36

I have already authenticated the GitHub account.

My AWS CodePipeline is failing with this error:

CLIENT_ERROR: authorization failed for primary source and source version

enter image description here

Improve this question
3
  • There seem to something wrong with the setup of your source action. But there are no details how it was setup, so its difficult to speculate. Commented Oct 11, 2020 at 4:19
  • Please mention if you're Github connector or webhook integration ? Commented Oct 11, 2020 at 5:11
  • I have same issues. I connected with github using github2 provider. What is problem? Commented Oct 30, 2020 at 7:41

4 Answers 4

Reset to default
34

CodeBuild role needs permission to access and use CodePipeline connection:

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

That link is for CodeStar; I don't see anything in the question about codestar.
@jaustin AWS CodeStar was the original name for the CI/CD/developmer tools platform. The name has since been deprecated but the IAM policy names remain. It's now called AWS CodeConnections. docs.aws.amazon.com/dtconsole/latest/userguide/…
11

Disconnecting and re-authenticating to GutHub in CodeBuild of the job fixed this error for me.

Make sure that you still have access to the access token used to connect to GitHub before disconnecting from it!

Access tokens can be set up/found here on your GitHub profile.

  1. Select Source

    Select Source

  2. Edit Source (disconnect and reconnect)

    Edit Source

3.Enter access token and Save.

Improve this answer

Comments

3

I know it is too late to answer but just log my case.

In the CodePipeline, it is using a CodeBuild Project.
CodeBuild Project has different IAM Role with the CodePipeline itself.

And the CodeBuild Project gets the source from S3 bucket which was pulled by CodePipeline in the previous stage.
(It depends on your settings)

So the CodeBuild Role need both of the CodeStar and S3 permission.
(If the source is coming from GitHub)

To know clear root cause, you can refer to the CloudTrail > Event History. It shows which event and sources occurred issues.

In my case, 'AWSCodeStarFullAccess' didn't solve the issues, because that managed policy doesn't have 'codestar-connections:*' permission.

I added to more policies for the CodeBuild Role and it worked.

  1. Search the CodeBuild source directory in the S3 and allow it.
  2. Add policy to allow 'codestar-connections:*'

Might you can configure them better.

Improve this answer

Comments

0

I had the same problem, and it was solved by adding CodeCommit permissions to the CodeBuild roles.

Improve this answer

1 Comment

This does not really answer the question. If you have a different question, you can ask it by clicking Ask Question. To get notified when this question gets new answers, you can follow this question. Once you have enough reputation, you can also add a bounty to draw more attention to this question. - From Review

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.