AWS CodePipeline: source action has insufficient permissions for CodeStar connection

Question

I'm setting up a CodePipeline, and I created an action to fetch the source from GitHub.

This requires to set up a connection, which I did, and things look fine also on GitHub's side.

However, if I release a change to the pipeline, I see the following error at the source stage:

Insufficient permissions
Unable to use Connection: arn:aws:codestar-connections:us-east-1:REDACTED:connection/REDACTED. The provided role does not have sufficient permissions.

I added full CodeStar access to the pipeline's service role (which I found in the pipeline settings) and looks like this:

arn:aws:iam::REDACTED:role/service-role/AWSCodePipelineServiceRole-us-east-1-REDACTED

Does anybody have any idea of what might be missing? Thanks!

Salvatore Iovene Salvatore Iovene · Accepted Answer · 2020-10-11T19:13:10

The solution was to add this bit to the policy of the service role:

{
        "Effect": "Allow",
        "Action": "codestar-connections:UseConnection",
        "Resource": "insert ARN of the CodeStar connection here"
}

AWS CodePipeline: source action has insufficient permissions for CodeStar connection

1 Answers