Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Using IAM roles with Amplify applications

PDF
RSS
Focus mode
Using IAM roles with Amplify applications - AWS Amplify Hosting

An IAM role is an IAM identity with specific permissions. The role's permissions determine what the identity can and cannot do in AWS. You can create IAM roles in your AWS account and use them to delegate permissions to Amplify Hosting. To learn more about roles, see IAM roles in the IAM User Guide.

You can use the following types of IAM roles to grant Amplify Hosting the permissions it needs to perform actions on your behalf or run compute code that accesses other AWS resources.

IAM service role

Amplify assumes this role to perform actions on your behalf. This role is required for applications with backend resources.

IAM SSR Compute role

Allows a server-side rendered (SSR) application to securely access specific AWS resources.

IAM SSR CloudWatch Logs role

When you deploy an SSR app, the app requires an IAM service role that Amplify assumes to allow Amplify to access Amazon CloudWatch Logs.

Topics
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.