-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CodePipeline: CloudFormation ExecuteChangeSet Action doesn't have correct permissions #3160
Closed
1 of 5 tasks
joshrp opened this issue
Jul 2, 2019
· 2 comments
· Fixed by #3178 or MechanicalRock/tech-radar#14 · May be fixed by MechanicalRock/cdk-constructs#5, MechanicalRock/cdk-constructs#6 or MechanicalRock/cdk-constructs#7
Closed
1 of 5 tasks
CodePipeline: CloudFormation ExecuteChangeSet Action doesn't have correct permissions #3160
joshrp opened this issue
Jul 2, 2019
· 2 comments
· Fixed by #3178 or MechanicalRock/tech-radar#14 · May be fixed by MechanicalRock/cdk-constructs#5, MechanicalRock/cdk-constructs#6 or MechanicalRock/cdk-constructs#7
Labels
Comments
Thanks for reporting this @joshrp . Let me try to reproduce on my end. |
Confirmed I was able to reproduce this. Working on a fix. |
skinny85
added a commit
to skinny85/aws-cdk
that referenced
this issue
Jul 2, 2019
…cuteChangeSetAction. Fixes aws#3160
skinny85
added a commit
to skinny85/aws-cdk
that referenced
this issue
Jul 2, 2019
…cuteChangeSetAction. Fixes aws#3160
skinny85
added
bug
This issue is a bug.
@aws-cdk/aws-codepipeline
Related to AWS CodePipeline
and removed
needs-triage
This issue or PR still needs to be triaged.
labels
Jul 3, 2019
This was referenced Aug 22, 2019
This was referenced Dec 12, 2019
This was referenced Jan 20, 2020
This was referenced Sep 24, 2024
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository's issues are intended for feature requests and bug reports.
I'm submitting a ...
What is the current behavior?
The default role for a
CloudFormationExecuteChangeSetAction
will only be created withcloudformation:ExecuteChangeSet
permission. This errors when ran in CodePipeline with a permissions error for thecloudformation:DescribeStacks
permission.See: https://github.com/awslabs/aws-cdk/blob/master/packages/@aws-cdk/aws-codepipeline-actions/lib/cloudformation/pipeline-actions.ts#L121
What is the expected behavior (or behavior of feature suggested)?
The ExecuteChangeSet Action Default Role needs
cloudformation:DescribeStacks
andcloudformation:DescribeChangeSet
on the{stack}/*
resource to be able to deploy.Please tell us about your environment:
Other information
This could be related to the recent change in: feat(codepipeline): generate a Role for every AWS-owned Action used in a Pipeline #3105 since the permission may have been available on the general role.
The text was updated successfully, but these errors were encountered: