Error creating CodeBuild project - CodeBuild is not authorized to perform...

Question

Hello Everyone, I am trying to build a codebuild CI/CD project on AWS with CodePipeline and Terraform. In fact I am trying to replicate this  repo [https://github.com/davoclock/aws-cicd-pipeline] following along with the instructions in this video [https://www.youtube.com/watch?v=JwTP3wZHYnU](video).

When I try to run terraform apply after setting up my pipeline, I get the following error "Error creating CodeBuild project: InvalidInputException: CodeBuild is not authorized to perform: sts:AssumeRole on arn:aws:iam::xxxxxxxxxxxx:role/tf-codebuild-role"

I will greatly appreciate any help with resolving this.

Accepted Answer

Can you check if your IAM role `tf-codebuild-role` has the correct trust policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-console.html#roles-managingrole_edit-trust-policy)?

It should grant codebuild permission to assume it, i.e.

```yaml
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sts:AssumeRole"
            ],
            "Principal": {
                "Service": [
                    "codebuild.amazonaws.com"
                ]
            }
        }
    ]
}
```

Error creating CodeBuild project - CodeBuild is not authorized to perform...

관련 콘텐츠