Cannot edit Content in Amplify Studio as cannot change to IAM permissions

[PeteDuncanson]

How did you install the Amplify CLI?

yarn

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

v10.4.2

What operating system are you using?

Windows

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

Nope

Describe the bug

Trying to give Amplify Studio a whirl for editing content but when I click on the Content link I get this message shown:

IAM is required as an auth provider to use content management capabilities. To automatically add IAM and enable content management, navigate to 'Data' and select 'Save and Deploy'.

Going to "Data" the "Save and Deploy" button is always grayed out. I found the IAM option in the drop down under "GraphQL settings" link under the heading but can't seem to find a way to save the change, when I go back to "Data" as instructed the "Save and Deploy" button is still greyed out.

As a result I'm stuck.

Additionally I don;t know if changing my default auth mode to "IAM" is going to blow up my auth for my app or not? It is currently set to Cognito User Pools.

Expected behavior

The helpful pointers on how to unstick it actually unstick it.

Reproduction steps

1. Go to Amplify Studio
2. Click on the "Content" link
3. Click the "Data" link in the error message
4. See that you can't change/save anything

To be fair my project is over 2+ years old and uses @searchable etc. so might be out of the scope of what Studio can handle but it telling me that would be handy.

Project Identifier

No response

Log output

# Put your logs below this line

Additional information

Before submitting, please confirm:

• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
• I have removed any sensitive information from my code snippets and submission.

[ykethan]

hey @PeteDuncanson, thank you for reaching. Amplify Studio utilizes IAM auth as a auth provider with @auth(rules: [{ allow: public }]) added to the models. Could add the IAM auth provider and auth rule as public and push the models using Amplify CLI. Additionally, Studio data modelling currently does not support the following directives and field level parameters.

// field level
Default
Function
Http
Predictions
PrimaryKey
Auth

// model level
Searchable
MapsTo

Mutation
Query
Subscription


// auth directive parameters
groupClaim
groupsField
custom groupClaim auth rule
custom identityClaim
oidc and function providers
array type for ownerField 

clicking on why is my visual editor disabled should also provide additional information.
PR to add this information: aws-amplify/docs#5163

[PeteDuncanson]

@ykethan I'm confused by the public setting, that will make everything available to everyone will it not? How does this help me allowing an editor to update content within my DynamoDB using Amplify Studio without just making it so everyone can edit it?

Can you give me an example of what a type should be decorated with auth wise to make it
a) editable within Amplify Studio
b) ensures only logged in users with permissions can actually edit it

Pete

[ykethan]

Hey @PeteDuncanson, apologies. the public rule was an example for the data manager to test functionality. Wanted to provide some additional information about studio.

Currently, the data manager to be editable requires IAM auth added as either a default or additional auth auth mode with conflict detection enabled as well. From the information provided I understand the save and deploy is currently disabled, could you utilize the Amplify CLI to add the IAM auth to your GraphQL API?
I was also informed that the save and deploy is currently disabled due to @searchable directive being present on the data model.
Additionally, the Data manager only requires the @auth directive to be added to the data model to utilize its functionality.
again apologies if this caused any misunderstanding.

[ykethan]

Hey @PeteDuncanson , it was great chatting with you today. Do let me know if i can close this issue.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[CandideKirk]

I am facing the exact same issue described here - added IAM as secondary auth mechanism using CLI and pushed to Amplify and even though it said successfully deployed I can't see the IAM addition on the GraphQL API settings page. Is there any chance we can talk through the project with you @ykethan as we're facing multiple issues around authorization and access both on the app and the console.