Recently I came across an error where AWS Code Deploy pipeline threw an error message saying that “AWS CodeDeploy does not have the permissions required to assume the role“. The IAM role has all the required permissions to access the other services. But Code Deploy was not able to use the role.

Here we have a role that has the permissions required for the AWS CodeDeploy to perform the deployment.

What is missing here ?

We should have a trust policy defined in the role that allows AWS CodeDeploy to assume the role. The steps to define the trust policy are listed below.

  1. Goto IAM console and select the role from the roles section
  2. Click Trust relationships
  3. Click Edit trust Relationships
  4. Add the following trust policy to allow AWS Code Deploy service to assume this role.
{
   "Version": "2012-10-17",
   "Statement": [
     {
       "Sid": "",
       "Effect": "Allow",
       "Principal": {
         "Service": [
           "codedeploy.amazonaws.com"
         ]
       },
       "Action": "sts:AssumeRole"
     }
   ]
 }