I cannot push my Amplify backend after performing amplify add api
for REST APIs. I get the following IAM error in the CLI during the "Creating API models..." stage:
User: arn:aws:iam::xxxxxxxxxxxx:user/tb2-amplify is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:us-east-1::/restapis/xxxxxxxxxx/stages/dev/sdks/android because no identity-based policy allows the apigateway:GET action
All I need is a public GET method to read an item from a DynamoDB table. My desired pipeline is android -> Amplify.API.get() -> Lambda Function -> DynamoDB
. I have followed every guide available in the Amplify Docs (Libraries/Guides), re-initialized Amplify in the project with API being the only resource, tried to manually add API to the amplifyconfiguration.json
file. I am stumped.
Is my desired pipeline the problem? Is there configuring I need to perform before amplify push
? Does anyone know why my configured IAM is not authorized to do this, even though the permission has been granted?
UPDATE
Granting my IAM user full administrator access allows me to amplify push
the backend. I am now getting build errors like:
package com.amazonaws.mobileconnectors.apigateway.annotation does not exist
package com.amazonaws.mobileconnectors.apigateway does not exist
These errors appear 6 times in a generated package called tb2api.TbapiClient.Java
Looking into this now. (looked, just needed to add implementation 'com.amazonaws:aws-android-sdk-apigateway-core:<version>'
to gradle.
This issue reared its head several times for me over several different projects. I am convinced the correct way to simply Amplify add api
(REST) with the CLI is not documented anywhere. I refuse to believe that an IAM
user with AdministratorAccess-Amplify
permissions cannot successfully administer an Amplify project.
I stumbled upon a better solution. I ran Amplify configure project
and selected the Amplify Studio
AWS Profile, which becomes available after enabling Studio in the Amplify console. I could then successfully Amplify push
my REST API changes. Unfortunately, the amplifyconfiguration.json
was not being updated with the pushed changes. This caused the Android Compose Authenticator to malfunction, as well as errors when trying to perform a REST operation.
Anyway, I then cleared all the Amplify stuff out of the project folder to start over. I did an Amplify pull
on my environment and amplifyconfiguration.json
was generated, showing all of the resources now. I could successfully authenticate the user and perform a GET operation.
I think an even better solution would be to just provision these resources manually, without the Amplify CLI. I'm fine with how opinionated Amplify is, it just needs to work as expected/documented!