Hey everyone,
I’m working on setting up an automated CI/CD pipeline using AWS CodeBuild and CodeDeploy, but I’ve hit a permission snag I can’t seem to get past.
The Issue:
Whenever I try assigning a specific IAM role to either CodeDeploy or CodeBuild, I get this error:
"User is not authorized to perform: iam:PassRole on resource..."
It seems like my user isn’t allowed to pass the IAM role to these services — even though I thought admin access would be enough.
What I’ve Done So Far:
- Confirmed that the roles have the right trust relationship and permissions
- Tried using both AWS Console and CLI
- Verified my user permissions (though maybe I’m missing something subtle)
- Role path looks like:
{path:}/uploads/my_directory/
Still, no luck.
Side Note – Working on a Tool Too:
As a side project (and testing CI/CD deployment), I’m also working on an Instagram video download tool using indown.io. It’s a simple frontend that allows users to download Instagram videos, Reels, and Stories in high quality — no login, no watermark.
The goal is to streamline the backend deployment of this using CodeBuild and CodeDeploy — but these IAM role issues are blocking my automation flow.
What I’m Looking For:
- How can I properly assign IAM roles so CodeDeploy/CodeBuild can assume them?
- Do I need to explicitly add
iam:PassRoleto the user’s policy? - Any best practices for IAM role setup when automating deployment pipelines for small tools like indown.io?
If anyone’s got suggestions or has solved something similar, I’d love to hear your thoughts.
Thanks in advance! 