@rschiefer , Thank you for reaching out. Can you check the app manifest for the AWS application under the Application Registration portal and check for the role name under the appRoles array. Look for the appRoles and check if the isEnabled key for each of those are set to true or false. If they are showing as disabled mostly they might have got disabled from app manifest somehow.
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.