En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

IAM user is unable to access AppSync console

0

Trying to give a IAM user access to AppSync. I have set the following policies to this IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplify:*",
            "Resource": "*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "amplifybackend:*",
            "Resource": "*"
        }
    ]
}


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "appsync:*",
            "Resource": "*"
        }
    ]
}

Each is its own policy because I used the visual editor to create the policies.

And yet when my IAM user tries to open AppSync there is a "Network error" message and inspecting the console I seem to be getting a bunch of 403s from the API requests.

What's the correct policy to give full access to the AppSync console?

  • Joshua_B
    il y a 2 ans

    Hello,

    Can you describe in more detail what API errors you are getting? I created an IAM user with the exact permissions here and was able to access the AppSync Console with no issues.

    Since AppSync interacts with several other services (such as DynamoDB, other backend services) those API calls may be getting errors.

  • andrei_calazans
    il y a 2 ans

    That's odd. I'm guessing I got into an unexpected state somehow since I did create that AppSync app with a root user and before I added any of the new IAM users so maybe something went wrong there.

    For the error all I get is a "Network error" red box at the top of the screen without any descriptions. Looking at the network tab I do see a few 403s happening.

  • bullittbirant
    il y a un an

    Hi, have you checked CloudWatch Logs?

Sujets
Sans serveurWeb et mobile front-endIntégration d'applicationsSécurité, identité et conformité
Balises
AWS AppSyncGestion des identités et des accès AWSAWS AmplifyPolitiques IAM
Langue
English
andrei_calazans
demandé il y a 2 ans288 vues
1 réponse
0

AWSAppSyncInvokeFullAccess AWS managed policy has the necessary permissions to access AWS AppSync service through the console. The details are as below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "appsync:GraphQL",
                "appsync:GetGraphqlApi",
                "appsync:ListGraphqlApis",
                "appsync:ListApiKeys"
            ],
            "Resource": "*"
        }
    ]
}
profile pictureAWS
bullittbirant
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents