使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

IAM user is unable to access AppSync console

0

Trying to give a IAM user access to AppSync. I have set the following policies to this IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplify:*",
            "Resource": "*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplifybackend:*",
            "Resource": "*"
        }
    ]
}


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "appsync:*",
            "Resource": "*"
        }
    ]
}

Each is its own policy because I used the visual editor to create the policies.

And yet when my IAM user tries to open AppSync there is a "Network error" message and inspecting the console I seem to be getting a bunch of 403s from the API requests.

What's the correct policy to give full access to the AppSync console?

  • Joshua_B
    2 年前

    Hello,

    Can you describe in more detail what API errors you are getting? I created an IAM user with the exact permissions here and was able to access the AppSync Console with no issues.

    Since AppSync interacts with several other services (such as DynamoDB, other backend services) those API calls may be getting errors.

  • andrei_calazans
    2 年前

    That's odd. I'm guessing I got into an unexpected state somehow since I did create that AppSync app with a root user and before I added any of the new IAM users so maybe something went wrong there.

    For the error all I get is a "Network error" red box at the top of the screen without any descriptions. Looking at the network tab I do see a few 403s happening.

  • bullittbirant
    1 年前

    Hi, have you checked CloudWatch Logs?

主題
無伺服器前端網頁與行動裝置應用程式整合安全性、身分識別與合規
標籤
AWS AppSyncAWS Identity and Access ManagementAWS AmplifyIAM 政策
語言
English
andrei_calazans
已提問 2 年前檢視次數 288 次
1 個回答
0

AWSAppSyncInvokeFullAccess AWS managed policy has the necessary permissions to access AWS AppSync service through the console. The details are as below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL",
                "appsync:GetGraphqlApi",
                "appsync:ListGraphqlApis",
                "appsync:ListApiKeys"
            ],
            "Resource": "*"
        }
    ]
}
profile pictureAWS
bullittbirant
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容