Amplify "init" awscloudformation 🛑 Forbidden


While following the tutorial "Deploy a Web Application on AWS Amplify", I think I slipped up on the very last step of the first module where I initialize the amplify application. Here is my output:

Note: It is recommended to run this command from the root of your app directory
The following configuration will be applied:

Project information
| Name: amplifyapp
| Environment: dev
| Default editor: Visual Studio Code
| App type: javascript
| Javascript framework: react
| Source Directory Path: src
| Distribution Directory Path: build
| Build Command: npm run-script build
| Start Command: npm run-script start

Using default provider  awscloudformation
🛑 Forbidden

Learn more at:

Session Identifier: e5098521-407c-4968-b1c2-a088ac26085d

As you can see (and as I confirmed), it set up the react application just fine, but tripped up trying to use CloudFormation to set up the app in the Amplify UI. I thought it might be a permissions issue, but I checked my configured user and it actually has AdministratorAccess, so it can't be a 403 or unauthorized issue. Any ideas? IAM user profile with AdministratorAccess listed as one of the permissions policies

2 Answers
Accepted Answer


You need to check whether you have registered the correct access key and secret access key.
I think a file called ".aws/credentials" has been created in the user's home directory, so please check whether the access keys etc. listed in this file are correct.

profile picture
answered a month ago

Hi Reciticus,

As Riku suggested, verify that the ACCESS_KEY and SECRET_ACCESS_KEY you copied when you created the IAM user appears correctly in the AWS CLI config file. The credentials file is located at ~/.aws/credentials on Linux or macOS, or at C:\Users\\credentials on Windows.

If you just copied the SECRET_ACCESS_KEY from the IAM create-user screen without downloading the CSV file, you will not be able to retrieve it again. In that case, in the IAM console, open the user you created, then in the access keys section, first deactivate then delete the access key and then repeat the steps to create a new access key, downloading the csv file.

Once done, you'll need to update the local AWS CLI configure file. You can either edit the file directly or open a shell and enter

aws configure --profile default

(change default to whatever profile name you used if you didn't use default). See Configuration and credential file settings for more info.

BTW, check out this issue someone raised with the exact same situation you described.

answered a month ago
profile picture
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions