1 Answer
- Newest
- Most votes
- Most comments
0
Let’s troubleshoot this issue step by step:
- IAM Identity Center (SSO) Permissions: The permissions you’ve assigned look correct, but let’s double-check a few things:
- Ensure that the permission set is actually assigned to the developers’ user accounts in IAM Identity Center.
- Verify that the developers are using the correct AWS account when accessing Amplify.
- SCP Evaluation:
- Check if there are any SCPs applied to the OU or account where the developers’ accounts reside.
- Look for SCPs that might be restricting access to Amplify services or specific regions.
- Region Consistency:
- Confirm that the developers are accessing the same region where the Amplify apps are deployed.
- AWS Amplify resources are region-specific, so if the app is in us-east-1, but the developer is viewing us-west-2, they won’t see the apps.
- AWS CLI Configuration:
- For the AWS CLI, ensure that the developers have properly configured their credentials using AWS SSO.
- They should run aws configure sso and follow the prompts to set up their CLI access.
- Amplify App Sharing:
- In some cases, Amplify apps might need to be explicitly shared with team members.
- Check if the Amplify app settings have any restrictions on who can view or access the app.
- IAM Policy Verification:
- Double-check the exact permissions in the AdministratorAccess-Amplify and AmplifyBackendDeployFullAccess policies.
- Ensure they include the necessary read permissions like amplify:ListApps.
- CloudTrail Logs:
- Consider checking CloudTrail logs to see if there are any permission-related errors when developers try to access Amplify resources.
- Amplify Service Role:
- Verify if there’s a service role associated with your Amplify app and ensure it has the necessary permissions.
- Cross-Account Access:
- If the Amplify app is in a different AWS account than the developers’ SSO access, ensure proper cross-account permissions are set up.
- Console vs CLI Discrepancy:
- The fact that both console and CLI access fail suggests a permissions issue rather than a configuration problem.
- Temporary Solution for Troubleshooting:
- Temporarily assign a more permissive policy (like ReadOnlyAccess) to see if it resolves the issue. This can help isolate whether it’s a specific Amplify permission or a broader access issue.
Next steps:
- Can you verify the exact error message developers see when trying to access Amplify through the console?
- Have you checked CloudTrail logs for any access denied events related to Amplify?
- Can you confirm that the developers are definitely in the correct AWS account and region when attempting to access the Amplify resources?
Providing this information will help further diagnose the issue.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago