By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Permission problem accessing codecommit repository during build phase

0

I am struggling trying to create my first React app. I have connected the app to the codecommit repository but the build fails with this message:

2020-12-11T17:58:55.780Z [ERROR]: !!! Unable to assume specified IAM Role. Please ensure the selected IAM Role has sufficient permissions and the Trust Relationship is configured correctly.
2020-12-11T17:58:55.884Z [INFO]: # Starting environment caching...
2020-12-11T17:58:55.885Z [INFO]: # Environment caching completed
Terminating logging...

The provision phase works perfectly. Please see the image attached, thanks.

Stenio

Topics
Front-End Web & Mobile
Tags
AWS Amplify
Language
English
stenfalp
asked 3 years ago627 views
2 Answers
0

Amazon support team found the problem in the trust relationship to be used with the eu-south-1 region. It must be defined in the following way:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["amplify.eu-south-1.amazonaws.com","amplify.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}

stenfalp
answered 3 years ago
0

The error message "Unable to assume specified IAM Role. Please ensure the selected IAM Role has sufficient permissions and the Trust Relationship is configured correctly." indicates an issue with the IAM role permissions and trust relationship configuration when attempting to interact between AWS Amplify and AWS CodeCommit.

Here's how you can troubleshoot and resolve this error:

Check IAM Role Permissions:

Make sure that the IAM role you're using in your Amplify or CodeCommit setup has the necessary permissions to perform the required actions. These permissions should include both Amplify-related actions (if applicable) and CodeCommit-related actions.

You can attach policies like AWSCodeCommitPowerUser, AWSCodeCommitFullAccess, or a custom policy that includes the required permissions.

Verify Trust Relationship:

The IAM role should have a trust relationship that allows the service (Amplify or CodeCommit) to assume the role. For Amplify, the trust relationship might include "Service": "amplify.amazonaws.com", and for CodeCommit, it could include "Service": "codecommit.amazonaws.com".

Here's an example of a trust relationship policy for CodeCommit:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codecommit.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Ensure that the trust relationship is correctly configured in the IAM role policy.

Check Amplify and CodeCommit Configuration:

Review your Amplify and CodeCommit configurations to ensure you've correctly specified the IAM role that you want to use. Double-check that the role's name or ARN is accurate.

Role Permissions Boundary (Advanced):

If you're using a permissions boundary for your IAM roles, ensure that the boundary doesn't restrict the necessary actions for Amplify and CodeCommit.

AWS
rePost-User-4638659
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content