By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Role is not valid

0

Hello everyone,

I am using Code Pipeline to trigger a Code Deploy deployment. The setup is working for the same application in 2 other different AWS accounts, but not on the 3rd account.

When the deployment is triggered, it fails immediately with "Role is not valid". I have no more information about why the role is not valid.
What I already tried that gave me same result:

  • recreate the pipeline with a different name
  • clone another pipeline and then reconfigure the new one
  • delete the Code Deploy deployment configuration and recreate it
  • took the JSON value of a working policy attached to the Role, compared it to the role generated by the pipeline, no differences
  • choose a shorter name for my pipeline (and the role automatically generated)

--> How to get more information about why the role is not valid ?
--> Any suggestions to solve my problem ?

I would be very grateful ! Thanks

Notes:
the deploy action I am triggering is "Amazon ECS (Blue/Green)"
I am using this king of setup: https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-ecs-ecr-codedeploy.html

Topics
Developer Tools
Tags
AWS CodeDeploy
Language
English
tonyengineering
asked 4 years ago3735 views
2 Answers
2

Hi again,
I resolved the issue.
After contacting AWS Support I got some suggestion to resolve the issue:

"one possible cause of this error is the ECS Task Execution Role, defined in the task definition. It is possible that the arn of the ECS task execution role has an error or typo
This could occur, for example, if the task definition is the same as in another account - the role provided may be from that account."

Indeed, the role is cause was not the role used to create the pipeline, or the "ECS Task Execution Role" itself (defined in the AWS account). The problem was the dynamic configuration I was providing to code deploy in "taskdefinition.json". I had to fix the value I provide for the attribute "executionRoleArn".

Suggestion to AWS: display a more explicit error message (tell at least which role is in cause).

Cheers,
Tony

tonyengineering
answered 4 years ago
0

I bumped into the same error message while operating via CI.
It turned out that I forgot to assume the user role before calling ECS operation.

mkalinovits
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content