Using CodePipeline - deploy a CloudFormation stack to another account
I am configuring a CodePipeline in Account 00000000000.
I would like to deploy a CloudFormation stack
- by executing a CloudFromation template via the CodePipeline
- but in account 123456789123 and not in 00000000000
Question
How do I configure the CodePipeline action of type "Deploy" to do so?
Especially how do I point it to account 123456789123?
What I did so far
I assume it works via IAM roles 123456789123.
I created an IAM role in account 123456789123,
with trust to the account 00000000000,
with trust to the service cloudformation.
I named it arn:aws:iam::123456789123:role/CFDep
Below is the configuration of my CodePipeline-Action.
I am getting an error The role name is invalid. Check that the specified role exists and can be assumed by AWS CloudFormation. Why?
From the docs:
You cannot use the AWS CodePipeline console to create or edit a pipeline that uses resources associated with another AWS account. However, you can use the console to create the general structure of the pipeline, and then use the AWS CLI to edit the pipeline and add those resources. Alternatively, you can use the structure of an existing pipeline and manually add the resources to it.
You can do one of the following 2 things:
Use aws codepipeline cli to edit the pipeline
aws codepipeline update-pipeline --cli-input-json file://pipeline.jsonOR
Create the pipeline itself using cloudformation
You can use this pipeline definition from aws reference architecture for cross account pipeline as a starting point for your template.
- Setup Network Interfaces in cloudformation for EC2 LaunchTemplate
- Lambdas on AWS with CloudFormation error:"A version for this Lambda function exists. Modify the function to create a new version."
- Error launching CloudFormation Template for CloudHSM
- Glacier as Resource in CloudFormation template?
- AWS Lambda Function Trigger API Gateway Issue
- AWS Cloudformation !Ref SecurityGroup returns an invalid ID
- Unable to delete cfn stack, role is invalid or cannot be assumed
- AWS ASG Error State transition reason Server.InternalError
- AWS Application Load Balancer cannot be updated, must be re-created
- Use macro inside CloudFormation Conditions
- In AWS cloudformation, what is the difference between a custom resource and a resource provider?
- AWS Cloudformation to create EventBridge Scheduler to trigger Instance Refresh
- Deleting Resources in a Multi-Stack Environment where Outputs are passed
- AWS Batch: Activating Previous Revisions marked as inactive
- Defining a serverless Aurora database in cloudformation
- (ValidationError) when calling the CreateStack operation: Template format error: Every Description member must be a string
- Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state
- Creating an Aurora Serverless Cluster from cloudformation?
- Cloudformation template to SAM or serverless?
- Invalid template interpolation value
- AWS Cloudformation Stack API Gateway having Cors error when taking request from React App Locally
- Cloudformation exports cannot be deleted
- AWS: How to delete S3 buckets when deleting CodePipeline
- Userdata not working in Custom AMI (built on Windows 2019 Base AMI)?
- Is it possible to trigger a lambda on creation from CloudFormation template
- RDS database instance property - MasterUserPassword
- How to add a AWS public extension to a AWS Lambda cloud formation template?
- AWS Secret Manager secret deleted without mandatory retention period
- CloudFormation: a way to define an ACTIVATED scheduled Glue job trigger
- DB table deleted but not able to create a new one since it still has the old identifier