You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am creating a SelfMutable pipeline using aws-cdk-lib.pipelines.CodePipeline. I encountered below error at synth build action in the pipeline.
"errorCode": "AccessDenied", "errorMessage": "User: arn:aws:sts::xxxxx:assumed-role/xxxxxx-builtinfunctionidMCodeBu-V0I6A784AUQR/1657765494245 is not authorized to perform: codebuild:StartBuild on resource: arn:aws:codebuild:xxx:xxx:project/xxxx because no identity-based policy allows the codebuild:StartBuild action",
Looking into the CloudFormation stack, I see the order of events as below.
I see builtinfunctionidMCodeBuildActionRoleDefaultPolicy is getting created after the pipeline. The policy gets attached to the role builtinfunctionidMCodeBuildActionRole7FA988CE used by the Synth action inside the pipeline.
As soon as I run the pipeline after its creation and before the creation of the policy builtinfunctionidMCodeBuildActionRoleDefaultPolicy I am encountering the above mentioned error for StartBuild API call. Pipeline execution after the policy is created is fine.
I think here there should be a 'DependsOn' attribute attached to the Policy resource to make sure it gets created and attached to the appropriate action roles before the pipeline is created.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am creating a SelfMutable pipeline using
aws-cdk-lib.pipelines.CodePipeline. I encountered below error at synth build action in the pipeline."errorCode": "AccessDenied", "errorMessage": "User: arn:aws:sts::xxxxx:assumed-role/xxxxxx-builtinfunctionidMCodeBu-V0I6A784AUQR/1657765494245 is not authorized to perform: codebuild:StartBuild on resource: arn:aws:codebuild:xxx:xxx:project/xxxx because no identity-based policy allows the codebuild:StartBuild action",Looking into the CloudFormation stack, I see the order of events as below.
I see
builtinfunctionidMCodeBuildActionRoleDefaultPolicyis getting created after the pipeline. The policy gets attached to the rolebuiltinfunctionidMCodeBuildActionRole7FA988CEused by the Synth action inside the pipeline.As soon as I run the pipeline after its creation and before the creation of the policy
builtinfunctionidMCodeBuildActionRoleDefaultPolicyI am encountering the above mentioned error forStartBuildAPI call. Pipeline execution after the policy is created is fine.I think here there should be a 'DependsOn' attribute attached to the Policy resource to make sure it gets created and attached to the appropriate action roles before the pipeline is created.
Beta Was this translation helpful? Give feedback.
All reactions