Hi guys can you help with the error at the topic? I followed this one tutorial to integrate cloud formation guard into CI/CD pipeline. I need to create a policy for codepipeline, the policy as below:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"codecommit:UploadArchive",
"codecommit:CancelUploadArchive",
"codecommit:GetCommit",
"codecommit:GetUploadArchiveStatus",
"codecommit:GetBranch",
"codestar-connections:UseConnection",
"codebuild:BatchGetBuilds",
"codedeploy:CreateDeployment",
"codedeploy:GetApplicationRevision",
"codedeploy:RegisterApplicationRevision",
"codedeploy:GetDeploymentConfig",
"codedeploy:GetDeployment",
"codebuild:StartBuild",
"codedeploy:GetApplication",
"s3:*",
"cloudformation:*",
"ec2:*"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"cloudformation.amazonaws.com",
"ec2.amazonaws.com"
]
}
}
}
]
}
Name for this policy is CodePipeline-Cfn-Guard-Demo-Role
Then i create a trust policy for the CodePipeline, the trust policy looks like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Then i create the role called CodePipeline-Cfn-Guard-Demo-Role with this trust policy. Then i attached the created policy called CodePipeline-Cfn-Guard-Demo.
Then after i want to try to create the pipeline i got the following error CodePipeline is not authorized to perform AssumeRole on role arn:aws:iam::<>:role/CodePipeline-Cfn-Guard-Demo-Role
Can help me with this problem?
Thank you!