Unable to Assume IAM Role in AWS Amplify Deployment

0

Hello AWS Community,

I am facing an issue with my AWS Amplify deployment where it fails to assume the specified IAM role. The error message I am receiving is:

2024-08-05T07:05:21.726Z [ERROR]: !!! Unable to assume specified IAM Role. Please ensure the selected IAM Role has sufficient permissions and the Trust Relationship is configured correctly.

Details:

App ARN: arn:aws:amplify:ap-south-1:779007823631:apps/deo94wtt8tbvk IAM Role: arn:aws:iam::779007823631:role/romy Region: ap-south-1

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "amplify.ap-south-1.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Attached Policies: AdministratorAccess AdministratorAccess-Amplify

Steps Taken: Verified Trust Policy: The trust policy includes the necessary permissions for Amplify to assume the role. Checked Permissions Policies: Ensured that the role has AdministratorAccess and AdministratorAccess-Amplify policies attached. Reviewed Inline Policies: There are no restrictive inline policies attached to the role. Reviewed CloudTrail Logs: Checked for any AssumeRole events and verified that there are no denied API calls. Checked AWS Resources Region: Confirmed that all AWS resources are in the ap-south-1 region.

Error Context: The deployment process was working fine until about 15 days ago. The last code change involved minor HTML updates and should not have impacted the IAM role or trust policy.

Question: What could be the potential reasons for this issue, given that all configurations appear to be correct? Has anyone experienced similar issues with AWS Amplify deployments and IAM roles, and how were they resolved? Any insights or suggestions would be highly appreciated.

Thank you for your assistance!

asked 2 months ago301 views
3 Answers
1

Hello.

How about setting up a trust policy like the one below?
https://stackoverflow.com/questions/65287024/permission-problem-accessing-codecommit-repository-during-build-phase

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": ["amplify.ap-south-1.amazonaws.com", "amplify.amazonaws.com"]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
profile picture
EXPERT
answered 2 months ago
  • i have tried this solution but the same error

  • It worked for me! Although my app runs in ap-northeast-3, setting this ap-south-1 did the job.

0

Are you sure that the error is related to the Amplify role? Could it be that you are calling some AWS service from your code? In this case, the error may be related to the called service and not to Amplify.

AWS
Mi_Sha
answered 2 months ago
  • thats what i feel as the code is working without any issue in localhost and also i have tried redeploy a working version from git but the error in the bulid is same as below

    2024-08-06T09:39:45.637Z [ERROR]: !!! Unable to assume specified IAM Role. Please ensure the selected IAM Role has sufficient permissions and the Trust Relationship is configured correctly.

0

Do you see more information in browser console?

AWS
Mi_Sha
answered 2 months ago
  • there is nothing major i could find in the browser console. as the localhost been able to work properly as expected. while the redelpoying the past version of git it still fails and the error message from amplify has very limited information to check for the error

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions