CodePipeline を作るのに必要な IAM 権限

これがミニマムではないと思うが。

    "Statement": [
        {
            "Sid": "sid0",
            "Effect": "Allow",
            "Action": [
                "codepipeline:*",
                "iam:CreatePolicy",
                "iam:CreateServiceLinkedRole",
                "iam:CreateRole"
            ],
            "Resource": "*"
        },
        {
            "Sid": "sid1",
            "Effect": "Allow",
            "Action": [
                "iam:TagRole",
                "iam:GetRole",
                "iam:PassRole",
                "iam:AttachRolePolicy",
                "iam:PutRolePolicy"
            ],
            "Resource": [
                "arn:aws:iam::NNNNNNNNNN:role/service-role/AWSCodePipelineServiceRole-xxxxxxxxxxxxxx",
            ]
        },