Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

IAM user is unable to access AppSync console

0

Trying to give a IAM user access to AppSync. I have set the following policies to this IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplify:*",
            "Resource": "*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplifybackend:*",
            "Resource": "*"
        }
    ]
}


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "appsync:*",
            "Resource": "*"
        }
    ]
}

Each is its own policy because I used the visual editor to create the policies.

And yet when my IAM user tries to open AppSync there is a "Network error" message and inspecting the console I seem to be getting a bunch of 403s from the API requests.

What's the correct policy to give full access to the AppSync console?

  • andrei_calazans
    3 years ago

    That's odd. I'm guessing I got into an unexpected state somehow since I did create that AppSync app with a root user and before I added any of the new IAM users so maybe something went wrong there.

    For the error all I get is a "Network error" red box at the top of the screen without any descriptions. Looking at the network tab I do see a few 403s happening.

  • Akarslan, Birant
    3 years ago

    Hi, have you checked CloudWatch Logs?

Topics
Application IntegrationServerlessFront-End Web & MobileSecurity, Identity, & Compliance
Tags
AWS AppSyncAWS Identity and Access ManagementIAM PoliciesAWS Amplify
Language
English
asked 3 years ago459 views
1 Answer
0

AWSAppSyncInvokeFullAccess AWS managed policy has the necessary permissions to access AWS AppSync service through the console. The details are as below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL",
                "appsync:GetGraphqlApi",
                "appsync:ListGraphqlApis",
                "appsync:ListApiKeys"
            ],
            "Resource": "*"
        }
    ]
}
AWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content