I'm setting up a CodePipeline, and I created an action to fetch the source from GitHub.
This requires to set up a connection, which I did, and things look fine also on GitHub's side.
However, if I release a change to the pipeline, I see the following error at the source stage:
Insufficient permissions
Unable to use Connection: arn:aws:codestar-connections:us-east-1:REDACTED:connection/REDACTED. The provided role does not have sufficient permissions.
I added full CodeStar access to the pipeline's service role (which I found in the pipeline settings) and looks like this:
arn:aws:iam::REDACTED:role/service-role/AWSCodePipelineServiceRole-us-east-1-REDACTED
Does anybody have any idea of what might be missing? Thanks!
The solution was to add this bit to the policy of the service role:
{
"Effect": "Allow",
"Action": "codestar-connections:UseConnection",
"Resource": "insert ARN of the CodeStar connection here"
}