I am setting up github action to a aws lambda and getting following error
Error: Failed to create changeset for the stack: github-actions, An error occurred (AccessDenied) when calling the CreateChangeSet operation: User: arn:aws:sts:::assumed-role/aws-sam-cli-managed-dev-pipe-PipelineExecutionRole-175Y8M3HIID7J/feature-deployment is not authorized to perform: iam:PassRole on resource: arn:aws:iam:::role/aws-sam-cli-managed-dev-pipe-PipelineExecutionRole-175Y8M3HIID7J because no identity-based policy allows the iam:PassRole action
So I went to this particular role, in IAM->Roles and updated the permissions as below
{
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::xxxx:role/aws-sam-cli-managed-dev-p-CloudFormationExecutionRxxx",
"arn:aws:iam::YYYY:role/aws-sam-cli-managed-dev-pipe-PipelineExecutionRole-175Y8M3HIID7J/feature-deployment"
],
"Effect": "Allow"
}
Then tried to add "arn:aws:iam::YYYY:role/aws-sam-cli-managed-dev-pipe-PipelineExecutionRole-175Y8M3HIID7J/feature-deployment" to the trust relationship of this role but it give following error
Failed to update trust policy. Invalid principal in policy: "AWS":"arn:aws:iam::YYYY:role/aws-sam-cli-managed-dev-pipe-PipelineExecutionRole-175Y8M3HIID7J/feature-deployment"
But this still gives the same error. Is there something I missing here