Open shivennn opened 5 months ago
Hey,👋 thanks for raising this! I'm going to transfer this over to our Amplify API repository for better assistance 🙂
Since the issue occurs only in the hosting CI/CD environment and not via local push, we believe hosting team would be able to look into the relevant logs and help you better. Closing this since it is being tracked internally and assigned to relevant team.
I see that the permissions are updated in amplify-meta.json
file but not correctly updated in the backend-config.json
file. amplify-meta.json doesn't get committed to the repo, so when the deployment happens through CI, it has no idea about the policy changes.
As a workaround, for now, manually copy the value of api > [API_NAME] > categoryPolicies
from the amplify-meta.json to backend-config.json (same path: api > [API_NAME] > categoryPolicies
), save the file and commit to the repo. Wait for the deployment to complete and verify the policy.
How did you install the Amplify CLI?
npm
If applicable, what version of Node.js are you using?
v18.18.0
Amplify CLI Version
12.10.1
What operating system are you using?
Mac
Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.
no
Describe the bug
Resource access permissions not updated for container based server less REST API when deploying it through Amplify CI/CD but permissions updated when deploying through amplify push from local system.
Expected behavior
Resource access permissions should be updated when deploying container based server less REST API using Amplify CI/CD
Reproduction steps
amplify configure project
◉ function ◉ storage
❯◉ testfunction ◉ testfunction2 ◉ restserverlessapia6c7abf2
❯◉ create ◉ read ◉ update ◉ delete
You can access the following resource attributes as environment variables from your Lambda function
FUNCTION_RESTSERVERLESSAPIA6C7ABF2_NAME FUNCTION_TESTFUNCTION2_NAME FUNCTION_TESTFUNCTION_NAME STORAGE_TEST6_ARN STORAGE_TEST6_NAME STORAGE_TEST6_STREAMARN STORAGE_USERS2_ARN STORAGE_USERS2_NAME STORAGE_USERS2_STREAMARN STORAGE_USERS_ARN STORAGE_USERS_NAME STORAGE_USERS_STREAMARN
permissions updated in "containerapi-cloudformation-template.json" file.
amplify push -y
permissions added in "TaskDefinitionTaskRoleDefaultPolicy282E8624"
update in GitHub or Code Commit repo and trigger Amplify build
permission lost in "TaskDefinitionTaskRoleDefaultPolicy282E8624"
There is no any permission lost issue when we do deployment from local system using amplify push but permissions lost when trigger Amplify build using CI/CD
Project Identifier
No response
Log output
Additional information
Workaround : custom-policies.json
Tested deployment using CI/CD after adding permissions in custom-policies.json file and it's added to TaskDefinitionTaskRoleFD4-idoWvD9uZrLv with customer inline policy name CustomExecutionPolicyForContainer.
No response
Before submitting, please confirm: