-        "Handler": "index.handler",
-        "Role": {
-          "Fn::GetAtt": [
-            "UserPoolClientRole",
-            "Arn"
-          ]
-        },
-        "Runtime": "nodejs18.x",
-        "Timeout": 300
-      },
-      "DependsOn": [
-        "UserPoolClientRole"
-      ]
-    },
-    "HostedUICustomResourcePolicy": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "cognito-idp:CreateUserPoolDomain",
-                "cognito-idp:DescribeUserPool",
-                "cognito-idp:DeleteUserPoolDomain"
-              ],
-              "Resource": {
-                "Fn::GetAtt": [
-                  "UserPool",
-                  "Arn"
-                ]
-              }
-            },
-            {
-              "Effect": "Allow",
-              "Action": [
-                "cognito-idp:DescribeUserPoolDomain"
-              ],
-              "Resource": "*"
-            }
-          ]
-        },
-        "PolicyName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "UserPool"
-              },
-              {
-                "Ref": "hostedUI"
-              }
-            ]
-          ]
-        },
-        "Roles": [
-          {
-            "Ref": "UserPoolClientRole"
-          }
-        ]
-      },
-      "DependsOn": [
-        "HostedUICustomResource"
-      ]
-    },
-    "HostedUICustomResourceLogPolicy": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "logs:CreateLogGroup",
-                "logs:CreateLogStream",
-                "logs:PutLogEvents"
-              ],
-              "Resource": {
-                "Fn::Sub": [
-                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
-                  {
-                    "region": {
-                      "Ref": "AWS::Region"
-                    },
-                    "account": {
-                      "Ref": "AWS::AccountId"
-                    },
-                    "lambda": {
-                      "Ref": "HostedUICustomResource"
-                    }
-                  }
-                ]
-              }
-            }
-          ]
-        },
-        "PolicyName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "UserPool"
-              },
-              "hostedUILogPolicy"
-            ]
-          ]
-        },
-        "Roles": [
-          {
-            "Ref": "UserPoolClientRole"
-          }
-        ]
-      },
-      "DependsOn": [
-        "HostedUICustomResourcePolicy"
-      ]
-    },
-    "HostedUICustomResourceInputs": {
-      "Type": "Custom::LambdaCallout",
-      "Properties": {
-        "ServiceToken": {
-          "Fn::GetAtt": [
-            "HostedUICustomResource",
-            "Arn"
-          ]
-        },
-        "hostedUIDomainName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "hostedUIDomainName"
-              },
-              {
-                "Ref": "env"
-              }
-            ]
-          ]
-        },
-        "userPoolId": {
-          "Ref": "UserPool"
-        }
-      },
-      "DependsOn": [
-        "HostedUICustomResourceLogPolicy"
-      ],
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete"
-    },
-    "HostedUIProvidersCustomResource": {
-      "Type": "AWS::Lambda::Function",
-      "Properties": {
-        "Code": {
-          "ZipFile": "const response = require('cfn-response');\nconst {\n  CognitoIdentityProviderClient,\n  CreateIdentityProviderCommand,\n  DeleteIdentityProviderCommand,\n  ListIdentityProvidersCommand,\n  UpdateIdentityProviderCommand,\n} = require('@aws-sdk/client-cognito-identity-provider');\nconst identity = new CognitoIdentityProviderClient({});\n\nexports.handler = (event, context) => {\n  // Don't return promise, response.send() marks context as done internally\n  void tryHandleEvent(event, context);\n};\n\nasync function tryHandleEvent(event, context) {\n  try {\n    await handleEvent(event);\n    response.send(event, context, response.SUCCESS, {});\n  } catch (err) {\n    console.log(err.stack);\n    response.send(event, context, response.FAILED, { err });\n  }\n}\n\nasync function handleEvent(event) {\n  const userPoolId = event.ResourceProperties.userPoolId;\n  const hostedUIProviderMeta = JSON.parse(event.ResourceProperties.hostedUIProviderMeta);\n  const hostedUIProviderCreds = JSON.parse(event.ResourceProperties.hostedUIProviderCreds);\n  const hasHostedUIProviderCreds = hostedUIProviderCreds.length && hostedUIProviderCreds.length > 0;\n  if (hasHostedUIProviderCreds && (event.RequestType === 'Update' || event.RequestType === 'Create')) {\n    const listIdentityProvidersResponse = await identity.send(\n      new ListIdentityProvidersCommand({\n        UserPoolId: userPoolId,\n        MaxResults: 60,\n      }),\n    );\n    console.log(listIdentityProvidersResponse);\n    const providerList = listIdentityProvidersResponse.Providers.map((provider) => provider.ProviderName);\n    const providerListInParameters = hostedUIProviderMeta.map((provider) => provider.ProviderName);\n    for (const providerMetadata of hostedUIProviderMeta) {\n      if (providerList.indexOf(providerMetadata.ProviderName) > -1) {\n        await updateIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n      } else {\n        await createIdentityProvider(providerMetadata.ProviderName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n      }\n    }\n    for (const provider of providerList) {\n      if (providerListInParameters.indexOf(provider) < 0) {\n        await deleteIdentityProvider(provider, userPoolId);\n      }\n    }\n  }\n}\n\nfunction getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const providerMeta = hostedUIProviderMeta.find((provider) => provider.ProviderName === providerName);\n  const providerCreds = hostedUIProviderCreds.find((provider) => provider.ProviderName === providerName);\n  let requestParams = {\n    ProviderName: providerMeta.ProviderName,\n    UserPoolId: userPoolId,\n    AttributeMapping: providerMeta.AttributeMapping,\n  };\n  if (providerMeta.ProviderName === 'SignInWithApple') {\n    if (providerCreds.client_id && providerCreds.team_id && providerCreds.key_id && providerCreds.private_key) {\n      requestParams.ProviderDetails = {\n        client_id: providerCreds.client_id,\n        team_id: providerCreds.team_id,\n        key_id: providerCreds.key_id,\n        private_key: providerCreds.private_key,\n        authorize_scopes: providerMeta.authorize_scopes,\n      };\n    } else {\n      requestParams = null;\n    }\n  } else {\n    if (providerCreds.client_id && providerCreds.client_secret) {\n      requestParams.ProviderDetails = {\n        client_id: providerCreds.client_id,\n        client_secret: providerCreds.client_secret,\n        authorize_scopes: providerMeta.authorize_scopes,\n      };\n    } else {\n      requestParams = null;\n    }\n  }\n  return requestParams;\n}\n\nasync function createIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n  if (!requestParams) {\n    return;\n  }\n  requestParams.ProviderType = requestParams.ProviderName;\n  await identity.send(new CreateIdentityProviderCommand(requestParams));\n}\n\nasync function updateIdentityProvider(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId) {\n  const requestParams = getRequestParams(providerName, hostedUIProviderMeta, hostedUIProviderCreds, userPoolId);\n  if (!requestParams) {\n    return;\n  }\n  await identity.send(new UpdateIdentityProviderCommand(requestParams));\n}\n\nasync function deleteIdentityProvider(providerName, userPoolId) {\n  const params = { ProviderName: providerName, UserPoolId: userPoolId };\n  await identity.send(new DeleteIdentityProviderCommand(params));\n}\n"
-        },
-        "Handler": "index.handler",
-        "Role": {
-          "Fn::GetAtt": [
-            "UserPoolClientRole",
-            "Arn"
-          ]
-        },
-        "Runtime": "nodejs18.x",
-        "Timeout": 300
-      },
-      "DependsOn": [
-        "UserPoolClientRole"
-      ]
-    },
-    "HostedUIProvidersCustomResourcePolicy": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "cognito-idp:CreateIdentityProvider",
-                "cognito-idp:UpdateIdentityProvider",
-                "cognito-idp:ListIdentityProviders",
-                "cognito-idp:DeleteIdentityProvider"
-              ],
-              "Resource": {
-                "Fn::GetAtt": [
-                  "UserPool",
-                  "Arn"
-                ]
-              }
-            },
-            {
-              "Effect": "Allow",
-              "Action": [
-                "cognito-idp:DescribeUserPoolDomain"
-              ],
-              "Resource": "*"
-            }
-          ]
-        },
-        "PolicyName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "UserPool"
-              },
-              "hostedUIProvider"
-            ]
-          ]
-        },
-        "Roles": [
-          {
-            "Ref": "UserPoolClientRole"
-          }
-        ]
-      },
-      "DependsOn": [
-        "HostedUIProvidersCustomResource"
-      ]
-    },
-    "HostedUIProvidersCustomResourceLogPolicy": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Version": "2012-10-17",
-          "Statement": [
-            {
-              "Effect": "Allow",
-              "Action": [
-                "logs:CreateLogGroup",
-                "logs:CreateLogStream",
-                "logs:PutLogEvents"
-              ],
-              "Resource": {
-                "Fn::Sub": [
-                  "arn:aws:logs:${region}:${account}:log-group:/aws/lambda/${lambda}:log-stream:*",
-                  {
-                    "region": {
-                      "Ref": "AWS::Region"
-                    },
-                    "account": {
-                      "Ref": "AWS::AccountId"
-                    },
-                    "lambda": {
-                      "Ref": "HostedUIProvidersCustomResource"
-                    }
-                  }
-                ]
-              }
-            }
-          ]
-        },
-        "PolicyName": {
-          "Fn::Join": [
-            "-",
-            [
-              {
-                "Ref": "UserPool"
-              },
-              "hostedUIProviderLogPolicy"
-            ]
-          ]
-        },
-        "Roles": [
-          {
-            "Ref": "UserPoolClientRole"
-          }
-        ]
-      },
-      "DependsOn": [
-        "HostedUIProvidersCustomResourcePolicy"
-      ]
-    },
-    "HostedUIProvidersCustomResourceInputs": {
-      "Type": "Custom::LambdaCallout",
-      "Properties": {
-        "ServiceToken": {
-          "Fn::GetAtt": [
-            "HostedUIProvidersCustomResource",
-            "Arn"
-          ]
-        },
-        "hostedUIProviderMeta": {
-          "Ref": "hostedUIProviderMeta"
-        },
-        "hostedUIProviderCreds": {
-          "Ref": "hostedUIProviderCreds"
-        },
-        "userPoolId": {
-          "Ref": "UserPool"
-        }
-      },
-      "DependsOn": [
-        "HostedUIProvidersCustomResourceLogPolicy"
-      ],
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete"
-    },
-    "IdentityPool": {
-      "Type": "AWS::Cognito::IdentityPool",
-      "Properties": {
-        "AllowUnauthenticatedIdentities": {
-          "Ref": "allowUnauthenticatedIdentities"
-        },
-        "CognitoIdentityProviders": [
-          {
-            "ClientId": {
-              "Ref": "UserPoolClient"
-            },
-            "ProviderName": {
-              "Fn::Sub": [
-                "cognito-idp.${region}.amazonaws.com/${client}",
-                {
-                  "region": {
-                    "Ref": "AWS::Region"
-                  },
-                  "client": {
-                    "Ref": "UserPool"
-                  }
-                }
-              ]
-            }
-          },
-          {
-            "ClientId": {
-              "Ref": "UserPoolClientWeb"
-            },
-            "ProviderName": {
-              "Fn::Sub": [
-                "cognito-idp.${region}.amazonaws.com/${client}",
-                {
-                  "region": {
-                    "Ref": "AWS::Region"
-                  },
-                  "client": {
-                    "Ref": "UserPool"
-                  }
-                }
-              ]
-            }
-          }
-        ],
-        "IdentityPoolName": {
-          "Fn::Join": [
-            "",
-            [
-              "testauth94a32e09_identitypool_94a32e09__",
-              {
-                "Ref": "env"
-              }
-            ]
-          ]
-        }
-      }
-    },
-    "IdentityPoolRoleMap": {
-      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
-      "Properties": {
-        "IdentityPoolId": {
-          "Ref": "IdentityPool"
-        },
-        "Roles": {
-          "unauthenticated": {
-            "Ref": "unauthRoleArn"
-          },
-          "authenticated": {
-            "Ref": "authRoleArn"
-          }
-        }
-      },
-      "DependsOn": [
-        "IdentityPool"
-      ]
-    }
-  },
-  "Outputs": {
-    "IdentityPoolId": {
-      "Description": "Id for the identity pool",
-      "Value": "us-east-1:6588b8b4-10ae-4cda-9bd7-3a2203e41a1b"
-    },
-    "IdentityPoolName": {
-      "Value": "testauth94a32e09_identitypool_94a32e09__dev"
-    },
-    "HostedUIDomain": {
-      "Value": "testauth5cb39772-5cb39772-dev"
-    },
-    "OAuthMetadata": {
-      "Value": "{\"AllowedOAuthFlows\":[\"code\"],\"AllowedOAuthScopes\":[\"phone\",\"email\",\"openid\",\"profile\",\"aws.cognito.signin.user.admin\"],\"CallbackURLs\":[\"http://localhost:3000/\"],\"LogoutURLs\":[\"http://localhost:3000/signout/\"]}"
-    },
-    "UserPoolId": {
-      "Description": "Id for the user pool",
-      "Value": "us-east-1_kn6MwHksP"
-    },
-    "UserPoolArn": {
-      "Description": "Arn for the user pool",
-      "Value": "arn:aws:cognito-idp:us-east-1:517770102601:userpool/us-east-1_kn6MwHksP"
-    },
-    "UserPoolName": {
-      "Value": "testauth94a32e09_userpool_94a32e09"
-    },
-    "AppClientIDWeb": {
-      "Description": "The user pool app client id for web",
-      "Value": "7pjaotu0rf3n2oqoh2s11lad88"
-    },
-    "AppClientID": {
-      "Description": "The user pool app client id",
-      "Value": "27o147nc4bl486e62gp7t3l2os"
-    }
-  }
-}
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate-rollback.json b/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate-rollback.json
deleted file mode 100644
index d78d802d151..00000000000
--- a/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate-rollback.json
+++ /dev/null
@@ -1,1157 +0,0 @@
-{
-  "Description": "{\"createdOn\":\"Mac\",\"createdBy\":\"AmplifySandbox\",\"createdWith\":\"1.3.1\",\"stackType\":\"auth-Cognito\",\"metadata\":{}}",
-  "Resources": {
-    "SecretFetcherResourceProviderLambdaServiceRole5ABAF823": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Statement": [
-            {
-              "Action": "sts:AssumeRole",
-              "Effect": "Allow",
-              "Principal": {
-                "Service": "lambda.amazonaws.com"
-              }
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "ManagedPolicyArns": [
-          {
-            "Fn::Join": [
-              "",
-              [
-                "arn:",
-                {
-                  "Ref": "AWS::Partition"
-                },
-                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-              ]
-            ]
-          }
-        ],
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/ServiceRole/Resource"
-      }
-    },
-    "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "ssm:GetParameter",
-              "Effect": "Allow",
-              "Resource": [
-                "arn:aws:ssm:*:*:parameter/amplify/mygen2app/rjabhi-sandbox-a7ef9235a4/*",
-                "arn:aws:ssm:*:*:parameter/amplify/shared/my-gen2-app/*"
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "PolicyName": "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB",
-        "Roles": [
-          {
-            "Ref": "SecretFetcherResourceProviderLambdaServiceRole5ABAF823"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/ServiceRole/DefaultPolicy/Resource"
-      }
-    },
-    "SecretFetcherResourceProviderLambda1ECC380E": {
-      "Type": "AWS::Lambda::Function",
-      "Properties": {
-        "Code": {
-          "S3Bucket": {
-            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
-          },
-          "S3Key": "7030e6070d15a14e086f45c2b3244fd1c4e437a570d01e6bc71d38b2fe98aa1f.zip"
-        },
-        "Handler": "index.handler",
-        "Role": {
-          "Fn::GetAtt": [
-            "SecretFetcherResourceProviderLambdaServiceRole5ABAF823",
-            "Arn"
-          ]
-        },
-        "Runtime": "nodejs18.x",
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ],
-        "Timeout": 10
-      },
-      "DependsOn": [
-        "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB",
-        "SecretFetcherResourceProviderLambdaServiceRole5ABAF823"
-      ],
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/Resource",
-        "aws:asset:path": "asset.7030e6070d15a14e086f45c2b3244fd1c4e437a570d01e6bc71d38b2fe98aa1f",
-        "aws:asset:is-bundled": true,
-        "aws:asset:property": "Code"
-      }
-    },
-    "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Statement": [
-            {
-              "Action": "sts:AssumeRole",
-              "Effect": "Allow",
-              "Principal": {
-                "Service": "lambda.amazonaws.com"
-              }
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "ManagedPolicyArns": [
-          {
-            "Fn::Join": [
-              "",
-              [
-                "arn:",
-                {
-                  "Ref": "AWS::Partition"
-                },
-                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-              ]
-            ]
-          }
-        ],
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/ServiceRole/Resource"
-      }
-    },
-    "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "lambda:InvokeFunction",
-              "Effect": "Allow",
-              "Resource": [
-                {
-                  "Fn::GetAtt": [
-                    "SecretFetcherResourceProviderLambda1ECC380E",
-                    "Arn"
-                  ]
-                },
-                {
-                  "Fn::Join": [
-                    "",
-                    [
-                      {
-                        "Fn::GetAtt": [
-                          "SecretFetcherResourceProviderLambda1ECC380E",
-                          "Arn"
-                        ]
-                      },
-                      ":*"
-                    ]
-                  ]
-                }
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "PolicyName": "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916",
-        "Roles": [
-          {
-            "Ref": "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource"
-      }
-    },
-    "SecretFetcherResourceProviderframeworkonEvent960CF056": {
-      "Type": "AWS::Lambda::Function",
-      "Properties": {
-        "Code": {
-          "S3Bucket": {
-            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
-          },
-          "S3Key": "4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e.zip"
-        },
-        "Description": "AWS CDK resource provider framework - onEvent (amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider)",
-        "Environment": {
-          "Variables": {
-            "USER_ON_EVENT_FUNCTION_ARN": {
-              "Fn::GetAtt": [
-                "SecretFetcherResourceProviderLambda1ECC380E",
-                "Arn"
-              ]
-            }
-          }
-        },
-        "Handler": "framework.onEvent",
-        "Role": {
-          "Fn::GetAtt": [
-            "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041",
-            "Arn"
-          ]
-        },
-        "Runtime": {
-          "Fn::FindInMap": [
-            "LatestNodeRuntimeMap",
-            {
-              "Ref": "AWS::Region"
-            },
-            "value"
-          ]
-        },
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ],
-        "Timeout": 900
-      },
-      "DependsOn": [
-        "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916",
-        "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041"
-      ],
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/Resource",
-        "aws:asset:path": "asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e",
-        "aws:asset:is-bundled": false,
-        "aws:asset:property": "Code"
-      }
-    },
-    "FACEBOOKCLIENTIDSecretFetcherResource": {
-      "Type": "Custom::SecretFetcherResource",
-      "Properties": {
-        "ServiceToken": {
-          "Fn::GetAtt": [
-            "SecretFetcherResourceProviderframeworkonEvent960CF056",
-            "Arn"
-          ]
-        },
-        "namespace": "my-gen2-app",
-        "name": "rjabhi",
-        "type": "sandbox",
-        "secretName": "FACEBOOK_CLIENT_ID",
-        "secretLastUpdated": "1727477216522"
-      },
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete",
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/FACEBOOK_CLIENT_IDSecretFetcherResource/Default"
-      }
-    },
-    "FACEBOOKCLIENTSECRETSecretFetcherResource": {
-      "Type": "Custom::SecretFetcherResource",
-      "Properties": {
-        "ServiceToken": {
-          "Fn::GetAtt": [
-            "SecretFetcherResourceProviderframeworkonEvent960CF056",
-            "Arn"
-          ]
-        },
-        "namespace": "my-gen2-app",
-        "name": "rjabhi",
-        "type": "sandbox",
-        "secretName": "FACEBOOK_CLIENT_SECRET",
-        "secretLastUpdated": "1727477216522"
-      },
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete",
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/FACEBOOK_CLIENT_SECRETSecretFetcherResource/Default"
-      }
-    },
-    "amplifyAuthUserPool4BA7F805": {
-      "Type": "AWS::Cognito::UserPool",
-      "Properties": {
-        "AccountRecoverySetting": {
-          "RecoveryMechanisms": [
-            {
-              "Name": "verified_email",
-              "Priority": 1
-            }
-          ]
-        },
-        "AdminCreateUserConfig": {
-          "AllowAdminCreateUserOnly": false
-        },
-        "AutoVerifiedAttributes": [
-          "email"
-        ],
-        "EmailVerificationMessage": "The verification code to your new account is {####}",
-        "EmailVerificationSubject": "Verify your new account",
-        "MfaConfiguration": "OFF",
-        "Policies": {
-          "PasswordPolicy": {
-            "MinimumLength": 8,
-            "RequireLowercase": false,
-            "RequireNumbers": false,
-            "RequireSymbols": false,
-            "RequireUppercase": false,
-            "TemporaryPasswordValidityDays": 7
-          }
-        },
-        "Schema": [
-          {
-            "Mutable": true,
-            "Name": "email",
-            "Required": true
-          },
-          {
-            "Mutable": true,
-            "Name": "phone_number",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "profile",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "address",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "birthdate",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "gender",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "preferred_username",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "updated_at",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "website",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "picture",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "zoneinfo",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "locale",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "given_name",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "family_name",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "middle_name",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "name",
-            "Required": false
-          },
-          {
-            "Mutable": true,
-            "Name": "nickname",
-            "Required": false
-          }
-        ],
-        "SmsVerificationMessage": "The verification code to your new account is {####}",
-        "UserAttributeUpdateSettings": {
-          "AttributesRequireVerificationBeforeUpdate": [
-            "email"
-          ]
-        },
-        "UserPoolName": "testauth94a32e09_userpool_94a32e09-dev",
-        "UserPoolTags": {
-          "amplify:deployment-type": "sandbox",
-          "amplify:friendly-name": "amplifyAuth",
-          "created-by": "amplify"
-        },
-        "UsernameAttributes": [],
-        "UsernameConfiguration": {
-          "CaseSensitive": false
-        },
-        "VerificationMessageTemplate": {
-          "DefaultEmailOption": "CONFIRM_WITH_CODE",
-          "EmailMessage": "The verification code to your new account is {####}",
-          "EmailSubject": "Verify your new account",
-          "SmsMessage": "The verification code to your new account is {####}"
-        }
-      },
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete",
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/UserPool/Resource"
-      }
-    },
-    "amplifyAuthUserPoolUserPoolDomain1F688B5B": {
-      "Type": "AWS::Cognito::UserPoolDomain",
-      "Properties": {
-        "Domain": "917076d6886732946225",
-        "UserPoolId": {
-          "Ref": "amplifyAuthUserPool4BA7F805"
-        }
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/UserPool/UserPoolDomain/Resource"
-      }
-    },
-    "amplifyAuthFacebookIDP7CB5B5CC": {
-      "Type": "AWS::Cognito::UserPoolIdentityProvider",
-      "Properties": {
-        "AttributeMapping": {
-          "email": "email"
-        },
-        "ProviderDetails": {
-          "client_id": {
-            "Fn::GetAtt": [
-              "FACEBOOKCLIENTIDSecretFetcherResource",
-              "secretValue"
-            ]
-          },
-          "client_secret": {
-            "Fn::GetAtt": [
-              "FACEBOOKCLIENTSECRETSecretFetcherResource",
-              "secretValue"
-            ]
-          },
-          "authorize_scopes": "public_profile"
-        },
-        "ProviderName": "Facebook",
-        "ProviderType": "Facebook",
-        "UserPoolId": {
-          "Ref": "amplifyAuthUserPool4BA7F805"
-        }
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/FacebookIDP/Resource"
-      }
-    },
-    "amplifyAuthUserPoolAppClient2626C6F8": {
-      "Type": "AWS::Cognito::UserPoolClient",
-      "Properties": {
-        "AllowedOAuthFlows": [
-          "code"
-        ],
-        "AllowedOAuthFlowsUserPoolClient": true,
-        "AllowedOAuthScopes": [
-          "aws.cognito.signin.user.admin",
-          "email",
-          "openid",
-          "phone",
-          "profile"
-        ],
-        "CallbackURLs": [
-          "http://localhost:3000/"
-        ],
-        "ExplicitAuthFlows": [
-          "ALLOW_CUSTOM_AUTH",
-          "ALLOW_USER_SRP_AUTH",
-          "ALLOW_REFRESH_TOKEN_AUTH"
-        ],
-        "LogoutURLs": [
-          "http://localhost:3000/signout/"
-        ],
-        "PreventUserExistenceErrors": "ENABLED",
-        "SupportedIdentityProviders": [
-          {
-            "Ref": "amplifyAuthFacebookIDP7CB5B5CC"
-          },
-          "COGNITO"
-        ],
-        "UserPoolId": {
-          "Ref": "amplifyAuthUserPool4BA7F805"
-        }
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/UserPoolAppClient/Resource"
-      }
-    },
-    "amplifyAuthIdentityPool3FDE84CC": {
-      "Type": "AWS::Cognito::IdentityPool",
-      "Properties": {
-        "AllowUnauthenticatedIdentities": false,
-        "CognitoIdentityProviders": [
-          {
-            "ClientId": {
-              "Ref": "amplifyAuthUserPoolAppClient2626C6F8"
-            },
-            "ProviderName": {
-              "Fn::Join": [
-                "",
-                [
-                  "cognito-idp.",
-                  {
-                    "Ref": "AWS::Region"
-                  },
-                  ".amazonaws.com/",
-                  {
-                    "Ref": "amplifyAuthUserPool4BA7F805"
-                  }
-                ]
-              ]
-            }
-          }
-        ],
-        "IdentityPoolTags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "amplify:friendly-name",
-            "Value": "amplifyAuth"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ],
-        "SupportedLoginProviders": {
-          "graph.facebook.com": {
-            "Fn::GetAtt": [
-              "FACEBOOKCLIENTIDSecretFetcherResource",
-              "secretValue"
-            ]
-          }
-        }
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/IdentityPool"
-      }
-    },
-    "amplifyAuthauthenticatedUserRoleD8DA3689": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Statement": [
-            {
-              "Action": "sts:AssumeRoleWithWebIdentity",
-              "Condition": {
-                "StringEquals": {
-                  "cognito-identity.amazonaws.com:aud": {
-                    "Ref": "amplifyAuthIdentityPool3FDE84CC"
-                  }
-                },
-                "ForAnyValue:StringLike": {
-                  "cognito-identity.amazonaws.com:amr": "authenticated"
-                }
-              },
-              "Effect": "Allow",
-              "Principal": {
-                "Federated": "cognito-identity.amazonaws.com"
-              }
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "amplify:friendly-name",
-            "Value": "amplifyAuth"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/authenticatedUserRole/Resource"
-      }
-    },
-    "amplifyAuthunauthenticatedUserRole2B524D9E": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Statement": [
-            {
-              "Action": "sts:AssumeRoleWithWebIdentity",
-              "Condition": {
-                "StringEquals": {
-                  "cognito-identity.amazonaws.com:aud": {
-                    "Ref": "amplifyAuthIdentityPool3FDE84CC"
-                  }
-                },
-                "ForAnyValue:StringLike": {
-                  "cognito-identity.amazonaws.com:amr": "unauthenticated"
-                }
-              },
-              "Effect": "Allow",
-              "Principal": {
-                "Federated": "cognito-identity.amazonaws.com"
-              }
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "amplify:friendly-name",
-            "Value": "amplifyAuth"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/unauthenticatedUserRole/Resource"
-      }
-    },
-    "amplifyAuthIdentityPoolRoleAttachment045F17C8": {
-      "Type": "AWS::Cognito::IdentityPoolRoleAttachment",
-      "Properties": {
-        "IdentityPoolId": {
-          "Ref": "amplifyAuthIdentityPool3FDE84CC"
-        },
-        "RoleMappings": {
-          "UserPoolWebClientRoleMapping": {
-            "AmbiguousRoleResolution": "AuthenticatedRole",
-            "IdentityProvider": {
-              "Fn::Join": [
-                "",
-                [
-                  "cognito-idp.",
-                  {
-                    "Ref": "AWS::Region"
-                  },
-                  ".amazonaws.com/",
-                  {
-                    "Ref": "amplifyAuthUserPool4BA7F805"
-                  },
-                  ":",
-                  {
-                    "Ref": "amplifyAuthUserPoolAppClient2626C6F8"
-                  }
-                ]
-              ]
-            },
-            "Type": "Token"
-          }
-        },
-        "Roles": {
-          "unauthenticated": {
-            "Fn::GetAtt": [
-              "amplifyAuthunauthenticatedUserRole2B524D9E",
-              "Arn"
-            ]
-          },
-          "authenticated": {
-            "Fn::GetAtt": [
-              "amplifyAuthauthenticatedUserRoleD8DA3689",
-              "Arn"
-            ]
-          }
-        }
-      },
-      "DependsOn": [
-        "amplifyAuthIdentityPool3FDE84CC",
-        "amplifyAuthUserPoolAppClient2626C6F8"
-      ],
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/IdentityPoolRoleAttachment"
-      }
-    },
-    "CDKMetadata": {
-      "Type": "AWS::CDK::Metadata",
-      "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/11RQW7CQAx8C/fFDaD2DqmQeihCoJ6jZdeASbJGsQNCUf5ebQJp1NOM7fHIGs9h9pFAMrF3mTqfTws6QLNBUfR7tS439i5ZU9jy4G0W2ONFYNPBug5OiYMhW0Kz4wJNegwdbrkg94hlz1oji8yKoAosIxhZwKp2OerKCpreHpr0GAbXF2mN41MgZWh+BKstcxGNB/4in1xaCuPRs/MqvzwGJX1sK76Rx2ptHR6Y8/HKf82wnBaEQcfSv86w9DxtXMc4lqrWnUsM2rZmh8J15dB0OezVniicjKtFucyq51BgOCA9hm97vUZR2okGgxj2iKccPPWBxTfBRd5u8wRm75BMLkI0reqgVCLsevwFXhK6UfkBAAA="
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/CDKMetadata/Default"
-      },
-      "Condition": "CDKMetadataAvailable"
-    }
-  },
-  "Mappings": {
-    "LatestNodeRuntimeMap": {
-      "af-south-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-east-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-northeast-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-northeast-2": {
-        "value": "nodejs20.x"
-      },
-      "ap-northeast-3": {
-        "value": "nodejs20.x"
-      },
-      "ap-south-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-south-2": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-2": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-3": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-4": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-5": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-7": {
-        "value": "nodejs20.x"
-      },
-      "ca-central-1": {
-        "value": "nodejs20.x"
-      },
-      "ca-west-1": {
-        "value": "nodejs20.x"
-      },
-      "cn-north-1": {
-        "value": "nodejs18.x"
-      },
-      "cn-northwest-1": {
-        "value": "nodejs18.x"
-      },
-      "eu-central-1": {
-        "value": "nodejs20.x"
-      },
-      "eu-central-2": {
-        "value": "nodejs20.x"
-      },
-      "eu-isoe-west-1": {
-        "value": "nodejs18.x"
-      },
-      "eu-north-1": {
-        "value": "nodejs20.x"
-      },
-      "eu-south-1": {
-        "value": "nodejs20.x"
-      },
-      "eu-south-2": {
-        "value": "nodejs20.x"
-      },
-      "eu-west-1": {
-        "value": "nodejs20.x"
-      },
-      "eu-west-2": {
-        "value": "nodejs20.x"
-      },
-      "eu-west-3": {
-        "value": "nodejs20.x"
-      },
-      "il-central-1": {
-        "value": "nodejs20.x"
-      },
-      "me-central-1": {
-        "value": "nodejs20.x"
-      },
-      "me-south-1": {
-        "value": "nodejs20.x"
-      },
-      "mx-central-1": {
-        "value": "nodejs20.x"
-      },
-      "sa-east-1": {
-        "value": "nodejs20.x"
-      },
-      "us-east-1": {
-        "value": "nodejs20.x"
-      },
-      "us-east-2": {
-        "value": "nodejs20.x"
-      },
-      "us-gov-east-1": {
-        "value": "nodejs18.x"
-      },
-      "us-gov-west-1": {
-        "value": "nodejs18.x"
-      },
-      "us-iso-east-1": {
-        "value": "nodejs18.x"
-      },
-      "us-iso-west-1": {
-        "value": "nodejs18.x"
-      },
-      "us-isob-east-1": {
-        "value": "nodejs18.x"
-      },
-      "us-west-1": {
-        "value": "nodejs20.x"
-      },
-      "us-west-2": {
-        "value": "nodejs20.x"
-      }
-    }
-  },
-  "Conditions": {
-    "CDKMetadataAvailable": {
-      "Fn::Or": [
-        {
-          "Fn::Or": [
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "af-south-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-east-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-northeast-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-northeast-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-northeast-3"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-south-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-south-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-southeast-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-southeast-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-southeast-3"
-              ]
-            }
-          ]
-        },
-        {
-          "Fn::Or": [
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-southeast-4"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ca-central-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ca-west-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "cn-north-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "cn-northwest-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-central-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-central-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-north-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-south-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-south-2"
-              ]
-            }
-          ]
-        },
-        {
-          "Fn::Or": [
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-west-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-west-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-west-3"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "il-central-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "me-central-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "me-south-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "sa-east-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "us-east-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "us-east-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "us-west-1"
-              ]
-            }
-          ]
-        },
-        {
-          "Fn::Equals": [
-            {
-              "Ref": "AWS::Region"
-            },
-            "us-west-2"
-          ]
-        }
-      ]
-    }
-  },
-  "Outputs": {
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPool35006F41Ref": {
-      "Value": {
-        "Ref": "amplifyAuthUserPool4BA7F805"
-      }
-    },
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPoolAppClient2FF46763Ref": {
-      "Value": {
-        "Ref": "amplifyAuthUserPoolAppClient2626C6F8"
-      }
-    },
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthIdentityPoolE649E272Ref": {
-      "Value": {
-        "Ref": "amplifyAuthIdentityPool3FDE84CC"
-      }
-    },
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPoolUserPoolDomain922BB047Ref": {
-      "Value": {
-        "Ref": "amplifyAuthUserPoolUserPoolDomain1F688B5B"
-      }
-    },
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthauthenticatedUserRole25B64256Ref": {
-      "Value": {
-        "Ref": "amplifyAuthauthenticatedUserRoleD8DA3689"
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate.json b/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate.json
deleted file mode 100644
index 45fada723ea..00000000000
--- a/packages/amplify-migration/.amplify/migration/templates/auth/step2-gen2ResourcesRemovalStackTemplate.json
+++ /dev/null
@@ -1,838 +0,0 @@
-{
-  "Description": "{\"createdOn\":\"Mac\",\"createdBy\":\"AmplifySandbox\",\"createdWith\":\"1.3.1\",\"stackType\":\"auth-Cognito\",\"metadata\":{}}",
-  "Resources": {
-    "SecretFetcherResourceProviderLambdaServiceRole5ABAF823": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Statement": [
-            {
-              "Action": "sts:AssumeRole",
-              "Effect": "Allow",
-              "Principal": {
-                "Service": "lambda.amazonaws.com"
-              }
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "ManagedPolicyArns": [
-          {
-            "Fn::Join": [
-              "",
-              [
-                "arn:",
-                {
-                  "Ref": "AWS::Partition"
-                },
-                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-              ]
-            ]
-          }
-        ],
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/ServiceRole/Resource"
-      }
-    },
-    "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "ssm:GetParameter",
-              "Effect": "Allow",
-              "Resource": [
-                "arn:aws:ssm:*:*:parameter/amplify/mygen2app/rjabhi-sandbox-a7ef9235a4/*",
-                "arn:aws:ssm:*:*:parameter/amplify/shared/my-gen2-app/*"
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "PolicyName": "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB",
-        "Roles": [
-          {
-            "Ref": "SecretFetcherResourceProviderLambdaServiceRole5ABAF823"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/ServiceRole/DefaultPolicy/Resource"
-      }
-    },
-    "SecretFetcherResourceProviderLambda1ECC380E": {
-      "Type": "AWS::Lambda::Function",
-      "Properties": {
-        "Code": {
-          "S3Bucket": {
-            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
-          },
-          "S3Key": "7030e6070d15a14e086f45c2b3244fd1c4e437a570d01e6bc71d38b2fe98aa1f.zip"
-        },
-        "Handler": "index.handler",
-        "Role": {
-          "Fn::GetAtt": [
-            "SecretFetcherResourceProviderLambdaServiceRole5ABAF823",
-            "Arn"
-          ]
-        },
-        "Runtime": "nodejs18.x",
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ],
-        "Timeout": 10
-      },
-      "DependsOn": [
-        "SecretFetcherResourceProviderLambdaServiceRoleDefaultPolicyD52F71CB",
-        "SecretFetcherResourceProviderLambdaServiceRole5ABAF823"
-      ],
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProviderLambda/Resource",
-        "aws:asset:path": "asset.7030e6070d15a14e086f45c2b3244fd1c4e437a570d01e6bc71d38b2fe98aa1f",
-        "aws:asset:is-bundled": true,
-        "aws:asset:property": "Code"
-      }
-    },
-    "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Statement": [
-            {
-              "Action": "sts:AssumeRole",
-              "Effect": "Allow",
-              "Principal": {
-                "Service": "lambda.amazonaws.com"
-              }
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "ManagedPolicyArns": [
-          {
-            "Fn::Join": [
-              "",
-              [
-                "arn:",
-                {
-                  "Ref": "AWS::Partition"
-                },
-                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
-              ]
-            ]
-          }
-        ],
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/ServiceRole/Resource"
-      }
-    },
-    "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916": {
-      "Type": "AWS::IAM::Policy",
-      "Properties": {
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "lambda:InvokeFunction",
-              "Effect": "Allow",
-              "Resource": [
-                {
-                  "Fn::GetAtt": [
-                    "SecretFetcherResourceProviderLambda1ECC380E",
-                    "Arn"
-                  ]
-                },
-                {
-                  "Fn::Join": [
-                    "",
-                    [
-                      {
-                        "Fn::GetAtt": [
-                          "SecretFetcherResourceProviderLambda1ECC380E",
-                          "Arn"
-                        ]
-                      },
-                      ":*"
-                    ]
-                  ]
-                }
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "PolicyName": "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916",
-        "Roles": [
-          {
-            "Ref": "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource"
-      }
-    },
-    "SecretFetcherResourceProviderframeworkonEvent960CF056": {
-      "Type": "AWS::Lambda::Function",
-      "Properties": {
-        "Code": {
-          "S3Bucket": {
-            "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
-          },
-          "S3Key": "4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e.zip"
-        },
-        "Description": "AWS CDK resource provider framework - onEvent (amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider)",
-        "Environment": {
-          "Variables": {
-            "USER_ON_EVENT_FUNCTION_ARN": {
-              "Fn::GetAtt": [
-                "SecretFetcherResourceProviderLambda1ECC380E",
-                "Arn"
-              ]
-            }
-          }
-        },
-        "Handler": "framework.onEvent",
-        "Role": {
-          "Fn::GetAtt": [
-            "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041",
-            "Arn"
-          ]
-        },
-        "Runtime": {
-          "Fn::FindInMap": [
-            "LatestNodeRuntimeMap",
-            {
-              "Ref": "AWS::Region"
-            },
-            "value"
-          ]
-        },
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ],
-        "Timeout": 900
-      },
-      "DependsOn": [
-        "SecretFetcherResourceProviderframeworkonEventServiceRoleDefaultPolicy38F3A916",
-        "SecretFetcherResourceProviderframeworkonEventServiceRoleA7B78041"
-      ],
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/SecretFetcherResourceProvider/framework-onEvent/Resource",
-        "aws:asset:path": "asset.4dc48ffba382f93077a1e6824599bbd4ceb6f91eb3d9442eca3b85bdb1a20b1e",
-        "aws:asset:is-bundled": false,
-        "aws:asset:property": "Code"
-      }
-    },
-    "FACEBOOKCLIENTIDSecretFetcherResource": {
-      "Type": "Custom::SecretFetcherResource",
-      "Properties": {
-        "ServiceToken": {
-          "Fn::GetAtt": [
-            "SecretFetcherResourceProviderframeworkonEvent960CF056",
-            "Arn"
-          ]
-        },
-        "namespace": "my-gen2-app",
-        "name": "rjabhi",
-        "type": "sandbox",
-        "secretName": "FACEBOOK_CLIENT_ID",
-        "secretLastUpdated": "1727477216522"
-      },
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete",
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/FACEBOOK_CLIENT_IDSecretFetcherResource/Default"
-      }
-    },
-    "FACEBOOKCLIENTSECRETSecretFetcherResource": {
-      "Type": "Custom::SecretFetcherResource",
-      "Properties": {
-        "ServiceToken": {
-          "Fn::GetAtt": [
-            "SecretFetcherResourceProviderframeworkonEvent960CF056",
-            "Arn"
-          ]
-        },
-        "namespace": "my-gen2-app",
-        "name": "rjabhi",
-        "type": "sandbox",
-        "secretName": "FACEBOOK_CLIENT_SECRET",
-        "secretLastUpdated": "1727477216522"
-      },
-      "UpdateReplacePolicy": "Delete",
-      "DeletionPolicy": "Delete",
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/FACEBOOK_CLIENT_SECRETSecretFetcherResource/Default"
-      }
-    },
-    "amplifyAuthFacebookIDP7CB5B5CC": {
-      "Type": "AWS::Cognito::UserPoolIdentityProvider",
-      "Properties": {
-        "AttributeMapping": {
-          "email": "email"
-        },
-        "ProviderDetails": {
-          "client_id": {
-            "Fn::GetAtt": [
-              "FACEBOOKCLIENTIDSecretFetcherResource",
-              "secretValue"
-            ]
-          },
-          "client_secret": {
-            "Fn::GetAtt": [
-              "FACEBOOKCLIENTSECRETSecretFetcherResource",
-              "secretValue"
-            ]
-          },
-          "authorize_scopes": "public_profile"
-        },
-        "ProviderName": "Facebook",
-        "ProviderType": "Facebook",
-        "UserPoolId": "[object Object]"
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/FacebookIDP/Resource"
-      }
-    },
-    "amplifyAuthauthenticatedUserRoleD8DA3689": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Statement": [
-            {
-              "Action": "sts:AssumeRoleWithWebIdentity",
-              "Condition": {
-                "StringEquals": {
-                  "cognito-identity.amazonaws.com:aud": "[object Object]"
-                },
-                "ForAnyValue:StringLike": {
-                  "cognito-identity.amazonaws.com:amr": "authenticated"
-                }
-              },
-              "Effect": "Allow",
-              "Principal": {
-                "Federated": "cognito-identity.amazonaws.com"
-              }
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "amplify:friendly-name",
-            "Value": "amplifyAuth"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/authenticatedUserRole/Resource"
-      }
-    },
-    "amplifyAuthunauthenticatedUserRole2B524D9E": {
-      "Type": "AWS::IAM::Role",
-      "Properties": {
-        "AssumeRolePolicyDocument": {
-          "Statement": [
-            {
-              "Action": "sts:AssumeRoleWithWebIdentity",
-              "Condition": {
-                "StringEquals": {
-                  "cognito-identity.amazonaws.com:aud": "[object Object]"
-                },
-                "ForAnyValue:StringLike": {
-                  "cognito-identity.amazonaws.com:amr": "unauthenticated"
-                }
-              },
-              "Effect": "Allow",
-              "Principal": {
-                "Federated": "cognito-identity.amazonaws.com"
-              }
-            }
-          ],
-          "Version": "2012-10-17"
-        },
-        "Tags": [
-          {
-            "Key": "amplify:deployment-type",
-            "Value": "sandbox"
-          },
-          {
-            "Key": "amplify:friendly-name",
-            "Value": "amplifyAuth"
-          },
-          {
-            "Key": "created-by",
-            "Value": "amplify"
-          }
-        ]
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/amplifyAuth/unauthenticatedUserRole/Resource"
-      }
-    },
-    "CDKMetadata": {
-      "Type": "AWS::CDK::Metadata",
-      "Properties": {
-        "Analytics": "v2:deflate64:H4sIAAAAAAAA/11RQW7CQAx8C/fFDaD2DqmQeihCoJ6jZdeASbJGsQNCUf5ebQJp1NOM7fHIGs9h9pFAMrF3mTqfTws6QLNBUfR7tS439i5ZU9jy4G0W2ONFYNPBug5OiYMhW0Kz4wJNegwdbrkg94hlz1oji8yKoAosIxhZwKp2OerKCpreHpr0GAbXF2mN41MgZWh+BKstcxGNB/4in1xaCuPRs/MqvzwGJX1sK76Rx2ptHR6Y8/HKf82wnBaEQcfSv86w9DxtXMc4lqrWnUsM2rZmh8J15dB0OezVniicjKtFucyq51BgOCA9hm97vUZR2okGgxj2iKccPPWBxTfBRd5u8wRm75BMLkI0reqgVCLsevwFXhK6UfkBAAA="
-      },
-      "Metadata": {
-        "aws:cdk:path": "amplify-mygen2app-rjabhi-sandbox-a7ef9235a4/auth/CDKMetadata/Default"
-      },
-      "Condition": "CDKMetadataAvailable"
-    }
-  },
-  "Mappings": {
-    "LatestNodeRuntimeMap": {
-      "af-south-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-east-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-northeast-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-northeast-2": {
-        "value": "nodejs20.x"
-      },
-      "ap-northeast-3": {
-        "value": "nodejs20.x"
-      },
-      "ap-south-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-south-2": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-1": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-2": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-3": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-4": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-5": {
-        "value": "nodejs20.x"
-      },
-      "ap-southeast-7": {
-        "value": "nodejs20.x"
-      },
-      "ca-central-1": {
-        "value": "nodejs20.x"
-      },
-      "ca-west-1": {
-        "value": "nodejs20.x"
-      },
-      "cn-north-1": {
-        "value": "nodejs18.x"
-      },
-      "cn-northwest-1": {
-        "value": "nodejs18.x"
-      },
-      "eu-central-1": {
-        "value": "nodejs20.x"
-      },
-      "eu-central-2": {
-        "value": "nodejs20.x"
-      },
-      "eu-isoe-west-1": {
-        "value": "nodejs18.x"
-      },
-      "eu-north-1": {
-        "value": "nodejs20.x"
-      },
-      "eu-south-1": {
-        "value": "nodejs20.x"
-      },
-      "eu-south-2": {
-        "value": "nodejs20.x"
-      },
-      "eu-west-1": {
-        "value": "nodejs20.x"
-      },
-      "eu-west-2": {
-        "value": "nodejs20.x"
-      },
-      "eu-west-3": {
-        "value": "nodejs20.x"
-      },
-      "il-central-1": {
-        "value": "nodejs20.x"
-      },
-      "me-central-1": {
-        "value": "nodejs20.x"
-      },
-      "me-south-1": {
-        "value": "nodejs20.x"
-      },
-      "mx-central-1": {
-        "value": "nodejs20.x"
-      },
-      "sa-east-1": {
-        "value": "nodejs20.x"
-      },
-      "us-east-1": {
-        "value": "nodejs20.x"
-      },
-      "us-east-2": {
-        "value": "nodejs20.x"
-      },
-      "us-gov-east-1": {
-        "value": "nodejs18.x"
-      },
-      "us-gov-west-1": {
-        "value": "nodejs18.x"
-      },
-      "us-iso-east-1": {
-        "value": "nodejs18.x"
-      },
-      "us-iso-west-1": {
-        "value": "nodejs18.x"
-      },
-      "us-isob-east-1": {
-        "value": "nodejs18.x"
-      },
-      "us-west-1": {
-        "value": "nodejs20.x"
-      },
-      "us-west-2": {
-        "value": "nodejs20.x"
-      }
-    }
-  },
-  "Conditions": {
-    "CDKMetadataAvailable": {
-      "Fn::Or": [
-        {
-          "Fn::Or": [
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "af-south-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-east-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-northeast-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-northeast-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-northeast-3"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-south-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-south-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-southeast-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-southeast-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-southeast-3"
-              ]
-            }
-          ]
-        },
-        {
-          "Fn::Or": [
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ap-southeast-4"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ca-central-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "ca-west-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "cn-north-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "cn-northwest-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-central-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-central-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-north-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-south-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-south-2"
-              ]
-            }
-          ]
-        },
-        {
-          "Fn::Or": [
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-west-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-west-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "eu-west-3"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "il-central-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "me-central-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "me-south-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "sa-east-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "us-east-1"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "us-east-2"
-              ]
-            },
-            {
-              "Fn::Equals": [
-                {
-                  "Ref": "AWS::Region"
-                },
-                "us-west-1"
-              ]
-            }
-          ]
-        },
-        {
-          "Fn::Equals": [
-            {
-              "Ref": "AWS::Region"
-            },
-            "us-west-2"
-          ]
-        }
-      ]
-    }
-  },
-  "Outputs": {
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPool35006F41Ref": {
-      "Value": "[object Object]"
-    },
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPoolAppClient2FF46763Ref": {
-      "Value": "[object Object]"
-    },
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthIdentityPoolE649E272Ref": {
-      "Value": "[object Object]"
-    },
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthUserPoolUserPoolDomain922BB047Ref": {
-      "Value": "[object Object]"
-    },
-    "amplifymygen2apprjabhisandboxa7ef9235a4authamplifyAuthauthenticatedUserRole25B64256Ref": {
-      "Value": {
-        "Ref": "amplifyAuthauthenticatedUserRoleD8DA3689"
-      }
-    }
-  }
-}
\ No newline at end of file

From 2739aec0dd923537d8bf704bb63944f4756cc2c9 Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 18:02:45 -0800
Subject: [PATCH 05/10] fix: invert isImported condition

---
 .../src/app_auth_definition_fetcher.ts        | 101 +++++++++---------
 1 file changed, 51 insertions(+), 50 deletions(-)

diff --git a/packages/amplify-migration/src/app_auth_definition_fetcher.ts b/packages/amplify-migration/src/app_auth_definition_fetcher.ts
index 7d0852af457..1c392be898b 100644
--- a/packages/amplify-migration/src/app_auth_definition_fetcher.ts
+++ b/packages/amplify-migration/src/app_auth_definition_fetcher.ts
@@ -53,61 +53,62 @@ export class AppAuthDefinitionFetcher {
     const amplifyMeta = (await this.readJsonFile(amplifyMetaPath)) ?? {};
     const isImported = Object.keys(amplifyMeta.auth).map((key) => amplifyMeta.auth[key])[0].serviceType === 'imported';
 
-    if (isImported) {
-      const {
-        UserPoolId: userPoolId,
-        AppClientIDWeb: userPoolClientId,
-        IdentityPoolId: identityPoolId,
-      } = Object.keys(amplifyMeta.auth).map((key) => amplifyMeta.auth[key])[0].output;
-      if (!userPoolId && !userPoolClientId && !identityPoolId) {
-        throw new Error('No user pool or identity pool found for import.');
-      }
+    if (!isImported) {
+      return undefined;
+    }
 
-      let authRoleArn: string | undefined;
-      let unauthRoleArn: string | undefined;
-      let groups: Record<string, string> | undefined;
-
-      if (identityPoolId) {
-        const { Roles } = await this.cognitoIdentityPoolClient.send(
-          new GetIdentityPoolRolesCommand({
-            IdentityPoolId: identityPoolId,
-          }),
-        );
-        if (Roles) {
-          authRoleArn = Roles.authenticated;
-          unauthRoleArn = Roles.unauthenticated;
-        }
-      }
+    const {
+      UserPoolId: userPoolId,
+      AppClientIDWeb: userPoolClientId,
+      IdentityPoolId: identityPoolId,
+    } = Object.keys(amplifyMeta.auth).map((key) => amplifyMeta.auth[key])[0].output;
+    if (!userPoolId && !userPoolClientId && !identityPoolId) {
+      throw new Error('No user pool or identity pool found for import.');
+    }
+
+    let authRoleArn: string | undefined;
+    let unauthRoleArn: string | undefined;
+    let groups: Record<string, string> | undefined;
 
-      if (userPoolId) {
-        const { Groups } = await this.cognitoIdentityProviderClient.send(
-          new ListGroupsCommand({
-            UserPoolId: userPoolId,
-          }),
-        );
-
-        if (Groups && Groups.length > 0) {
-          groups = Groups.reduce((acc: Record<string, string>, { GroupName, RoleArn }) => {
-            assert(GroupName);
-            assert(RoleArn);
-            return {
-              ...acc,
-              [GroupName]: RoleArn,
-            };
-          }, {});
-        }
+    if (identityPoolId) {
+      const { Roles } = await this.cognitoIdentityPoolClient.send(
+        new GetIdentityPoolRolesCommand({
+          IdentityPoolId: identityPoolId,
+        }),
+      );
+      if (Roles) {
+        authRoleArn = Roles.authenticated;
+        unauthRoleArn = Roles.unauthenticated;
       }
+    }
 
-      return {
-        userPoolId,
-        userPoolClientId,
-        identityPoolId,
-        unauthRoleArn,
-        authRoleArn,
-        groups,
-      };
+    if (userPoolId) {
+      const { Groups } = await this.cognitoIdentityProviderClient.send(
+        new ListGroupsCommand({
+          UserPoolId: userPoolId,
+        }),
+      );
+
+      if (Groups && Groups.length > 0) {
+        groups = Groups.reduce((acc: Record<string, string>, { GroupName, RoleArn }) => {
+          assert(GroupName);
+          assert(RoleArn);
+          return {
+            ...acc,
+            [GroupName]: RoleArn,
+          };
+        }, {});
+      }
     }
-    return undefined;
+
+    return {
+      userPoolId,
+      userPoolClientId,
+      identityPoolId,
+      unauthRoleArn,
+      authRoleArn,
+      groups,
+    };
   };
 
   getDefinition = async (): Promise<AuthDefinition | undefined> => {

From 72d178bcdf10b660ff53f90ca9bb3c24dd460344 Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 18:11:27 -0800
Subject: [PATCH 06/10] fix: prefer early return instead of else block with
 nesting

---
 .../src/auth/source_builder.ts                | 136 +++++++++---------
 1 file changed, 69 insertions(+), 67 deletions(-)

diff --git a/packages/amplify-gen2-codegen/src/auth/source_builder.ts b/packages/amplify-gen2-codegen/src/auth/source_builder.ts
index c464088a72f..3a10c0cbd9b 100644
--- a/packages/amplify-gen2-codegen/src/auth/source_builder.ts
+++ b/packages/amplify-gen2-codegen/src/auth/source_builder.ts
@@ -474,11 +474,9 @@ export function renderAuthNode(definition: AuthDefinition): ts.NodeArray<ts.Node
   const namedImports: { [importedPackageName: string]: Set<string> } = { '@aws-amplify/backend': new Set() };
   const secretErrors: ts.Node[] = [];
   let backendFunctionConstruct: string;
-  let functionCallParameter: ts.ObjectLiteralExpression;
   const refAuth = definition.referenceAuth;
   if (refAuth) {
     const referenceAuthProperties: Array<PropertyAssignment> = [];
-    backendFunctionConstruct = 'referenceAuth';
     namedImports['@aws-amplify/backend'].add('referenceAuth');
     for (const [key, value] of Object.entries(refAuth)) {
       if (value) {
@@ -497,89 +495,93 @@ export function renderAuthNode(definition: AuthDefinition): ts.NodeArray<ts.Node
         );
       }
     }
-    functionCallParameter = factory.createObjectLiteralExpression(referenceAuthProperties, true);
-  } else {
-    namedImports['@aws-amplify/backend'].add('defineAuth');
-    const defineAuthProperties: Array<PropertyAssignment> = [];
-    backendFunctionConstruct = 'defineAuth';
+    return renderResourceTsFile({
+      exportedVariableName: factory.createIdentifier('auth'),
+      functionCallParameter: factory.createObjectLiteralExpression(referenceAuthProperties, true),
+      additionalImportedBackendIdentifiers: namedImports,
+      backendFunctionConstruct: 'referenceAuth',
+      postImportStatements: secretErrors,
+    });
+  }
+
+  namedImports['@aws-amplify/backend'].add('defineAuth');
+  const defineAuthProperties: Array<PropertyAssignment> = [];
 
-    const logInWithPropertyAssignment = createLogInWithPropertyAssignment(definition.loginOptions, secretErrors);
-    defineAuthProperties.push(logInWithPropertyAssignment);
+  const logInWithPropertyAssignment = createLogInWithPropertyAssignment(definition.loginOptions, secretErrors);
+  defineAuthProperties.push(logInWithPropertyAssignment);
+
+  if (definition.customUserAttributes || definition.standardUserAttributes) {
+    defineAuthProperties.push(createUserAttributeAssignments(definition.standardUserAttributes, definition.customUserAttributes));
+  }
+
+  if (definition.groups?.length) {
+    defineAuthProperties.push(
+      factory.createPropertyAssignment(
+        factory.createIdentifier('groups'),
+        factory.createArrayLiteralExpression(definition.groups.map((g) => factory.createStringLiteral(g))),
+      ),
+    );
+  }
 
-    if (definition.customUserAttributes || definition.standardUserAttributes) {
-      defineAuthProperties.push(createUserAttributeAssignments(definition.standardUserAttributes, definition.customUserAttributes));
+  const hasFunctions = definition.lambdaTriggers && Object.keys(definition.lambdaTriggers).length > 0;
+  const { loginOptions } = definition;
+  if (
+    loginOptions?.appleLogin ||
+    loginOptions?.amazonLogin ||
+    loginOptions?.googleLogin ||
+    loginOptions?.facebookLogin ||
+    (loginOptions?.oidcLogin && loginOptions.oidcLogin.length > 0) ||
+    loginOptions?.samlLogin
+  ) {
+    namedImports['@aws-amplify/backend'].add('secret');
+  }
+  if (hasFunctions) {
+    assert(definition.lambdaTriggers);
+    defineAuthProperties.push(createTriggersProperty(definition.lambdaTriggers));
+    for (const value of Object.values(definition.lambdaTriggers)) {
+      const functionName = value.source.split('/')[3];
+      if (!namedImports[`./${functionName}/resource`]) {
+        namedImports[`./${functionName}/resource`] = new Set();
+      }
+      namedImports[`./${functionName}/resource`].add(functionName);
     }
+  }
+  if (definition.mfa) {
+    const multifactorProperties = [
+      factory.createPropertyAssignment(factory.createIdentifier('mode'), factory.createStringLiteral(definition.mfa.mode)),
+    ];
 
-    if (definition.groups?.length) {
-      defineAuthProperties.push(
+    if (definition.mfa.totp !== undefined) {
+      multifactorProperties.push(
         factory.createPropertyAssignment(
-          factory.createIdentifier('groups'),
-          factory.createArrayLiteralExpression(definition.groups.map((g) => factory.createStringLiteral(g))),
+          factory.createIdentifier('totp'),
+          definition.mfa.totp ? factory.createTrue() : factory.createFalse(),
         ),
       );
     }
 
-    const hasFunctions = definition.lambdaTriggers && Object.keys(definition.lambdaTriggers).length > 0;
-    const { loginOptions } = definition;
-    if (
-      loginOptions?.appleLogin ||
-      loginOptions?.amazonLogin ||
-      loginOptions?.googleLogin ||
-      loginOptions?.facebookLogin ||
-      (loginOptions?.oidcLogin && loginOptions.oidcLogin.length > 0) ||
-      loginOptions?.samlLogin
-    ) {
-      namedImports['@aws-amplify/backend'].add('secret');
-    }
-    if (hasFunctions) {
-      assert(definition.lambdaTriggers);
-      defineAuthProperties.push(createTriggersProperty(definition.lambdaTriggers));
-      for (const value of Object.values(definition.lambdaTriggers)) {
-        const functionName = value.source.split('/')[3];
-        if (!namedImports[`./${functionName}/resource`]) {
-          namedImports[`./${functionName}/resource`] = new Set();
-        }
-        namedImports[`./${functionName}/resource`].add(functionName);
-      }
-    }
-    if (definition.mfa) {
-      const multifactorProperties = [
-        factory.createPropertyAssignment(factory.createIdentifier('mode'), factory.createStringLiteral(definition.mfa.mode)),
-      ];
-
-      if (definition.mfa.totp !== undefined) {
-        multifactorProperties.push(
-          factory.createPropertyAssignment(
-            factory.createIdentifier('totp'),
-            definition.mfa.totp ? factory.createTrue() : factory.createFalse(),
-          ),
-        );
-      }
-
-      if (definition.mfa.sms !== undefined) {
-        multifactorProperties.push(
-          factory.createPropertyAssignment(
-            factory.createIdentifier('sms'),
-            definition.mfa.sms ? factory.createTrue() : factory.createFalse(),
-          ),
-        );
-      }
-
-      defineAuthProperties.push(
+    if (definition.mfa.sms !== undefined) {
+      multifactorProperties.push(
         factory.createPropertyAssignment(
-          factory.createIdentifier('multifactor'),
-          factory.createObjectLiteralExpression(multifactorProperties, true),
+          factory.createIdentifier('sms'),
+          definition.mfa.sms ? factory.createTrue() : factory.createFalse(),
         ),
       );
     }
-    functionCallParameter = factory.createObjectLiteralExpression(defineAuthProperties, true);
+
+    defineAuthProperties.push(
+      factory.createPropertyAssignment(
+        factory.createIdentifier('multifactor'),
+        factory.createObjectLiteralExpression(multifactorProperties, true),
+      ),
+    );
   }
 
   return renderResourceTsFile({
     exportedVariableName: factory.createIdentifier('auth'),
-    functionCallParameter,
+    functionCallParameter: factory.createObjectLiteralExpression(defineAuthProperties, true),
     additionalImportedBackendIdentifiers: namedImports,
-    backendFunctionConstruct,
+    backendFunctionConstruct: 'defineAuth',
     postImportStatements: secretErrors,
   });
 }

From 3e445d512ba1e299d319d13007d573c3e82a4a33 Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 18:19:02 -0800
Subject: [PATCH 07/10] fix: remove duplicate test

---
 .../src/auth/source_builder.test.ts                   | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts b/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
index 1a397c4d840..811ce1815d7 100644
--- a/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
+++ b/packages/amplify-gen2-codegen/src/auth/source_builder.test.ts
@@ -376,17 +376,6 @@ describe('render auth node', () => {
       const source = printNodeArray(node);
       assert.match(source, /defineAuth\(\{[\s\S]*attributeMapping:\s\{[\s\S]*fullname:\s"name"/);
     });
-    it('renders attributeMapping if passed along with Google login', () => {
-      const authDefinition: AuthDefinition = {
-        loginOptions: {
-          googleLogin: true,
-          googleAttributes: { fullname: 'name' } as AttributeMappingRule,
-        },
-      };
-      const node = renderAuthNode(authDefinition);
-      const source = printNodeArray(node);
-      assert.match(source, /defineAuth\(\{[\s\S]*attributeMapping:\s\{[\s\S]*fullname:\s"name"/);
-    });
   });
   describe('reference auth', () => {
     it(`renders successfully for imported userpool`, () => {

From fdeb8dd8395ab9fbfdb3d1946cf9470e4ca21153 Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 18:23:58 -0800
Subject: [PATCH 08/10] fix: remove unused vars

---
 packages/amplify-gen2-codegen/src/auth/source_builder.ts | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/packages/amplify-gen2-codegen/src/auth/source_builder.ts b/packages/amplify-gen2-codegen/src/auth/source_builder.ts
index 3a10c0cbd9b..e492a49fb93 100644
--- a/packages/amplify-gen2-codegen/src/auth/source_builder.ts
+++ b/packages/amplify-gen2-codegen/src/auth/source_builder.ts
@@ -472,8 +472,6 @@ const createUserAttributeAssignments = (
 
 export function renderAuthNode(definition: AuthDefinition): ts.NodeArray<ts.Node> {
   const namedImports: { [importedPackageName: string]: Set<string> } = { '@aws-amplify/backend': new Set() };
-  const secretErrors: ts.Node[] = [];
-  let backendFunctionConstruct: string;
   const refAuth = definition.referenceAuth;
   if (refAuth) {
     const referenceAuthProperties: Array<PropertyAssignment> = [];
@@ -500,12 +498,12 @@ export function renderAuthNode(definition: AuthDefinition): ts.NodeArray<ts.Node
       functionCallParameter: factory.createObjectLiteralExpression(referenceAuthProperties, true),
       additionalImportedBackendIdentifiers: namedImports,
       backendFunctionConstruct: 'referenceAuth',
-      postImportStatements: secretErrors,
     });
   }
 
   namedImports['@aws-amplify/backend'].add('defineAuth');
   const defineAuthProperties: Array<PropertyAssignment> = [];
+  const secretErrors: ts.Node[] = [];
 
   const logInWithPropertyAssignment = createLogInWithPropertyAssignment(definition.loginOptions, secretErrors);
   defineAuthProperties.push(logInWithPropertyAssignment);

From 2531475bb5b65ab3d2a9cdf63b97f81a0916069b Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Mon, 11 Nov 2024 19:24:09 -0800
Subject: [PATCH 09/10] fix: update API.md file for gen1-gen2 codegen

---
 packages/amplify-gen1-codegen-auth-adapter/API.md | 5 ++++-
 packages/amplify-gen2-codegen/API.md              | 4 ++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/packages/amplify-gen1-codegen-auth-adapter/API.md b/packages/amplify-gen1-codegen-auth-adapter/API.md
index 45e09fd961f..b39c8d9a555 100644
--- a/packages/amplify-gen1-codegen-auth-adapter/API.md
+++ b/packages/amplify-gen1-codegen-auth-adapter/API.md
@@ -9,6 +9,7 @@ import { GroupType } from '@aws-sdk/client-cognito-identity-provider';
 import { IdentityProviderType } from '@aws-sdk/client-cognito-identity-provider';
 import { LambdaConfigType } from '@aws-sdk/client-cognito-identity-provider';
 import { ProviderDescription } from '@aws-sdk/client-cognito-identity-provider';
+import { ReferenceAuth } from '@aws-amplify/amplify-gen2-codegen/src/auth/source_builder';
 import { SoftwareTokenMfaConfigType } from '@aws-sdk/client-cognito-identity-provider';
 import { UserPoolClientType } from '@aws-sdk/client-cognito-identity-provider';
 import { UserPoolMfaType } from '@aws-sdk/client-cognito-identity-provider';
@@ -31,6 +32,8 @@ export interface AuthSynthesizerOptions {
     // (undocumented)
     mfaConfig?: UserPoolMfaType;
     // (undocumented)
+    referenceAuth?: ReferenceAuth;
+    // (undocumented)
     totpConfig?: SoftwareTokenMfaConfigType;
     // (undocumented)
     userPool: UserPoolType;
@@ -50,7 +53,7 @@ export interface AuthTriggerConnection {
 export type AuthTriggerConnectionSourceMap = Partial<Record<keyof LambdaConfigType, string>>;
 
 // @public (undocumented)
-export const getAuthDefinition: ({ userPool, identityPoolName, identityProviders, identityProvidersDetails, identityGroups, webClient, authTriggerConnections, guestLogin, mfaConfig, totpConfig, }: AuthSynthesizerOptions) => AuthDefinition;
+export const getAuthDefinition: ({ userPool, identityPoolName, identityProviders, identityProvidersDetails, identityGroups, webClient, authTriggerConnections, guestLogin, referenceAuth, mfaConfig, totpConfig, }: AuthSynthesizerOptions) => AuthDefinition;
 
 // (No @packageDocumentation comment for this package)
 
diff --git a/packages/amplify-gen2-codegen/API.md b/packages/amplify-gen2-codegen/API.md
index d6e2aba38d2..a5818b4d2e0 100644
--- a/packages/amplify-gen2-codegen/API.md
+++ b/packages/amplify-gen2-codegen/API.md
@@ -44,6 +44,10 @@ export interface AuthDefinition {
     oAuthFlows?: string[];
     // (undocumented)
     readAttributes?: string[];
+    // Warning: (ae-forgotten-export) The symbol "ReferenceAuth" needs to be exported by the entry point index.d.ts
+    //
+    // (undocumented)
+    referenceAuth?: ReferenceAuth;
     // (undocumented)
     standardUserAttributes?: StandardAttributes;
     // (undocumented)

From 1f5d7ee2c01bcd4dbf1741ead5bcc8c5089db717 Mon Sep 17 00:00:00 2001
From: rjabhi <rjabhi@amazon.com>
Date: Tue, 12 Nov 2024 11:03:32 -0800
Subject: [PATCH 10/10] fix: api md export

---
 packages/amplify-gen2-codegen/API.md       | 12 ++++++++++--
 packages/amplify-gen2-codegen/src/index.ts |  2 ++
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/packages/amplify-gen2-codegen/API.md b/packages/amplify-gen2-codegen/API.md
index a5818b4d2e0..29b8c7ff902 100644
--- a/packages/amplify-gen2-codegen/API.md
+++ b/packages/amplify-gen2-codegen/API.md
@@ -44,8 +44,6 @@ export interface AuthDefinition {
     oAuthFlows?: string[];
     // (undocumented)
     readAttributes?: string[];
-    // Warning: (ae-forgotten-export) The symbol "ReferenceAuth" needs to be exported by the entry point index.d.ts
-    //
     // (undocumented)
     referenceAuth?: ReferenceAuth;
     // (undocumented)
@@ -196,6 +194,16 @@ export type Permission = 'read' | 'write' | 'create' | 'delete';
 // @public (undocumented)
 export type PolicyOverrides = Partial<Record<PasswordPolicyPath | string, string | boolean | number | string[]>>;
 
+// @public (undocumented)
+export type ReferenceAuth = {
+    userPoolId?: string;
+    identityPoolId?: string;
+    authRoleArn?: string;
+    unauthRoleArn?: string;
+    userPoolClientId?: string;
+    groups?: Record<string, string>;
+};
+
 // @public (undocumented)
 export interface Renderer {
     // (undocumented)
diff --git a/packages/amplify-gen2-codegen/src/index.ts b/packages/amplify-gen2-codegen/src/index.ts
index e6957b0152e..c80854a86e3 100644
--- a/packages/amplify-gen2-codegen/src/index.ts
+++ b/packages/amplify-gen2-codegen/src/index.ts
@@ -31,6 +31,7 @@ import {
   SamlOptions,
   Scope,
   AttributeMappingRule,
+  ReferenceAuth,
 } from './auth/source_builder';
 import {
   StorageRenderParameters,
@@ -229,4 +230,5 @@ export {
   Scope,
   AttributeMappingRule,
   ServerSideEncryptionConfiguration,
+  ReferenceAuth,
 };