AdministratorAccess-Amplify has no action route53:ListHostedZones permitted

[oshchepkov]

How did you install the Amplify CLI?

npm install -g @aws-amplify/cli

If applicable, what version of Node.js are you using?

18.16.1

Amplify CLI Version

12.1.1

What operating system are you using?

mac os

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

no changes made

Describe the bug

1. run "amplify add hosting"
2. choose "Container-based hosting with AWS Fargate"
3. provide endpoint registered in Route53
4. Error: User: arn:aws:iam::345887413548:user/amplify-user is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action

Expected behavior

"amplify add hosting" completes successfully enabling Fargate container deployments

Reproduction steps

1. run "amplify add hosting"
2. choose "Container-based hosting with AWS Fargate"
3. provide endpoint registered in Route53
4. Error: User: arn:aws:iam::345887413548:user/amplify-user is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action

Project Identifier

ecf6a0cf9339035613db3621d03aba8d

Log output

``` # Put your logs below this line 2023-07-03T08:09:53.555Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileConfig(["default"]) 2023-07-03T08:09:53.557Z|info : amplify-provider-awscloudformation.system-config-manager.getProfiledAwsConfig.profileConfig([{"region":"us-east-1"}]) 2023-07-03T08:09:53.557Z|info : amplify-provider-awscloudformation.system-config-manager.getProfileCredentials(["default"]) 2023-07-03T08:09:54.168Z|error : User: arn:aws:iam::345887413548:user/amplify-user is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action UnknownNodeJSFault: User: arn:aws:iam::345887413548:user/amplify-user is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action ```

Additional information

No response

Before submitting, please confirm:

• [X] I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• [X] I have removed any sensitive information from my code snippets and submission.

[josefaidt]

Hey @oshchepkov :wave: thanks for raising this! The AdministratorAccess-Amplify managed policy currently does not have all IAM policies needed for container-based deployments. While we work to improve this can you manually add this permission in an inline policy on your user amplify-user? Or use the AdministratorAccess managed policy

[josefaidt]

I'll transfer this to our Studio repo for updating the managed policy to include route53:ListHostedZones

[oshchepkov]

Thank you @josefaidt . Adding new inline policy with "route53:ListHostedZones" action to my "amplify-user" has resolved my issue.