I have a cloudformation stack which exports this role with some policies attached:
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
RoleName: codebuild-role
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service:
- codebuild.amazonaws.com
- codepipeline.amazonaws.com
Version: '2012-10-17'
Path: /
Policies:
- etc....
The exported role name is cb-remove-role-id
which I am then trying to import in another stack to be used by another codebuild project in a code pipeline
BuildProjectUK:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${ResourceContext}-build-uk
Description: UK build and deploy
ServiceRole: !ImportValue cb-remove-role-id
BadgeEnabled: false
Artifacts:
Type: CODEPIPELINE
Environment:
etc...
When trying to update the latter stack's template, I get this error:
Failed to call UpdateProject, reason: CodeBuild is not authorized to perform: sts:AssumeRole on arn:aws:iam::xxxxxxxxx:role/xxxxxxxxx (Service: AWSCodeBuild; Status Code: 400; Error Code: InvalidInputException; Request ID: xxxxxxxxxxxxxxxx; Proxy: null)
Any ideas why this may be or how I can resolve this?
Thanks
Exporting the role using the Arn instead of RoleId resolved the issue Thanks @Marcin
Failing output:
Passing output: