CODEWITHSUNDEEP
amazon-web-servicescloudaws-codepipeline
user12913705
user12913705

Reputation:

Could not create role AWSCodePipelineServiceRole

I'm trying to auto-deploy my static websites Github changes to my s3 bucket and when I went to create the pipeline, it threw a "Could not create role AWSCodePipelineServiceRole" error.

My github has permissions setup correctly. The repo name, bucket name, and object key are correct.

Has anyone ever encountered this?

Upvotes: 0

Views: 4919

Answers (4)

SanjoS30
SanjoS30

Reputation: 168

I had to add these 4 policies to get the CodePipeline creation issue fixed.

            "iam:CreateRole",
            "iam:CreatePolicy",
            "iam:AttachRolePolicy",
            "iam:PassRole"

Upvotes: 0

Fabien Haddadi
Fabien Haddadi

Reputation: 2080

I resolved this issue by:

  1. Step 1: adding the deployment user I was logged on as into a Deployers Group, to which I granted the IAMFullAccess policy.

  2. Step 2: I successfully created the pipeline by following the same steps as indicated by the AWS tutorial.

  3. Step 3: once create, I reversed engineered the group and single policy attached to it that the wizard created. It showed a really long policy that you can't really invent. The IAM section being:

    "Statement": [ { "Action": [ "iam:PassRole" ], "Resource": "*",

I am just concerned that the Deployers group I created now has IAMFullAccess...

Also, I found that if you are logged as an admin, and add privileges to an IAM user, that user may not immediately enjoy these new privileges. I decided to log out and log back in to commit them. Maybe there is a lighter way, but I couldn't find it.

Upvotes: 3

Safiqur Rhaman
Safiqur Rhaman

Reputation: 48

Try couple of things:

  1. Try to create the IAM role with different name (e.g. AWSCodePipelineServiceRole2020).

  2. Give the pipeline a different name and keep the role name as it is (auto generated) by pipline.

I hope this will help.

Upvotes: 0

shariqmaws
shariqmaws

Reputation: 8890

The reason behind the issue was that your IAM user (the user you are logged in as) is restricted to create role with service role name 'AWSCodePipelineServiceRole'.

In order to provide IAM user permission to create role with service role name ‘AWSCodePipeline*’ e.g. ‘AWSCodePipelineServiceRole-us-east-1-test’, you need to attach the below policy to your IAM user:

{

    "Version": "2012-10-17", 
    "Statement": [
        {    
            "Sid": "VisualEditor0",
            "Effect": "Allow",    
            "Action": "iam:CreateRole",    
            "Resource": "arn:aws:iam::*:role/AWSCodePipeline*"    
        }    
    ]    
}

Upvotes: 2

Related Questions