CodePipeline Service Role Insufficient Permission for CodeStar Connections

Question

I'm setting up a CodePipeline with a source action of GitHub using OAuth app. But it failed in source action with the following error.

```Unable to use Connection: arn:aws:codeconnections*************************. The provided role does not have sufficient permissions.```

I searched AWS documentation and came across with this.

```
{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": [
            "codeconnections:UseConnection"
        ],
        "Resource": "arn:aws:codeconnections:us-west-2:connection/aEXAMPLE-8aad-4d5d-8878-dfcab0bc441f"
    }
}
```

I added this policy to CodePipeline Service Role. But the error persists.

Ye Htet Maung Maung · Accepted Answer

Yeah, I resolved it now. Thanks, Gary.

I checked cloud trail events and found that the resource arn on which access denied error showing was. **arn:aws:codeconnections:**. In my policy attached to CodePipeline Service Role, it was **arn:aws:codestar-connections:**. I used visual editor to generate this policy tho. Could you please let me know what is different between these two? Or some link to doc will be also a great help.

Best Regards,
Ye Htet Maung Maung

Andrii Shykhov · Answer

I had the same issue in my pipeline and only after changing from "codeconnections:UseConnection" to "codestar-connections:UseConnection" in the IAM policy the issue was solved.

Gary Mclean · Answer

I would also check cloudtrail history for access denied errors for the role you are having issues with.

CodePipeline Service Role Insufficient Permission for CodeStar Connections

Add your answer

Relevant content