Salvatore Iovene
Reputation: 2323
AWS CodePipeline: source action has insufficient permissions for CodeStar connection
I'm setting up a CodePipeline, and I created an action to fetch the source from GitHub.
This requires to set up a connection, which I did, and things look fine also on GitHub's side.
However, if I release a change to the pipeline, I see the following error at the source stage:
Insufficient permissions
Unable to use Connection: arn:aws:codestar-connections:us-east-1:REDACTED:connection/REDACTED. The provided role does not have sufficient permissions.
I added full CodeStar access to the pipeline's service role (which I found in the pipeline settings) and looks like this:
arn:aws:iam::REDACTED:role/service-role/AWSCodePipelineServiceRole-us-east-1-REDACTED
Does anybody have any idea of what might be missing? Thanks!
Upvotes: 28
Views: 10039
Answers (1)
Salvatore Iovene
Reputation: 2323
The solution was to add this bit to the policy of the service role:
{
"Effect": "Allow",
"Action": "codestar-connections:UseConnection",
"Resource": "insert ARN of the CodeStar connection here"
}
Upvotes: 58
Related Questions
- What GitHub permissions does CodePipeline need to work with a repository?
- AWS CodePipeline - artifact file permission denied
- AccessDeniedException when trying to open Code pipeline
- AWS CodePipeline permission error on Release change action
- AWS CodePipeline error: Cross-account pass role is not allowed
- Codepipeline S3 Bucket access denied in Codebuild
- AWS CodeCommit Permissions Errors in CodePipeline
- CodeDeploy step of CodePipeline because of insufficient role permissions
- AWS CodePipeline Action execution failed
- AWS CodePipeline - Insufficient permissions Unable to access the artifact error