Amplify UI gen2 will not offer to create service role with monorepo option

OperationalFallacy commented 2 months ago

Before opening, please confirm:

[X] I have checked to see if my question is addressed in the FAQ.
[X] I have searched for duplicate or closed issues.
[X] I have removed any sensitive information from my code snippets and submission.

Amplify Hosting feature

Monorepo

Is your feature request related to a problem? Please describe:

The UI has a bug. This is NOT a feature request.

If user selects monorepo while connecting repository, the UI skips creating service role. Which leads to deployment failures.

Second related problem, there is no option to set role in the UI (the respective edit button simply doesn't show anything role related in the UI).

Workaround is to create and set role manually

aws amplify update-app --app-id xxx --iam-service-role-arn arn:aws:iam::xxx:role/AmplifyDeployments --profile app-prod

Resources:
  AmplifyDeploymentRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: AmplifyDeployments
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: amplify.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AmplifyBackendDeployFullAccess
        - arn:aws:iam::aws:policy/AmazonSSMFullAccess <-- this may be optional depends how your pipeline deployed stuff

Overall, not a good experience since it was hard to figure out why deployments were failing. They were using some default role from amplify-owned account.

Describe how you'd like this feature to work

Document when and why this role should be created, what permissions it needs, what options users have to create it etc.

github-actions[bot] commented 2 months ago

This has been identified as a feature request. If this feature is important to you, we strongly encourage you to give a 👍 reaction on the request. This helps us prioritize new features most important to you. Thank you!

swaminator commented 2 months ago

@OperationalFallacy thank you for your report. We are going to prioritize a fix for this.

Jay2113 commented 2 months ago

Hi @OperationalFallacy 👋 , When testing with an Nx monorepo workspace containing a React app and an Amplify Gen 2 backend, I could not reproduce the outlined behavior. Instead, I was able to create a new service role during the app creation flow. Please refer to the video below:

https://github.com/aws-amplify/amplify-backend/assets/38470430/5107d25f-15fc-47fe-baf1-192c506254ad

To investigate further, it would be helpful if you could provide the following:

Detailed reproduction steps, including the commands and configurations you used in your monorepo
Your project structure
Any additional context or relevant information about your setup.

Please feel free to share any other relevant screenshots or information that could aid our investigation. Thanks!

OperationalFallacy commented 2 months ago

@Jay2113 thank you for checking this

Probably monorepo option is unrelated

I don't see service role option with any selection

Jay2113 commented 1 month ago

@OperationalFallacy can you share the package.json file which is present at the root of your project/repository?

OperationalFallacy commented 1 month ago

@Jay2113 is it ok if I give you access to the repo to check layout? Its in early stages of development, there is not much code yet

Jay2113 commented 2 weeks ago

Hi @OperationalFallacy 👋 , we have recently released improvements to the app create workflow. Can you confirm if you are still experiencing this issue? If yes, can you please provide us access to the repository so we could investigate into it further.

Jay2113 commented 6 days ago

Closing this thread since we are no longer able to reproduce the outlined issue. If you are still experiencing it, feel free to reopen the issue and we can investigate into it further.

aws-amplify / amplify-backend