11

Even though I have created just a role specific to codepipeline and code build I am getting this error. Whatever I do I am unable to get rid of it. Anyone know how to resolve this?

Could not update the service role policy. The following message contains details on the exception: The policy is attached to 0 entities but it must be attached to a single role

kru
  • 403
  • 5
  • 18
  • Does this answer your question? [Unable to update Service Role in CodeBuild with error "The policy was not attached to role"](https://stackoverflow.com/questions/63660385/unable-to-update-service-role-in-codebuild-with-error-the-policy-was-not-attach) – tripleee Sep 14 '22 at 19:10

3 Answers3

16

This is happening because the the checkbox for "Allow AWS CodeBuild to modify this service role so it can be used with this build project" is selected from the edit page, and the generated policy is not attached to the role that is selected in the "Service role" field.

When you check the box for "Allow AWS CodeBuild to modify this service role so it can be used with this build project", CodeBuild creates a policy of format "CodeBuildBasePolicy-project-name-region". If this policy is created already(previous builds), it must be attached to the service role that CodeBuild is using so that CodeBuild will be able to modify it accordingly.

shariqmaws
  • 8,152
  • 1
  • 16
  • 35
  • Thank you, that worked for me. Actually I had orphan policy which was retaining me to get pass through the it. I removed everything completely and created new pipeline, and it worked. – kru Nov 06 '20 at 11:57
  • Worked for me too, reattached the already existing policies and fixed the issue – Bence Bodrogi Jan 19 '21 at 11:35
  • Worked for me too. In addition, depends on your setting, you can just search for policies with [project-name-region] because there might be `CodeBuildS3`, `CodeBuildCache`,... – Hùng Nguyễn Jan 22 '21 at 09:25
  • the codebuild role attaches new policies everytime to your role which also should be removed as it might end up as the orphan policy – kru Jun 02 '21 at 12:03
9

In my case I had previous policy that was already unused. When I deleted it, the problem was solved.

Follow these steps:

  1. open IAM
  2. policies
  3. add "Edited time" column and sort desc
  4. there will be visible unused policies causing problem
  5. delete them
Jarda Pavlíček
  • 1,636
  • 17
  • 16
0

I just had the same problem and shared my solution in this other answer. I hope it helps!

Raphael Setin
  • 557
  • 5
  • 10
  • Don't post a link to another answer as an answer, please. If the questions are really that similar, create a comment to suggest closing this question as a duplicate of the other one. – tripleee Sep 14 '22 at 19:10