Support of service auth/unauth roles created by Cognito Console while integrating-File storage using Amplify Studio Console.

[Jyoti-dmi]

Describe the feature you'd like to request

To be able to use the service role : arn:aws:iam:::role/service-role/my-role create by the Cognito with Amplify Studio Console to integrate-File storage(i.e. using Create a new S3 bucket).

Describe your use case and how the feature would improve your experience.

When creating the roles using Congito Console, the Cognito console will prepend service-role/ to whatever IAM role name you specify.

For example:

The role arn will be created as: arn:aws:iam::<account-id>:role/service-role/testrole

However, when adding the storage using Amplify Studio Console, it is throwing an error message as mentioned below even if the role name is fine:

The specified value for roleName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-

Reproduction steps:

1. Create a Cognito Identity Pool with defaults specified for Authenticated and Unauthenticated roles using the Cognito console. This will append role arn with service-role/
2. Go to Amplify Studio Console and after configuring the Cognito authentication, try adding storage(i.e. using Create a new S3 bucket)--> Create Bucket.
3. Receive exception: The specified value for roleName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
   For example:

When I am using another auth/unauth roles(which is in format: arn:aws:iam::<account-id>:role/my-role-name ), then it is getting integrated successfully.

I see here: #12817 that Amplify CLI supports service roles now. Would it be possible to add the same for Amplify Studio Console as well?

Describe alternatives you've considered

When I am using another auth/unauth roles(which is in format: arn:aws:iam::<account-id>:role/my-role-name ), then it is getting integrated successfully.

Additional context

No response

[ykethan]

Hey @Jyoti-dmi, thank you for reaching out. I was able to reproduce this issue. Marking as bug.
Transferring the issue to Amplify CLI repository as I was able to reproduce this using the CLI.

Reproduction steps:

1. create a user pool and identity pool with auth and unauth roles on the AWS Cognito console.
2. amplify import auth
3. amplify push
4. amplify add storage
5. amplify push

Observe errors on S3 policies as the template refers to the authRole.

[rtpascual]

The fix was released with Amplify CLI v12.8.0

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.