I have a 3 stage CodePipeline on AWS.

1. Source: Checks out upon commit a specific branch of CodeCommit (success)
2. Build: Runs some tests on a docker image via CodeBuild (success)
3. Deploy: Performs a deployment on a deployment group (a.k.a. some specifically tagged EC2 instances) via CodeDeploy (failure).

Step 3 fails with

Unable to access the artifact with Amazon S3 object key
‘someitem-/BuildArtif/5zyjxoZ’ located in the Amazon S3
artifact bucket ‘codepipeline-eu-west-1-somerandomnumber’. The provided
role does not have sufficient permissions.

Which role is the later referring to?

The service role of CodePipeline or the service role of CodeDeploy?

I am almost certain I have attached the appropriate policies to both though …

Here is a snippet of my CodePipeline service role

try to give “CodeDeploy” policy with full access, it should work.