Bitbucket Integration with AWS CodeDeploy Roles Trust Relationship Error

Question

Bitbucket Integration with AWS CodeDeploy Roles Trust Relationship Error

I am trying to deploy sampleApplication code via AWS CodeDeploy for Bitbucket

I used this tutorial , I followed all the steps. Trust for a role is like this

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::accountId:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "connectionId" } } } ] }

and while I create the deployment group, I got the error "cannot take the role" when I select the ARN * service role role above.

 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "ec2.amazonaws.com", "codedeploy.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }

But when I add over trust relationships, I can create a deployment group, but then the integration on the bitpack does not work and throws an error to add sufficient resolution.

+7

bitbucket-pipelines aws-code-deploy

Parth mahida Aug 05 '17 at 4:49

source share

1 answer

Milk · Answer 1 · 2017-08-15T02:24:06+0000

None of your published roles have allowed CodeCommit or S3.

According to the manual you linked, you must provide access to CodeCommit and S3. Most likely, these permissions are missing:

 { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["s3:ListAllMyBuckets", "s3:PutObject"], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": ["codedeploy:*"], "Resource": "*" }] }

Bitbucket Integration with AWS CodeDeploy Roles Trust Relationship Error

More articles: