While configuring this in a single account and multi account environment, I noticed that the Compliance-Engine-Pipeline pipeline is successful even though Compliance-Rule-Template-Deploy process is not successful if it can't assume a role.
> [Container] 2020/02/01 16:16:53 Running command python ./deploy_rule_templates.py $AWS_DEFAULT_REGION $OUTPUT_BUCKET_NO_REGION $ENGINE_RULE_NAME $OTHER_ACTIVE_REGIONS
> Failed to assume role into remote account. An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::XXXXXXXXXXXX:assumed-role/ComplianceEngine-CodeBuildRole/AWSCodeBuild-713a7773-7e20-4212-bfa4-0206631304cb is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::XXXXXXXXXXXX:role/service-role/AWSConfigAndComplianceAuditRole-DO-NOT-DELETE
>
> [Container] 2020/02/01 16:16:55 Phase complete: POST_BUILD State: SUCCEEDED
Not sure if this is specific to my situation, ideally it should fail the build
Hi,
While configuring this in a single account and multi account environment, I noticed that the Compliance-Engine-Pipeline pipeline is successful even though Compliance-Rule-Template-Deploy process is not successful if it can't assume a role.
Not sure if this is specific to my situation, ideally it should fail the build