Organization Members cannot see or access my amplify projects

0

As the Account Manager for my organisation, I have undertaken the following actions:

  1. Created and deployed the Amplify application.
  2. Added developers to the organisation within the same region.
  3. Configured the IAM Identity Center and added a permission set with the following permissions: a. AdministratorAccess-Amplify b. AmplifyBackendDeployFullAccess
  4. Assigned the aforementioned permission set to the developers' AWS accounts (IAM Identity Center).

However, we are encountering an issue. When an administrator accesses AWS Amplify, they can see the applications. In contrast, when a developer accesses AWS Amplify, they are unable to see any applications.

Additionally, when a developer attempts to list the applications via the console using the command "aws amplify list-apps," the result is:

{ "apps": [] }

Could you please assist us in resolving this issue? Your help would be greatly appreciated.

Thank you for your time and support.

1 Answer
0

Let’s troubleshoot this issue step by step:

  1. IAM Identity Center (SSO) Permissions: The permissions you’ve assigned look correct, but let’s double-check a few things:
  • Ensure that the permission set is actually assigned to the developers’ user accounts in IAM Identity Center.
  • Verify that the developers are using the correct AWS account when accessing Amplify.
  1. SCP Evaluation:
  • Check if there are any SCPs applied to the OU or account where the developers’ accounts reside.
  1. Look for SCPs that might be restricting access to Amplify services or specific regions.
  2. Region Consistency:
  • Confirm that the developers are accessing the same region where the Amplify apps are deployed.
  • AWS Amplify resources are region-specific, so if the app is in us-east-1, but the developer is viewing us-west-2, they won’t see the apps.
  1. AWS CLI Configuration:
  • For the AWS CLI, ensure that the developers have properly configured their credentials using AWS SSO.
  • They should run aws configure sso and follow the prompts to set up their CLI access.
  1. Amplify App Sharing:
  • In some cases, Amplify apps might need to be explicitly shared with team members.
  • Check if the Amplify app settings have any restrictions on who can view or access the app.
  1. IAM Policy Verification:
  • Double-check the exact permissions in the AdministratorAccess-Amplify and AmplifyBackendDeployFullAccess policies.
  • Ensure they include the necessary read permissions like amplify:ListApps.
  1. CloudTrail Logs:
  • Consider checking CloudTrail logs to see if there are any permission-related errors when developers try to access Amplify resources.
  1. Amplify Service Role:
  • Verify if there’s a service role associated with your Amplify app and ensure it has the necessary permissions.
  1. Cross-Account Access:
  • If the Amplify app is in a different AWS account than the developers’ SSO access, ensure proper cross-account permissions are set up.
  1. Console vs CLI Discrepancy:
  • The fact that both console and CLI access fail suggests a permissions issue rather than a configuration problem.
  1. Temporary Solution for Troubleshooting:
  • Temporarily assign a more permissive policy (like ReadOnlyAccess) to see if it resolves the issue. This can help isolate whether it’s a specific Amplify permission or a broader access issue.

Next steps:

  1. Can you verify the exact error message developers see when trying to access Amplify through the console?
  2. Have you checked CloudTrail logs for any access denied events related to Amplify?
  3. Can you confirm that the developers are definitely in the correct AWS account and region when attempting to access the Amplify resources?

Providing this information will help further diagnose the issue.

AWS
answered 5 days ago
profile picture
EXPERT
reviewed 5 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions