AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

IAM user is unable to access AppSync console

0

Trying to give a IAM user access to AppSync. I have set the following policies to this IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplify:*",
            "Resource": "*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplifybackend:*",
            "Resource": "*"
        }
    ]
}


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "appsync:*",
            "Resource": "*"
        }
    ]
}

Each is its own policy because I used the visual editor to create the policies.

And yet when my IAM user tries to open AppSync there is a "Network error" message and inspecting the console I seem to be getting a bunch of 403s from the API requests.

What's the correct policy to give full access to the AppSync console?

  • Joshua_B
    2年前

    Hello,

    Can you describe in more detail what API errors you are getting? I created an IAM user with the exact permissions here and was able to access the AppSync Console with no issues.

    Since AppSync interacts with several other services (such as DynamoDB, other backend services) those API calls may be getting errors.

  • andrei_calazans
    2年前

    That's odd. I'm guessing I got into an unexpected state somehow since I did create that AppSync app with a root user and before I added any of the new IAM users so maybe something went wrong there.

    For the error all I get is a "Network error" red box at the top of the screen without any descriptions. Looking at the network tab I do see a few 403s happening.

  • bullittbirant
    1年前

    Hi, have you checked CloudWatch Logs?

トピック
サーバーレスフロントエンド Web & モバイルアプリケーション統合セキュリティ、アイデンティティ、コンプライアンス
タグ
AWS AppSyncAWS Identity and Access ManagementAWS AmplifyIAM ポリシー
言語
English
andrei_calazans
質問済み 2年前288ビュー
1回答
0

AWSAppSyncInvokeFullAccess AWS managed policy has the necessary permissions to access AWS AppSync service through the console. The details are as below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL",
                "appsync:GetGraphqlApi",
                "appsync:ListGraphqlApis",
                "appsync:ListApiKeys"
            ],
            "Resource": "*"
        }
    ]
}
profile pictureAWS
bullittbirant
回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ