25

I'm setting up a CodePipeline, and I created an action to fetch the source from GitHub.

This requires to set up a connection, which I did, and things look fine also on GitHub's side.

However, if I release a change to the pipeline, I see the following error at the source stage:

Insufficient permissions
Unable to use Connection: arn:aws:codestar-connections:us-east-1:REDACTED:connection/REDACTED. The provided role does not have sufficient permissions.

I added full CodeStar access to the pipeline's service role (which I found in the pipeline settings) and looks like this:

arn:aws:iam::REDACTED:role/service-role/AWSCodePipelineServiceRole-us-east-1-REDACTED

Does anybody have any idea of what might be missing? Thanks!

Salvatore Iovene
  • 2,064
  • 1
  • 17
  • 31

1 Answers1

47

The solution was to add this bit to the policy of the service role:

{
        "Effect": "Allow",
        "Action": "codestar-connections:UseConnection",
        "Resource": "insert ARN of the CodeStar connection here"
}
Salvatore Iovene
  • 2,064
  • 1
  • 17
  • 31
  • 1
    Thank you, it helped me. – Neo Oct 12 '20 at 15:16
  • 11
    I sometimes wonder if it weren't for these answers anyone would be able to use AWS! – hatef Aug 22 '21 at 08:56
  • I am using the CDK v2, my pipeline role `PipelineRole-12345` includes a policy that allows it to assume several other roles (i.e. `*Sourceproject-2B2Z1X5W31VD` ). If you're still having problems try adding to one of the roles that are assumed. – ayvazj May 16 '23 at 06:07