Permission problem accessing CodeCommit repository during build phase
I am struggling trying to create my first React app. I have connected the app to the CodeCommit repository but the build on the Amplify console fails with this message:
2020-12-14T09:25:04.155Z [ERROR]: !!! Unable to assume specified IAM Role. Please ensure the selected IAM Role has sufficient permissions and the Trust Relationship is configured correctly.
The provision phase works perfectly:
I have created the service role AmplifyConsoleServiceRole-AmplifyRole as suggested on this guide and I am logged in as a user with AdministratorAccess authorization. Git commits to the repository from my PC console works perfectly.
It is not clear to me what IAM role the AWS Amplify Console is unable to assume. The AmplifyConsoleServiceRole-AmplifyRole which I have selected as Service role during the App creation I think. The permissions of this role are AdministratorAccess, as well. How can I check if the Trust Relationship is configured correctly?
I've contacted Amazon support. They answered that something is not working on their side using eu-south-1.
I've just tried on eu-central-1 and the build process worked as expected. So no there were no permissions problems but simply a bug. They told me that it will be addressed soon.
Edit: Amazon support team found the problem in the trust relationship to be used with the eu-south-1 region. It must be defined in the following way:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": ["amplify.eu-south-1.amazonaws.com","amplify.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}
- How to resolve 'Step Functions State Machine is not authorized to create managed-rule'?
- What permission am I missing for AWS Glue and Development Endpoint?
- Nested Step Function in a Step Function: Unknown Error: "...not authorized to create managed-rule"
- Unable to retrieve secret from secretsmanager on aws-ec2 using an IAM role
- Is Beanstalk "Create and use new service role" broken?
- Invoking Lambda function from another Lambda function consistently results in a strange HTTP 421 Misdirected Request error
- How is the "cluster creator" user of an AWS EKS cluster mapped to the "system:masters" RBAC group?
- User is not authorized to perform: cloudformation:CreateStack
- AWS CLI Assume Role from Server
- S3 Bucket access denied, even for Administrator
- RDS Proxy successfully connected after that disconnecting by showing "RDS Proxy supports only IAM or MD5 authentication"
- How to setup IAM policy for AWS Lambda in VPC to resolve error "You are not authorized to perform: CreateNetworkInterface."
- How to add S3 BucketPolicy with AWS CDK?
- CloudFront policy to invalidate only specific distribution
- Restrict access to a particular CloudFront distribution using IAM
- No IAM role showing up when scheduling query in redshift serverless from root user
- Confluent-Kafka: no broker available for coordinator query: intervaled in state query-coord
- What IAM permissions are needed to use CDK Deploy?
- Connecting to AWS DocumentDB from an AWS ECS Container using IAM
- Permission problem accessing CodeCommit repository during build phase
- S3 Replication - s3:PutReplicationConfiguration
- Which policy should I assign to my IAM user to invoke a lambda function?
- How to extend sqs queue default policy
- What does s3:x-amz-acl with a value of "bucket-owner-full-control" do/mean?
- AWS Redshift: Masteruser not authorized to assume role
- Error: Not authorized to perform sts:AssumeRoleWithWebIdentity during OIDC when a PR get merged into main
- AWS S3 Transfer Manager ${cognito-identity.amazonaws.com:sub} Policy Variable Access Denied
- How to use AWS_MSK_IAM sasl mechanism with a kafka producer jar?
- How to create aws-ebs-csi-driver with eks_blueprints_addons by Terraform?
- Your current user or role does not have access to Kubernetes objects on this EKS cluster