Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Why Codepipeline Generated Role is Missing Granting Access Rights to Logs?

0

I have created Codepipeline before without issues but since we migrated to AMZ Linux 2 latest ROR platform for Beanstalk we encountered errors and we were instructed by Support to edit the auto generated role to allow access to Logs. Why isn't Codepipeline correctly creating the right policy? Is this being fixed?

Currently we have to manually change the policy to enable log access when we create new pipelines.

Topics
Developer ToolsSecurity, Identity, & Compliance
Tags
IAM PoliciesAWS CodePipeline
Language
English
asked 3 years ago192 views
1 Answer
0

Currently, AWS CodePipeline does not automatically create the correct IAM policy for log access when using the latest Amazon Linux 2 platform for Elastic Beanstalk. This requires manual intervention to update the policy and grant necessary permissions.

Continue to manually edit the auto-generated IAM role to include log access permissions. Add the following permissions:

{
  "Effect": "Allow",
  "Action": [
    "logs:CreateLogGroup",
    "logs:CreateLogStream",
    "logs:PutLogEvents",
    "logs:DescribeLogStreams"
  ],
  "Resource": "arn:aws:logs:*:*:*"
}

Stay updated with AWS release notes for any announcements regarding this issue.

EXPERT
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content