I am trying to create an AppInstanceAdmin using the aws chime-sdk-identity CLI.
aws chime-sdk-identity create-app-instance.aws chime-sdk-identity create-app-instance-admin --app-instance-arn <arn> --app-instance-admin-arn ? And here's the problem. I can't create an admin instance because I need an admin account to do so.
My IAM user has the AdministratorAccess policy assigned.
I need AppInstanceAdmin to manage other accounts from my application. Now I am using a normal account, but I get an error 403 forbidden request when trying to create a channel for a messaging session.
CreateAppInstanceAdmin has a misleading name.
It doesn't create an admin, it promotes a user/bot to admin.
CreateAppInstanceAdmin
Promotes anAppInstanceUserorAppInstanceBotto anAppInstanceAdmin.
The description for the AppInstanceAdminArn could also be improved, as it incorrectly insinuates that you need to have the value from somewhere. I've provided feedback to the Chime team for its improvement.
AppInstanceAdminArn
The ARN of the administrator of the current AppInstance.
--app-instance-admin-arn is used to specify the ARN for the instance user / bot to be promoted.
➜ ~ aws chime-sdk-identity create-app-instance-user \
--no-cli-pager \
--name my-user-name
--app-instance-arn arn:aws:chime:xxx:yyy:app-instance/zzz \
--app-instance-user-id my-user-id
{
"AppInstanceUserArn": "arn:aws:chime:xxx:yyy:app-instance/zzz/user/my-user-id"
}
➜ ~ aws chime-sdk-identity create-app-instance-admin \
--no-cli-pager \
--app-instance-admin-arn arn:aws:chime:xxx:yyy:app-instance/zzz/user/my-user-id \
--app-instance-arn arn:aws:chime:xxx:yyy:app-instance/zzz
{
"AppInstanceAdmin": {
"Arn": "arn:aws:chime:xxx:yyy:app-instance/zzz/user/my-user-id",
"Name": "my-user-name"
},
"AppInstanceArn": "arn:aws:chime:xxx:yyy:app-instance/zzz"
}