Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error deploying resources: Access denied for 'DescribeKey' on AWS::KMS::Key #14022

Closed
rohit3d2003 opened this issue Nov 19, 2024 · 4 comments
Closed

Error deploying resources: Access denied for 'DescribeKey' on AWS::KMS::Key #14022

rohit3d2003 opened this issue Nov 19, 2024 · 4 comments
Labels
custom-cdk Issues related to custom CDK resource functionality pending-response Issue is pending response from the issue author pending-triage Issue is pending triage

Comments

@rohit3d2003
Copy link

Describe the bug

I'm encountering an error when attempting to deploy resources using amplify push with the latest Amplify CLI. The error message is: "Unable to retrieve Arn attribute for AWS::KMS::Key, with error message Access denied for operation 'DescribeKey'."

Steps To Reproduce

Steps to reproduce the behavior:
1. Create AWS KMS using custom resources in Amplify.
2. Create Lambda functions that depend on KMS to decrypt existing secret.
3. Run amplify push to deploy the resources.
4. Observe the error message related to KMS permissions.

Expected behavior

The resources should deploy successfully without encountering permission issues.

Amplify Framework Version

2.44.0

Amplify Categories

API, Auth, DataStore, Storage

Dependency manager

Swift PM

Swift version

6.0.2

CLI version

12.13.1

Xcode version

16.1

Relevant log output

<details>
<summary>Log Messages</summary>


INSERT LOG MESSAGES HERE
```

Is this a regression?

Yes

Regression additional context

No response

Platforms

iOS

OS Version

iOS 18.1

Device

iphone 16

Specific to simulators

No response

Additional context

No response
@github-actions github-actions bot added the pending-triage Issue is pending triage label Nov 19, 2024
@vincetran
Copy link
Member

Since this is related to being unable to push using the CLI, I'm transfering this to amplify-backend who owns the CLI tooling

@vincetran vincetran transferred this issue from aws-amplify/amplify-swift Nov 20, 2024
@ykethan ykethan transferred this issue from aws-amplify/amplify-backend Nov 20, 2024
@ykethan ykethan added the custom-cdk Issues related to custom CDK resource functionality label Nov 20, 2024
@ykethan
Copy link
Member

ykethan commented Nov 20, 2024

Hey @rohit3d2003, thank you for reaching out.
When creating custom resources using Amplify CLI, the CLI may require additional permissions outside the Amplify managed policy, AdministratorAccess-Amplify. Please refer to the Amplify IAM Policy documentation for additional information regarding the necessary permissions for Amplify CLI and for more information on providing additional permissions to your Amplify CLI IAM user refer to AWS IAM User documentation.

@ykethan ykethan added the pending-response Issue is pending response from the issue author label Nov 20, 2024
@ykethan
Copy link
Member

ykethan commented Nov 28, 2024

Closing the issue due to inactivity. Do reach out to us if you are still experiencing this issue

@ykethan ykethan closed this as not planned Won't fix, can't repro, duplicate, stale Nov 28, 2024
@github-actions GitHub Actions
Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
custom-cdk Issues related to custom CDK resource functionality pending-response Issue is pending response from the issue author pending-triage Issue is pending triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vincetran @rohit3d2003 @ykethan