2回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
As per the documentation https://docs.aws.amazon.com/codebuild/latest/userguide/troubleshooting.html#troubleshooting-assume-role, the issue could be either STS is not active for the AWS region or CodeBuild service role associated with the build project does not exist or does not have sufficient permissions to trust CodeBuild.
回答済み 1年前
0
Would it work if you modify the trusted relationship as follows?
Before
"Principal": { "Service": "codebuild.amazonaws.com" },
After
"Principal": { "AWS": "arn:aws:iam::331879450537:role/codebuild-kubernetes-eks-service-role" },
I think that the principal that call the AssumeRole operation is not codebuild, but codebuild-kubernetes-eks-service-role
.
Of course, codebuild-kubernetes-eks-service-role
must have permission to call assume role too.
回答済み 1年前