So, I've been trying to write an IAM Role for CodeBuild and CodePipeline in AWS CDK.
I need it to be public so I can reference them in their own declaration.
I've also tried to generate a simple CloudFormation template out of my code and had no success in uploading it. Had the same error.
AssumeRolepolicy contained an invalid principal: "STAR":"*"
const codeBuildRoleName = `${parameters.environment}CodeBuildRole`;
const codeBuildRole = new Role(this, codeBuildRoleName, {
assumedBy: new AnyPrincipal(),
roleName: codeBuildRoleName,
});
const codeBuildRolePolicy = `${parameters.environment}CodeBuildRolePolicy`;
codeBuildRole.attachInlinePolicy(new Policy(this, codeBuildRolePolicy , {
statements: [
new PolicyStatement({
effect: Effect.ALLOW,
resources: ['*'],
actions: ['iam:PassRole']
}),
new PolicyStatement({
effect: Effect.ALLOW,
resources: ['*'],
actions: ['codebuild:*']
}),
new PolicyStatement({
effect: Effect.ALLOW,
resources: ['*'],
actions: [
'logs:FilterLogEvents',
'logs:GetLogEvents',
'logs:CreateLogStream',
'logs:CreateLogGroup',
'logs:PutLogEvents',
]
}),
new PolicyStatement({
effect: Effect.ALLOW,
resources: ['*'],
actions: [
'apigateway:PATCH',
'apigateway:GET',
'apigateway:POST',
'iam:*',
'cloudformation:*',
's3:*',
'cognito-idp:*',
]
})
]
}));
This is the code, and I've been getting this.
AssumeRolepolicy contained an invalid principal: "STAR":"*"
And I can't deploy anything.
