The provided role does not have sufficient permissions. (Service: AmazonAppConfig)

Question

I created the following:

• AppConfig, which have configurationProfile (the source is CodePipeline)
• CodeCommit
• CodeBuild
• Code pipeline.

I configured code pipeline to deploy into AppConfig when a change happen to test.json file that exist in CodeCommit.

However, each deployment attmpt fail with the following error:

BadRequestException caught while trying to start deployment for application j3wn7j2, environment 2df8rwe, configuration profile abcata7, with version ee00d908-0235-4a7a-aba1-70cd2e0fda90. Message: Unable to access the artifact with Amazon S3 object key 'qwrqwrqwr/BuildArtif/TVsQbS0' located in the Amazon S3 artifact bucket 'codepipeline-eu-west-1-634809616452'. The provided role does not have sufficient permissions. (Service: AmazonAppConfig; Status Code: 400; Error Code: BadRequestException; Request ID: 18947231-10d8-4914-93d3-badcf442aca8; Proxy: null)

What I tried to do:

• Checked the IAM role for CodePipeline and for sure it had S3 permissions
• Tried to give AppConfig permission to read from an S3 bucket but couldn't find anywhere to attach an Iam role to an AmazonAppConfig resource.
• added the following policy to the S3 (codepipeline-eu-west-1-634809616452):

{ "Version": "2012-10-17", "Id": "SSEAndSSLPolicy", "Statement": [ { "Sid": "admin", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::044559349107:root" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::codepipeline-eu-west-1-634809616452/*" } ] }

Am I missing something???

Answer 1

Found the solution, which has nothing to do with permissions! I just added artifacts step in CodeBuild:

version: 0.2
artifacts:
  files:
    - '**/*'

And it's fixed.