Manage team access
With Amplify Studio, team members with different job functions can collaborate on different aspects of a project deployed in Amplify. Studio developers can create accounts with admin or manage-only access to resources and invite team members to join via email.
Follow these instructions to add and manage team members and their access to a project.
To invite team members to access a project
- Sign in to the AWS Management Console and open AWS Amplify.
- Select your Amplify project with Amplify Studio enabled.
- In the navigation pane, choose Amplify Studio settings.
- On the Amplify Studio settings page, in the Access control settings section, choose Add team members.
- For Email, enter the email address of the team member to invite.
- For Access level, choose the level of access to grant the team member.
- Full access allows the team member to create and manage AWS resources.
- Manage only access allows the team member to edit app content and users.
- To email the invitation, choose Send invite. The team member receives an email with temporary credentials and a link to access the project in Studio.
To edit team member access or delete a user
- Sign in to the AWS Management Console and open AWS Amplify.
- Select your Amplify project with Amplify Studio enabled.
- In the navigation pane, choose Amplify Studio settings.
- On the Amplify Studio settings page, in the Access control settings section, select the team member to edit or delete.
- Do one of the following:
- Choose Edit. In the Edit team member(s) window, choose the Access level for the team member.
- Choose Delete. In the Delete users window, confirm the delete action.
Understanding how Studio manages user access
User pool
Studio manages user access using an Amazon Cognito User Pool in your account. You can invite up to 50,000 monthly users to Studio without cost.
Studio manages user access using an Amazon Cognito User Pool in your account, named:
- amplify_backend_manager_APPID.
IAM Roles
In order to give the Full access and Manage only groups the necessary permissions, Studio creates 2 IAM roles, named:
- USERPOOLID_Full-access
- USERPOOLID_Manage-only
Cognito Identity Pool
An Amazon Cognito Identity Pool is also created to vend AWS credentials that are tied to the Full access and Manage only groups, named:
- amplify_backend_manager_APPID
Cognito Lambda triggers
To provide a passwordless login experience from AWS Amplify Console to Amplify Studio, Studio creates 4 Cognito Lambda triggers associated with the above-mentioned User Pool, named:
- amplify-login-create-auth-challenge-SHORT_CODE
- amplify-login-custom-message-SHORT_CODE
- amplify-login-define-auth-challenge-SHORT_CODE
- amplify-login-verify-auth-challenge-SHORT_CODE
Troubleshooting
If your Studio application experiences any issues logging in or the resources have been deleted, you can re-create the resources by disabling and then re-enabling Studio for your Amplify Project on the Amplify management console.
- Sign in to the AWS Management Console and open AWS Amplify.
- Select your Amplify project with Amplify Studio enabled.
- In the navigation pane, choose Amplify Studio settings.
- Turn off Enable Amplify Studio.
- Turn on Enable Amplify Studio.
I am not authorized to perform an action in Amplify
If you receive an error that you're not authorized to perform an action, your policies must be updated to allow you to perform the action.
If you need help, contact your AWS administrator. Your administrator is the person who provided you with your sign-in credentials. See AWS managed policies for AWS Amplify for more details.