By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IAM user is unable to access AppSync console

0

Trying to give a IAM user access to AppSync. I have set the following policies to this IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplify:*",
            "Resource": "*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplifybackend:*",
            "Resource": "*"
        }
    ]
}


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "appsync:*",
            "Resource": "*"
        }
    ]
}

Each is its own policy because I used the visual editor to create the policies.

And yet when my IAM user tries to open AppSync there is a "Network error" message and inspecting the console I seem to be getting a bunch of 403s from the API requests.

What's the correct policy to give full access to the AppSync console?

  • Joshua_B
    2 years ago

    Hello,

    Can you describe in more detail what API errors you are getting? I created an IAM user with the exact permissions here and was able to access the AppSync Console with no issues.

    Since AppSync interacts with several other services (such as DynamoDB, other backend services) those API calls may be getting errors.

  • andrei_calazans
    2 years ago

    That's odd. I'm guessing I got into an unexpected state somehow since I did create that AppSync app with a root user and before I added any of the new IAM users so maybe something went wrong there.

    For the error all I get is a "Network error" red box at the top of the screen without any descriptions. Looking at the network tab I do see a few 403s happening.

  • bullittbirant
    10 months ago

    Hi, have you checked CloudWatch Logs?

Topics
ServerlessFront-End Web & MobileApplication IntegrationSecurity, Identity, & Compliance
Tags
AWS AppSyncAWS Identity and Access ManagementAWS AmplifyIAM Policies
Language
English
andrei_calazans
asked 2 years ago282 views
1 Answer
0

AWSAppSyncInvokeFullAccess AWS managed policy has the necessary permissions to access AWS AppSync service through the console. The details are as below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL",
                "appsync:GetGraphqlApi",
                "appsync:ListGraphqlApis",
                "appsync:ListApiKeys"
            ],
            "Resource": "*"
        }
    ]
}
profile pictureAWS
bullittbirant
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content