AWS Cloudformation Role is not authorized to perform AssumeRole on Role


I am trying to execute a cloudformation stack which contains the following resources:

  • Codebuild project
  • Codepipeline pipeline
  • Roles needed

While trying to execute the stack, it fails with the following error:

arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole is not authorized to perform AssumeRole on role arn:aws:iam::ACCOUNT_ID:role/CodePipelineRole (Service: AWSCodePipeline; Status Code: 400; Error Code: InvalidStructureException; Request ID: 7de2b1c6-a432-47e6-8208-2c0072ebaf4b)

I created the role using a managed policy, but I have already tried with a normal policy and it does not work neither.

This is the Role Policy:

This is the Role

What intrigues me the most is that it seems like CodePipelineRole is trying to AssumeRole to itself. I’m not understanding what can be happening here.

And when I set the policy’s action to *, it works! I don’t know what permissions could be missing.



It is to do with the trust relationship for the role you have created i.e. CodePipelineRole

  1. Go to the Role in IAM
  2. Select the Trust Relationships tab …
  3. Then Edit Trust Relationship to include codepipeline

Leave a Reply