IAM roles for CICD pipeline - AWS playground

fajria.khaled11 · December 25, 2023, 7:30am

I aimed to establish a CI/CD pipeline using AWS CodeCommit, AWS CodeDeploy, and AWS CodePipeline within the AWS playground. However, as I progressed through the AWS CodePipeline course, I became aware of the necessity to create IAM roles for the setup but IAM is not supported in the AWS playground.

al1 · December 26, 2023, 9:05pm

These services in AWS should be supported

AWS CodeCommit
CodeDeploy
CodePipeline

However, as you have seen you are not able to create IAM roles. You should be able to use the default kk_labs_user.

fajria.khaled11 · December 27, 2023, 12:35pm

Thanks for your reply
I’m trying to create a deployment group in CodeDeploy, but I need to create a service role.
if i create a service role by myself i get this error

User: arn:aws:iam::997919949869:user/kk_labs_user_936460 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::997919949869:role/codeDeployRole because no identity-based policy allows the iam:PassRole action

al1 · December 27, 2023, 3:12pm

Can you not use the kk_labs_user_936460 user?

fajria.khaled11 · December 27, 2023, 3:50pm

no i can only use that user
when initiating the playground, I’m limited to using a single user

fajria.khaled11 · January 8, 2024, 8:47am

@al1 Any updates, please? Thank you.

saikrishnayerramsett · January 8, 2024, 9:56am

Hi Fajria,

We will check option to provide IAM roles/Users creation in the Playground as well soon

tsubravelu · January 30, 2024, 11:56am

hi,

Similar issue. we facing in codepipeline stage

Course: AWS CodePipeline (CI/CD Pipeline)
Lab 2 : Create 2 Stage Pipeline
Issue in Task 9.
issue is in codepipeline step1. Not able to see role(CodePipelineServiceRole)
kindly fix.

chiran97 · September 29, 2024, 4:19pm

Hello,
I am facing similar issue
Case: While Creating Deployment Group
error: User: arn:aws:iam::381491832980:user/kk_labs_user_429035 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::381491832980:role/AWSCodeDeployRole because no identity-based policy allows the iam:PassRole action

rob_kodekloud · September 30, 2024, 8:43pm

This lab does appear to be busted. You can find the role in question by navigating to Roles and searching for it. But if you choose it, you’re not allowed to select it. Reopening this issue and hoping engineering fixes it this time.

chiran97 · October 1, 2024, 2:26am

It also does not work when someone is trying to exercise CodePipeline using AWS playground . Without this one can’t complete the codepipeline, so whats the point of codepipeline then, it maybe be due the region

rob_kodekloud · October 1, 2024, 3:10am

That much does not surprise me; the labs and the playgrounds share the same access configuration, and if something is not allowed in one, it won’t be allowed in the other either.