Using CodePipeline - deploy a CloudFormation stack to another account

0
votes

I am configuring a CodePipeline in Account 00000000000.

I would like to deploy a CloudFormation stack

  • by executing a CloudFromation template via the CodePipeline
  • but not in account 123456789123 and not in 00000000000

Question

How do I configure the CodePipeline action of type "Deploy" to do so?
Especially how do I point it to the account 123456789123 ?

What I did so far

I assume it works via roles.123456789123.

I created an IAM role in account 123456789123,
with trust to the account 00000000000,
with trust to the service cloudformation.
I named it arn:aws:iam::123456789123:role/CFDep

Below is the configuration of my CodePipeline-Action. I am getting an error The role name is invalid. Check that the specified role exists and can be assumed by AWS CloudFormation. Why?

enter image description here

1
amazon-cloudformationaws-codepipeline

1 Answers

1
votes

From the docs:

You cannot use the AWS CodePipeline console to create or edit a pipeline that uses resources associated with another AWS account. However, you can use the console to create the general structure of the pipeline, and then use the AWS CLI to edit the pipeline and add those resources. Alternatively, you can use the structure of an existing pipeline and manually add the resources to it.

You can do one of the following 2 things:

  1. Use aws codepipeline cli to edit the pipeline

    aws codepipeline update-pipeline --cli-input-json file://pipeline.json

    OR

  2. Create the pipeline itself using cloudformation

    You can use this pipeline definition from aws reference architecture for cross account pipeline as a starting point for your template.