(gen2-migration): `generate` does not support `email verification link with redirect` auth trigger template

[dgandhi62]

How did you install the Amplify CLI?

No response

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

NA

What operating system are you using?

NA

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

NA

Describe the bug

Gen2 Migration: CustomMessageConfirmationBucket not handled during refactor step

Problem

When a Gen1 app uses the Email Verification Link with Redirect auth capability (confirmationRedirect), the auth CloudFormation stack contains a CustomMessageConfirmationBucket S3 resource that hosts a static verification site (index.html, verify.js, spinner.js, style.css). The verification-link.js Lambda trigger constructs an s3-website URL pointing to this bucket to confirm user accounts and redirect them.

The generate step correctly migrates the CustomMessage Lambda trigger and wires it into defineAuth({ triggers: { customMessage } }). However, the refactor step has no awareness of the CustomMessageConfirmationBucket resource inside the auth nested stack.

This means after migration:

• The trigger Lambda is migrated and expects the bucket to exist
• The bucket itself is not moved, recreated, or referenced in the Gen2 stack
• The verification flow breaks because the bucket is orphaned or missing

Current behavior

• generate: Handles the CustomMessage trigger function (copies source, wires env vars like REDIRECTURL, EMAILSUBJECT, EMAILMESSAGE, registers trigger in defineAuth). ✅
• refactor: Does not account for CustomMessageConfirmationBucket in the auth stack. The resource is neither moved to a holding stack nor recreated in Gen2. ❌

Expected behavior

The refactor step should handle the CustomMessageConfirmationBucket S3 resource so the verification link flow continues to work after migration. This could mean:

1. Moving the bucket resource during the refactor stack migration (similar to how other auth resources are handled), or
2. Recreating the bucket and its static assets in the Gen2 backend definition, or
3. Importing the existing bucket into the Gen2 stack via a custom resource

Relevant code

Area	File
Bucket creation (Gen1 auth stack)	packages/amplify-category-auth/src/provider-utils/awscloudformation/auth-stack-builder/auth-cognito-stack-builder.ts
Bucket name derivation	packages/amplify-category-auth/src/provider-utils/awscloudformation/utils/verification-bucket-name.ts
Asset upload to bucket	packages/amplify-category-auth/src/provider-utils/awscloudformation/utils/trigger-file-uploader.ts
Static site assets	packages/amplify-category-auth/provider-utils/awscloudformation/triggers/CustomMessage/assets/
Lambda trigger (consumes bucket URL)	packages/amplify-category-auth/provider-utils/awscloudformation/triggers/CustomMessage/verification-link.js
Gen2 migration generate (trigger handling)	packages/amplify-cli/src/commands/gen2-migration/generate/amplify/function/function.generator.ts
Gen2 migration refactor (no bucket handling)	packages/amplify-cli/src/commands/gen2-migration/refactor/

Additional context

• The bucket name follows the pattern {authResourceName}verificationbucket-{env} and is stored in cli-inputs.json as verificationBucketName.

Expected behavior

NA

Reproduction steps

NA

Project Identifier

No response

Log output

Details

# Put your logs below this line

Additional information

No response

Before submitting, please confirm:

• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• I have removed any sensitive information from my code snippets and submission.