Role does not have permission for AWS service: AmazonAutoScaling

0

I've been trying to get the Blue/Green deployment scenario working for a day now without much luck. I've been able to use a role and deploy to an Auto Scaling Group successfully not using Blue Green, but when I try that scenario, during deployment, I get the following permission error:

"The IAM role <my role> does not give you permission to perform operations in the following AWS service: AmazonAutoScaling. Contact your AWS administrator if you need help. If you are an AWS administrator, you can grant permissions to your users or groups by creating IAM policies."

My role <my role> is a simple role that has the "AWSCodeDeployRole" attached to it. In CloudTrail, I do see an "AccessDeniedException" for event name "CreateAutoScalingGroup", however, that permission appears to be in the AWSCodeDeployRole as "autoscaling:CreateAutoScalingGroup".

Has anyone run into this? Am I missing some extra policy that needs to be attached to my role?

asked 4 years ago295 views
1 Answer
0

I figured out the 2 permissions needed to get past this error, I created the policy below and attached it to the Code Deploy role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole",
                "ec2:RunInstances"
            ],
            "Resource": "*"
        }
    ]
}

Edited by: mguignard on Jan 22, 2019 4:38 AM

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions