i am using codedeploy to deploy my code to server. 3 days back it was working fine. but suddenly it fails to assume role although it was working fine previously.
error : {
"Code" : "AssumeRoleUnauthorizedAccess",
"Message" : "EC2 cannot assume the role Ec2Codedeploy"}
"LastUpdated" : "2017-07-10T06:49:59Z"
my trust relationship is :
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "codedeploy.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
there is contradiction between documentation also.
no. 1 says service should be "codedeploy.amazonaws.com"
no.2 says service should be "ec2.amazonaws.com"
issue persists after reboot also.
kindly help me in this issue.
It appears that you have a role designed for use by AWS CodeDeploy, but you have assigned it to an Amazon EC2 instance. This is indicated by the error message: EC2 cannot assume the role Ec2Codedeploy
From Create a Service Role for AWS CodeDeploy:
The service role you create for AWS CodeDeploy must be granted the permissions to access the instances to which you will deploy applications. These permissions enable AWS CodeDeploy to read the tags applied to the instances or the Auto Scaling group names associated with the instances.
The permissions you add to the service role specify the operations AWS CodeDeploy can perform when it accesses your Amazon EC2 instances and Auto Scaling groups. To add these permissions, attach an AWS-supplied policy,
AWSCodeDeployRole, to the service role.
This is separate to the Role that you would assign to your Amazon EC2 instances, which generates credentials that can be used by applications on the instances.
These should be two separate roles with different assigned permissions.