CodeDeploy permissions work with IAM at the individual application level. In order to provide sufficient permissions, we will create a new IAM service role with the following policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": [ "codedeploy.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
We will create our new role that will be called CodeDeployServiceRole using the command-line interface, using the following command:
$ aws iam create-role
--role-name CodeDeployServiceRole
--assume-role-policy-document http://bit.ly/2uCWY9V
We now need to attach the role policy to provide the proper permissions to the service role:
$ aws iam attach-role-policy --role-name CodeDeployServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
Our IAM service role is now ready and we can finally start interacting with CodeDeploy web interface.