(gen2-migration) `generate` command should grant additional policies when `read` access is configured for REST apis

[dgandhi62]

Is this feature request related to a new or existing Amplify category?

api

Is this related to another service?

No response

Describe the feature you'd like to request

When REST apis are configured in a Gen1 app with READ access, the following policies are granted -

amplify-cli/packages/amplify-category-auth/src/provider-utils/awscloudformation/service-walkthroughs/auth-questions.ts

Line 690 in b941072

case 'read':

These need to be supported in Gen2 by explicitly escape hatching permissions which aren't supported by Gen2 apis.

Describe the solution you'd like

Gen 2 has a action- permission mapping here in its source code: https://github.com/aws-amplify/amplify-backend/blob/11184215e2fe8db636dfb0cc55fefae5b43e3046/packages/backend-auth/src/userpool_access_policy_factory.ts#L115

The missing policies from Gen1 need to be escape hatched in amplify/backend.ts post generate

Describe alternatives you've considered

NA

Additional context

Related PR - #14600

Is this something that you'd be interested in working on?

• 👋 I may be able to implement this feature request

Would this feature include a breaking change?

• ⚠️ This feature might incur a breaking change

[dgandhi62]

Needs to happen for maintaining correct access policies, but not a critical or necessary feature that blocks functionality. Marking this as p3