Creating Code pipeline stack from Cloud Formation

Hello.

CT: "errorMessage": "User: arn:aws:iam::xxxxxxxxx:user/xxxxxxxx is not authorized to perform: iam:PassRole on resource: CodePipelinePolicy",

Judging from the content of the error message, it appears that the IAM user you are using does not have sufficient permissions to attach an IAM policy.
What IAM policy is set for the IAM user you are using?
Can you confirm if setting "AdministratorAccess" for the IAM user resolves the issue?
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AdministratorAccess.html

Also, when deploying CloudFormation with CodePipeline, permissions to operate CloudFormation are required in CodePipeline's IAM policy.
https://docs.aws.amazon.com/codepipeline/latest/userguide/security-iam.html#how-to-custom-role

  CodePipeLineRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: CodePipelinePolicy
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Principal:
              Service:
                - "codepipeline.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Path: "/"
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AWSCodeCommitReadOnly
      Policies:
        - PolicyName: CodePipelineAccess
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: "Allow"
                Action:
                  - logs:Describe*
                  - logs:Create*
                  - logs:Put*
                  - codepipeline:*
                Resource: "*"
              - Effect: "Allow"
                Action:
                  - cloudformation:CreateStack
                  - cloudformation:DeleteStack
                  - cloudformation:DescribeStacks
                  - cloudformation:UpdateStack
                  - cloudformation:CreateChangeSet
                  - cloudformation:DeleteChangeSet
                  - cloudformation:DescribeChangeSet
                  - cloudformation:ExecuteChangeSet
                  - cloudformation:SetStackPolicy
                  - cloudformation:ValidateTemplate
                Resource: "*"

AWSTemplateFormatVersion: 2010-09-09 Description: CodePipeline sample Parameters: CodeCommitRepoName: Type: String CodePipelineName: Type: String

Resources: CodePipeLineRole: Type: AWS::IAM::Role Properties: RoleName: CodePipelinePolicy AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "codepipeline.amazonaws.com" Action: - "sts:AssumeRole" Path: "/" ManagedPolicyArns: - arn:aws:iam::aws:policy/AWSCodeCommitReadOnly Policies: - PolicyName: CodePipelineAccess PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: #- codecommit:UploadArchive - logs:Describe* - logs:Create* - logs:Put* - codepipeline:* Resource: "*" # - PolicyName: PassRole # PolicyDocument: # Version: "2012-10-17"clear

    #     Statement:
    #       - Effect: "Allow"
    #         Action:
    #           - iam:PassRole
    #         Resource: "arn:aws:iam::216564071998:role/CodePipelinePolicy"

CodePipeline: Type: 'AWS::CodePipeline::Pipeline' Properties: ExecutionMode: SUPERSEDED Name: !Ref CodePipelineName PipelineType: V2 RoleArn: !GetAtt [CodePipeLineRole, Arn] Tags: - Key: DeploymentType Value: "CloudFormation" Stages: - Name: Source Actions: - Name: CheckoutSourceTemplate ActionTypeId: Category: Source Owner: AWS Version: 1 Provider: CodeCommit Configuration: PollForSourceChanges: False RepositoryName: !Ref CodeCommitRepoName BranchName: main OutputArtifacts: - Name: TemplateSource RunOrder: 1 - Name: Deploy Actions: - Name: CreateStack ActionTypeId: Category: Deploy Owner: AWS Provider: CloudFormation Version: 1 InputArtifacts: - Name: TemplateSource Configuration: ActionMode: CREATE_UPDATE RoleArn: !Ref CodePipeLineRole StackName: pipeline Capabilities: CAPABILITY_IAM TemplateConfiguration: TemplateSource::test-configuration.json TemplatePath: TemplateSource::template.yml RunOrder: 1