adding to project started with admin UI causes IAM permission error

[amlcodes]

Describe the bug create new app and backend in amplify cli, run the amplify pull command for the env add amplify video (added both ivs and vods, but probably vod error presented itself) amplify push

Following resources failed

Resource Name: JobTemplate (AWS::MediaConvert::JobTemplate)
Event Type: create
Reason: User: arn:aws:sts::<num>:assumed-role/us-east-1_mxy87Akem_Full-access/amplifyadmin is not authorized to perform: mediaconvert:DescribeEndpoints on resource: arn:aws:mediaconvert:us-east-1:<num>:endpoints/* (Service: MediaConvert; Status Code: 403; Error Code: AccessDeniedException; Request ID: 523085d9-e09b-4c55-9cf8-4c65f1ed945a; Proxy: null)

Resource Name: ampli-S3Au-Q18L3KXWGWIC (AWS::IAM::Policy)
Event Type: create
Reason: Resource creation cancelled

[wizage]

Hello @amlcodes

This is usually an error because your IAM role can't spin up a MediaConvert Job template. I recommend checking out our recommended IAM template to verify you have the proper permissions.

IAM Permissions: https://github.com/awslabs/amplify-video/wiki/IAM-Permissions

Thanks, Sam Patzer

[armenr]

@wizage -- How can someone append these permissions to their amplify project in some kind of automated/"as-code" way? Say I want to be able to reproduce many copies of a given Amplify App on-demand --> in those cases, I couldn't/wouldn't want to manually go make changes to IAM or roles/policies.

Any guidance would be much appreciated!

[wizage]

Hey @armenr going to keep #239 open on this issue! But know this is something I want to fix but is a little out of my hands as I don't work on the Amplify team. I maintain this totally separately. That being said I do know we are working to get more compatibility and hoping to get some buy in from the Console team. This experience and other tickets only strengths our case to get support in the UI!

Keep your eyes peeled!