Reputation: 167
AWS CodeDeploy does not have the permissions required to assume the role
I am trying to set up CI/CD with AWS + EC2 and am stuck when creating Deployment Group. The role of CodeDeploy has policies AWSCodeDeployRole and AWSCodeDeployRoleForECS but it throws an error. I tried giving it Admin rights but it is still not enough. Am I missing something? Thanks for any help!
Upvotes: 16
Views: 14884
Answers (1)
Reputation: 8593
You have a role that has the permissions required for the codedeploy to perform the deployment. What you are missing here is, You should have a trust policy defined in the role that allows codedeploy to assume the role.
Goto IAM console and select the role from the roles section
Click Trust relationships
Click Edit trust Relationships
Add the following trust policy to allow code deploy service to assume this role.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": [ "codedeploy.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
Reference: Create a service role for CodeDeploy
Upvotes: 46
Related Questions
- AWS Codepipeline: Deployment failed. The provided role does not have sufficient permissions: Failed to deploy application
- AWS CodeDeploy: Service role Cannot assume role provided
- AWS CodeDeploy stuck in AllowTraffic step
- AWS CodeDeploy keeps running as root, breaks after first run
- CodeDeploy step of CodePipeline because of insufficient role permissions
- AWS CodeDeploy "Cross-Account Pass Role Not Allowed" error
- The provided role does not have sufficient permissions to access CodeDeploy
- Service Role ARN blank in CodeDeploy
- AWS CodeDeploy Access Denied error
- AWS CodeDeploy Duplicate permission