Permission problem accessing codecommit repository during build phase

Amazon support team found the problem in the trust relationship to be used with the eu-south-1 region. It must be defined in the following way:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["amplify.eu-south-1.amazonaws.com","amplify.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}

The error message "Unable to assume specified IAM Role. Please ensure the selected IAM Role has sufficient permissions and the Trust Relationship is configured correctly." indicates an issue with the IAM role permissions and trust relationship configuration when attempting to interact between AWS Amplify and AWS CodeCommit.

Here's how you can troubleshoot and resolve this error:

Check IAM Role Permissions:

Make sure that the IAM role you're using in your Amplify or CodeCommit setup has the necessary permissions to perform the required actions. These permissions should include both Amplify-related actions (if applicable) and CodeCommit-related actions.

You can attach policies like AWSCodeCommitPowerUser, AWSCodeCommitFullAccess, or a custom policy that includes the required permissions.

Verify Trust Relationship:

The IAM role should have a trust relationship that allows the service (Amplify or CodeCommit) to assume the role. For Amplify, the trust relationship might include "Service": "amplify.amazonaws.com", and for CodeCommit, it could include "Service": "codecommit.amazonaws.com".

Here's an example of a trust relationship policy for CodeCommit:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codecommit.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Ensure that the trust relationship is correctly configured in the IAM role policy.

Check Amplify and CodeCommit Configuration:

Review your Amplify and CodeCommit configurations to ensure you've correctly specified the IAM role that you want to use. Double-check that the role's name or ARN is accurate.

Role Permissions Boundary (Advanced):

If you're using a permissions boundary for your IAM roles, ensure that the boundary doesn't restrict the necessary actions for Amplify and CodeCommit.