You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Observed result:
CodePipeline ExecuteChangeSet failed with this error:
API: iam:CreateRole User: arn:aws:sts::AccountId:assumed-role/CodeStarWorker-test-CloudFormation/AWSCloudFormation is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::AccountId:role/awscodestar-test-lambda-helloWorldRole-V5QUHYDCDRBA
So, I went on to add iam:CreateRole policy to the AWSCloudFormation role and I retried.
In IAM Policy Simulator, that AWSCloudFormation role was able to perform IAM CreateRole action.
However, I got the same error.
Expected result:
Expected a new role to be created with the Polly policy.
The text was updated successfully, but these errors were encountered:
I found out that I had to add a list of iam policies to my CodeStar CloudFormation role to enable the creation of role by CloudFormation using SAM function policies property in the yaml template.
@Trav-Uncommitted
sorry for late reply. I didn't have to add anything to CodeDeployRole. I just added some iam policies to the CloudFormation role to allow it to create roles. You can check out this article for more information.
Description:
One of my 'AWS::Serverless::Function' has a policies property like following (without a role property)
Observed result:
CodePipeline ExecuteChangeSet failed with this error:
API: iam:CreateRole User: arn:aws:sts::AccountId:assumed-role/CodeStarWorker-test-CloudFormation/AWSCloudFormation is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::AccountId:role/awscodestar-test-lambda-helloWorldRole-V5QUHYDCDRBA
So, I went on to add iam:CreateRole policy to the AWSCloudFormation role and I retried.
In IAM Policy Simulator, that AWSCloudFormation role was able to perform IAM CreateRole action.
However, I got the same error.
Expected result:
Expected a new role to be created with the Polly policy.
The text was updated successfully, but these errors were encountered: