How do I resolve AWS Amplify permission errors when using Duplo JIT IAM policy?

Context When working with AWS Amplify services through Duplo, you may encounter permission errors indicating that your assumed role is not authorized to perform Amplify actions like amplify:ListApps or amplify:CreateApp . This typically occurs because the standard Duplo JIT IAM policy doesn't include the necessary Amplify permissions by default. Answer To resolve AWS Amplify permission errors when using Duplo JIT IAM policy, you can use JIT Admin access which provides the necessary permissions to work with Amplify services. Steps to resolve: Instead of using standard JIT access, request JIT Admin access JIT Admin will provide you with the elevated permissions needed to perform Amplify operations including listing apps, creating apps, and other Amplify management tasks Once you have JIT Admin access, you should be able to work with Amplify services without encountering permission errors This solution allows you to continue using Amplify for deploying authentication frontends, MS Teams apps, static mini-sites, and other applications without needing to modify the underlying IAM policies. Note: While the standard Duplo JIT IAM policy could be extended to include Amplify read-only or full management actions, using JIT Admin access is the recommended immediate solution for accessing Amplify services.