search

aws-samples / aws-cross-account-cicd-pipeline

Example of how to use CDK to create a CodePipeline CI/CD pipeline, and how to configure it to deploy resources on different AWS Accounts.
MIT No Attribution
111 stars 37 forks source link

Missing Trust Relationship definition in readme #13

Open austinloveless opened 2 years ago

austinloveless commented 2 years ago

In the readme the documentation is incomplete for the IAM roles that need to be created. I would replace:

  1. Create an IAM Role named CodePipelineCrossAccountRole
  2. Create an IAM Role named CloudFormationDeploymentRole

with:

  1. Create an IAM Role named CodePipelineCrossAccountRole with Trusted entities:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::{ROOT_ACCOUNT_ID}:root"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
  1. Create an IAM Role named CloudFormationDeploymentRole with Trusted entities:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "cloudformation.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}