By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Custom Domain Activation Fails in Amplify – Old IAM Role Reference Won’t Clear

0

Hi AWS team,

I’m trying to connect my custom domain 24kode.com to my Amplify app. All DNS records are fully set up in Route 53, including the CNAME, A, and domain verification records. SSL is set to be Amplify-managed, and the correct IAM role AWSAmplifyDomainRole-24kode-site is already selected under App settings > IAM roles.

However, Amplify still references an old, deleted IAM role: AWSAmplifyDomainRole-Z03054423JJQZGCV8H03S which no longer exists. As a result, domain activation fails with the error:

The role with name AWSAmplifyDomainRole-Z03054423JJQZGCV8H03S cannot be found.

Here’s what I’ve already tried: • Configured all required DNS records in Route 53 (CNAMEs, A, TXT, MX, SPF) • Attached the correct role (AWSAmplifyDomainRole-24kode-site) manually in Amplify settings • Deleted the old IAM role (AWSAmplifyDomainRole-Z...) • Removed and re-added the domain in Amplify several times • Double-checked all IAM permissions and DNS settings • Performed a full app rebuild to force role sync • Clicked “Retry” multiple times in domain management • Waited more than 24 hours for DNS propagation • Cleared browser and AWS console cache just in case

Despite all of this, Amplify still refuses to clear the reference to the deleted role.

Request: Please help clear this outdated IAM role reference so that domain and SSL activation can complete properly.

Thanks in advance!

Topics
Front-End Web & MobileNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
AWS AmplifyAmazon Route 53AWS Certificate ManagerAWS IAM Access AnalyzerDomain Name System (DNS)
Language
English
24kode
asked 25 days ago92 views
1 Answer
0

The issue you're experiencing with Amplify custom domain activation is indeed frustrating and not uncommon. It appears that there's a persistent reference to a deleted IAM role that's preventing the domain activation process from completing successfully.

Here are some additional steps you can try to resolve this issue:

  1. IAM Role Cleanup: Although you've already deleted the old role, there might be lingering references in other parts of your AWS account. Double-check your IAM roles and policies to ensure there are no remaining references to the deleted role.

  2. Amplify App Rebuild: Try deleting your entire Amplify app and recreating it from scratch. This can sometimes clear out cached or stuck configurations that might be causing the issue.

  3. CloudFront Distribution Check: Verify if there are any lingering CloudFront distributions associated with your domain. Amplify creates these automatically, and sometimes they can persist even after deleting an app.

  4. AWS CLI Intervention: Use the AWS CLI to list and describe the Amplify app and its associated resources. This might reveal hidden configurations that are not visible in the console.

  5. Support Ticket: If none of the above steps work, it's advisable to open a support ticket with AWS. They have access to backend systems and can manually clear stuck configurations that aren't accessible through the console.

  6. Temporary Subdomain: As a workaround, you could try using a different subdomain temporarily (e.g., new.24kode.com) to see if the issue is specific to the root domain configuration.

  7. ACM Certificate Check: Ensure that there are no old or conflicting SSL certificates in AWS Certificate Manager for your domain.

Remember, each custom domain must be unique across all CloudFront distributions globally, not just within your account. This global uniqueness requirement can sometimes lead to conflicts that are not immediately apparent.

If the problem persists after trying these steps, engaging with AWS Support might be your best option to get the domain fully cleared and ready for use with your Amplify app. They can investigate any hidden associations or configurations that might be causing this persistent reference to the old IAM role.

Sources
Can't Activate AWS Amplify Custom Domain | AWS re:Post
Amplify custom domain setup issue | AWS re:Post

profile picture
re:Post Agent
answered 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content