Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Unable to create pipeline because of service role

Even though I have created just a role specific to codepipeline and code build I am getting this error. Whatever I do I am unable to get rid of it. Anyone know how to resolve this?

Could not update the service role policy. The following message contains details on the exception: The policy is attached to 0 entities but it must be attached to a single role

like image 829
kru Avatar asked Nov 05 '20 15:11

kru


People also ask

How do you create a pipeline role?

Sign in to the AWS Management Console and open the CodePipeline console at http://console.aws.amazon.com/codesuite/codepipeline/home . Choose Create pipeline and complete the Step 1: Choose pipeline settings page in the pipeline creation wizard. After you create a pipeline, you cannot change its name.

What is the pipeline execution role ARN for?

In CodePipeline, the primary resource is a pipeline. In a policy, you use an Amazon Resource Name (ARN) to identify the resource that the policy applies to. CodePipeline supports other resources that can be used with the primary resource, such as stages, actions, and custom actions.

Is not authorized to perform CodePipeline?

I am not authorized to perform an action in CodePipeline If the AWS Management Console tells you that you're not authorized to perform an action, you must contact your administrator for assistance. Your administrator is the person who provided you with your user name and password.


2 Answers

This is happening because the the checkbox for "Allow AWS CodeBuild to modify this service role so it can be used with this build project" is selected from the edit page, and the generated policy is not attached to the role that is selected in the "Service role" field.

When you check the box for "Allow AWS CodeBuild to modify this service role so it can be used with this build project", CodeBuild creates a policy of format "CodeBuildBasePolicy-project-name-region". If this policy is created already(previous builds), it must be attached to the service role that CodeBuild is using so that CodeBuild will be able to modify it accordingly.

like image 73
shariqmaws Avatar answered Oct 23 '22 20:10

shariqmaws


In my case I had previous policy that was already unused. When I deleted it, the problem was solved.

Follow these steps:

  1. open IAM
  2. policies
  3. add "Edited time" column and sort desc
  4. there will be visible unused policies causing problem
  5. delete them
like image 7
Jarda Pavlíček Avatar answered Oct 23 '22 20:10

Jarda Pavlíček