Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Default permissions for aws-amplify/App role incorrect
See original GitHub issueThe role created for the aws-amplify/App by default has insufficient permissions to run. The role needs AdministratorAccess per Adding a Service Role to the Amplify Console When You Connect an App
Reproduction Steps
See the expected test results: integ.app.expected.json
Error Log
My amplify codebuild was throwing errors like:
amplifyPush -e be
(node:1247) UnhandledPromiseRejectionWarning: AccessDenied: Access Denied
Environment
- CLI Version : 1.42.0 (build 3b64241)
- Framework Version:
- Node.js Version:
- OS :
- Language (Version):
Other
My Amplify CodeBuild was throwing errors like AccessDenied because the role was missing.
Thanks for the great tool!
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:8 (3 by maintainers)
Top Results From Across the Web
Troubleshooting Amplify identity and access
To allow others to access Amplify, you must create an IAM entity (user or role) for the person or application that needs access....
Read more >Identity and Access Management for Amplify
An IAM role is an identity within your AWS account that has specific permissions. It is similar to an IAM user, but is...
Read more >Identity-based policy examples for Amplify
By default, users and roles don't have permission to create or modify Amplify resources. They also can't perform tasks by using the AWS...
Read more >Adding a service role - AWS Amplify Hosting
Amplify requires permissions to deploy backend resources with your front end. You use a service ... Accept all the defaults and choose a...
Read more >Actions, resources, and condition keys for AWS Amplify
Actions Description Access level Resource types (*req...
CreateApp Creates a new Amplify App Write apps*
CreateApp Creates a new Amplify App Write
CreateBranch Creates a new...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@joekiller I agree that this isn’t the experience we want, and a documentation update is where we should start.
I’ve just been spending time reading some amplify issues/comments/docs to see if there is a way for CDK to possibly scope the role to be actually “least needed” in the future. Mostly this which relates to the CLI but maybe gives some hints?
Since the Amplify construct is experimental, I expect there are other issues like this that we need to spend time researching/experimenting with. If it turns out that the only way is to give the service role administrator privileges then I just want that the be clear to the user in docs.
IAM permissions are only needed when deploying a backend with Amplify. The base case is to deploy a frontend only.
AppimplementsIGrantable. If a user wants to deploy a backend, he should explicitly grant the correct permissions.