Choose your framework/language

v5v6
Edit on GitHub

Page updated Jan 16, 2024

Manage team access

With Amplify Studio, team members with different job functions can collaborate on different aspects of a project deployed in Amplify. Studio developers can create accounts with admin or manage-only access to resources and invite team members to join via email.

Follow these instructions to add and manage team members and their access to a project.

To invite team members to access a project

  1. Sign in to the AWS Management Console and open AWS Amplify.
  2. Select your Amplify project with Amplify Studio enabled.
  3. In the navigation pane, choose Amplify Studio settings.
  4. On the Amplify Studio settings page, in the Access control settings section, choose Add team members.
  5. For Email, enter the email address of the team member to invite.
  6. For Access level, choose the level of access to grant the team member.
  • Full access allows the team member to create and manage AWS resources.
  • Manage only access allows the team member to edit app content and users.
  1. To email the invitation, choose Send invite. The team member receives an email with temporary credentials and a link to access the project in Studio.

Granting a user the Full Access level attaches the AdministratorAccess-Amplify IAM policy. This IAM policy is not scoped to a single application and grants the user access to all applications within the AWS account. See AWS managed policies for AWS Amplify for more details.

To edit team member access or delete a user

  1. Sign in to the AWS Management Console and open AWS Amplify.
  2. Select your Amplify project with Amplify Studio enabled.
  3. In the navigation pane, choose Amplify Studio settings.
  4. On the Amplify Studio settings page, in the Access control settings section, select the team member to edit or delete.
  5. Do one of the following:
  • Choose Edit. In the Edit team member(s) window, choose the Access level for the team member.
  • Choose Delete. In the Delete users window, confirm the delete action.

If a team member logs into Amplify Studio, their login token is valid for 5 hours 30 minutes, unless they explicitly log out. When you change a team member's permission from Full access to Manage only or when you delete a team member's access, the team member can continue accessing Amplify Studio with their previously granted permissions until their token expires.

Understanding how Studio manages user access

The following resources are all managed by Studio. Manual changes to these resources may affect your login experience.

User pool

Studio manages user access using an Amazon Cognito User Pool in your account. You can invite up to 50,000 monthly users to Studio without cost.

Studio manages user access using an Amazon Cognito User Pool in your account, named:

  • amplify_backend_manager_APPID.

IAM Roles

In order to give the Full access and Manage only groups the necessary permissions, Studio creates 2 IAM roles, named:

  • USERPOOLID_Full-access
  • USERPOOLID_Manage-only

Cognito Identity Pool

An Amazon Cognito Identity Pool is also created to vend AWS credentials that are tied to the Full access and Manage only groups, named:

  • amplify_backend_manager_APPID

Cognito Lambda triggers

To provide a passwordless login experience from AWS Amplify Console to Amplify Studio, Studio creates 4 Cognito Lambda triggers associated with the above-mentioned User Pool, named:

  • amplify-login-create-auth-challenge-SHORT_CODE
  • amplify-login-custom-message-SHORT_CODE
  • amplify-login-define-auth-challenge-SHORT_CODE
  • amplify-login-verify-auth-challenge-SHORT_CODE

Troubleshooting

If your Studio application experiences any issues logging in or the resources have been deleted, you can re-create the resources by disabling and then re-enabling Studio for your Amplify Project on the Amplify management console.

  1. Sign in to the AWS Management Console and open AWS Amplify.
  2. Select your Amplify project with Amplify Studio enabled.
  3. In the navigation pane, choose Amplify Studio settings.
  4. Turn off Enable Amplify Studio.
  5. Turn on Enable Amplify Studio.

Disabling and re-enabling Amplify Studio will remove and recreate the Amplify Studio managed User pool resource used to access your project, and you will need to re-invite your users to provide access to your Amplify Project. Disabling and re-enabling Amplify Studio will not modify any resources on your Amplify Project.

I am not authorized to perform an action in Amplify

If you receive an error that you're not authorized to perform an action, your policies must be updated to allow you to perform the action.

If you need help, contact your AWS administrator. Your administrator is the person who provided you with your sign-in credentials. See AWS managed policies for AWS Amplify for more details.

PREVIOUS
Extend with the Amplify CLI
NEXT
Custom domains
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2024, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.