AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Amplify Studio Permissions Error - Can't Create a New Project

0

On a super user account with full permissions, the initial step of creating a new Ampify Studio project fails with a lack of permissions. Created a second account with each of the requested permissions mapped out, still results in the same error.

Error Details:

You are missing the following permissions to deploy your Amplify backend successfully:

  • cognito-idp:DescribeUserPool
  • cognito-idp:DeleteUserPool
  • cognito-idp:CreateUserPool
  • cognito-idp:CreateUserPoolClient
  • cognito-idp:UpdateUserPool
  • cognito-idp:AdminSetUserPassword
  • cognito-identity:GetIdentityPoolRoles
  • cognito-identity:SetIdentityPoolRoles
  • cognito-identity:CreateIdentityPool
  • cognito-identity:DeleteIdentityPool
  • lambda:GetFunction
  • lambda:CreateFunction
  • lambda:AddPermission
  • lambda:DeleteFunction
  • s3:DeleteObjectVersion
  • cloudformation:ListStacks
  • appsync:GetIntrospectionSchema
  • appsync:GraphQL
  • appsync:UpdateApiKey
  • appsync:ListApiKeys
  • s3:PutObject
  • s3:GetObject
  • s3:ListBucket
  • s3:ListBucketVersions
  • s3:DeleteBucket
  • s3:DeleteBucketPolicy
  • s3:DeleteBucketWebsite
  • s3:DeleteObject
  • s3:GetBucketLocation
  • s3:ListAllMyBuckets
  • sts:AssumeRole
  • mobiletargeting:*
  • amplify:CreateApp
  • amplify:CreateBackendEnvironment
  • amplify:GetApp
  • amplify:GetBackendEnvironment
  • amplify:ListApps
  • amplify:ListBackendEnvironments
  • amplify:CreateBranch
  • amplify:GetBranch
  • amplify:UpdateApp
  • amplify:ListBranches
  • amplify:ListDomainAssociations
  • amplify:DeleteBranch
  • amplify:DeleteApp
  • amplify:DeleteBackendEnvironment
  • amplifybackend:*
  • cognito-idp:AdminAddUserToGroup
  • cognito-idp:AdminCreateUser
  • cognito-idp:CreateGroup
  • cognito-idp:DeleteGroup
  • cognito-idp:DeleteUser
  • cognito-idp:ListUsers
  • cognito-idp:AdminGetUser
  • cognito-idp:ListUsersInGroup
  • cognito-idp:AdminDisableUser
  • cognito-idp:AdminRemoveUserFromGroup
  • cognito-idp:AdminResetUserPassword
  • cognito-idp:AdminListGroupsForUser
  • cognito-idp:ListGroups
  • cognito-idp:AdminDeleteUser
  • cognito-idp:AdminListUserAuthEvents
  • cognito-idp:AdminConfirmSignUp
  • cognito-idp:AdminEnableUser
  • cognito-idp:AdminUpdateUserAttributes
  • cognito-idp:DescribeIdentityProvider
  • appsync:CreateApiKey
  • appsync:CreateDataSource
  • appsync:CreateFunction
  • appsync:CreateResolver
  • appsync:CreateType
  • appsync:DeleteApiKey
  • appsync:DeleteDataSource
  • appsync:DeleteFunction
  • appsync:DeleteResolver
  • appsync:DeleteType
  • appsync:GetDataSource
  • appsync:GetFunction
  • appsync:GetResolver
  • appsync:GetSchemaCreationStatus
  • appsync:GetType
  • appsync:ListDataSources
  • appsync:ListFunctions
  • appsync:ListGraphqlApis
  • appsync:ListResolvers
  • appsync:ListResolversByFunction
  • appsync:ListTypes
  • appsync:StartSchemaCreation
  • appsync:UpdateDataSource
  • appsync:UpdateFunction
  • appsync:UpdateResolver
  • appsync:UpdateType
  • appsync:TagResource
  • appsync:CreateGraphqlApi
  • appsync:DeleteGraphqlApi
  • appsync:GetGraphqlApi
  • appsync:ListTagsForResource
  • appsync:UpdateGraphqlApi
  • apigateway:DELETE
  • apigateway:GET
  • apigateway:PATCH
  • apigateway:POST
  • apigateway:PUT
  • cognito-identity:DescribeIdentity
  • cognito-identity:DescribeIdentityPool
  • cognito-identity:UpdateIdentityPool
  • cognito-idp:DeleteUserPoolClient
  • cognito-idp:DescribeUserPoolClient
  • cognito-idp:ListTagsForResource
  • cognito-idp:ListUserPoolClients
  • cognito-idp:UpdateUserPoolClient
  • cognito-identity:TagResource
  • cognito-idp:TagResource
  • lambda:GetFunctionConfiguration
  • lambda:InvokeAsync
  • lambda:InvokeFunction
  • lambda:RemovePermission
  • lambda:UpdateFunctionCode
  • lambda:UpdateFunctionConfiguration
  • lambda:ListTags
  • lambda:TagResource
  • lambda:UntagResource
  • lambda:AddLayerVersionPermission
  • lambda:CreateEventSourceMapping
  • lambda:DeleteEventSourceMapping
  • lambda:DeleteLayerVersion
  • lambda:GetEventSourceMapping
  • lambda:GetLayerVersion
  • lambda:ListEventSourceMappings
  • cloudformation:CreateChangeSet
  • cloudformation:CreateStack
  • cloudformation:DeleteStack
  • cloudformation:DescribeChangeSet
  • cloudformation:DescribeStackEvents
  • cloudformation:DescribeStackResource
  • cloudformation:DescribeStackResources
  • cloudformation:DescribeStacks
  • cloudformation:ExecuteChangeSet
  • cloudformation:GetTemplate
  • cloudformation:UpdateStack
  • invaderZYM
    2년 전

    Did you run 'amplify configure'? this will ask you to create an IAM role that amplify will assume to run its commands. If you have that role you can you share the associated policy?

  • AWS-User-8364935
    2년 전

    @invaderZYM I had been following the guided tutorial from the new Amplify Studio, but had skipped the local deploy/test steps (skip was given as an option). Running amplify commands from cli I was able to generate an empty project and enable Amplify Studio on that project. Unfortunately, the next steps of adding auth leads to additional errors. I am starting to think the Amplify Studio tutorial/documentation is not ready yet.

  • syumaK
    2년 전

    can you share the tutorial link you are following, I'll be happy to replicate & open a PR on your behalf?

주제
프론트엔드 웹 및 모바일
태그
AWS AmplifyAWS 앰플리파이 스튜디오
언어
English
AWS-User-8364935
질문됨 2년 전132회 조회
답변 없음

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠