I was trying to get my code onto AWS with CodeDeploy. To do this I had to create a role, which I am currently stuck on. I set up the policy like so:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
and saved the file as service-role.json. I then used the command:
aws iam create-role --role-name MyServiceRole --assume-role-policy-document file://service-role.json
which I got to run ... eventually. That returned some JSON:
{
"Role": {
"Path": "/",
"RoleName": "MyServiceRole",
"RoleId": "SOMESTRINGOFRANDOMALPHANUMERICS",
"Arn": "arn:aws:iam::1123445569:role/MyServiceRole",
"CreateDate": "2018-08-31T03:18:24Z",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
}
}
This all looked correct, so I tried to run:
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::1123445569:role/MyServiceRole
and ... I got the response
An error occurred (InvalidInput) when calling the AttachRolePolicy operation: ARN arn:aws:iam::1123445569:role/MyServiceRole is not valid.
I've combed the internet looking for a solution to this as it appears I've done exactly what this instructed me to but I'm still getting no results. Does anyone know what I'm doing wrong?
Instead of attaching assume role policy you have created (and was already attached to the MyServiceRole while creation), attach one of the AWS privileges roles that are described in the mentioned tutorial (step 3), so:
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
or
aws iam attach-role-policy --role-name MyServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda