AWS Security ChangesHomeSearch

AWS codepipeline documentation change

Service: codepipeline · 2026-05-01 · Documentation low

File: codepipeline/latest/userguide/troubleshooting.md

Summary

Added documentation for a troubleshooting issue where pipelines with multiple source actions referencing different branches of the same repository only trigger for one branch, explaining the limitation and providing a workaround.

Security assessment

This change documents a functional limitation of AWS CodePipeline's webhook subscription mechanism when multiple source actions reference the same repository. It explains that webhooks are registered per repository-pipeline combination, not per branch, which can cause unexpected behavior. There is no mention of security vulnerabilities, exploits, or security fixes. The change is purely about functional troubleshooting and workarounds.

Diff

diff --git a/codepipeline/latest/userguide/troubleshooting.md b/codepipeline/latest/userguide/troubleshooting.md
index 942e6ca68..187610717 100644
--- a//codepipeline/latest/userguide/troubleshooting.md
+++ b//codepipeline/latest/userguide/troubleshooting.md
@@ -7 +7 @@
-Pipeline error: A pipeline configured with AWS Elastic Beanstalk returns an error message: "Deployment failed. The provided role does not have sufficient permissions: Service:AmazonElasticLoadBalancing"Deployment error: A pipeline configured with an AWS Elastic Beanstalk deploy action hangs instead of failing if the "DescribeEvents" permission is missingPipeline error: A source action returns the insufficient permissions message: "Could not access the CodeCommit repository repository-name. Make sure that the pipeline IAM role has sufficient permissions to access the repository."Pipeline error: A Jenkins build or test action runs for a long time and then fails due to lack of credentials or permissionsPipeline error: A pipeline created in one AWS Region using a bucket created in another AWS Region returns an "InternalError" with the code "JobFailed"Deployment error: A ZIP file that contains a WAR file is deployed successfully to AWS Elastic Beanstalk, but the application URL reports a 404 not found errorPipeline artifact folder names appear to be truncatedAdd CodeBuild GitClone permissions for connections to Bitbucket, GitHub, GitHub Enterprise Server, or GitLab.comAdd CodeBuild GitClone permissions for CodeCommit source actionsPipeline error: A deployment with the CodeDeployToECS action returns an error message: "Exception while trying to read the task definition artifact file from: <source artifact name>"GitHub (via OAuth app) source action: Repository list shows different repositoriesGitHub (via GitHub App) source action: Unable to complete the connection for a repositoryAmazon S3 error: CodePipeline service role <ARN> is getting S3 access denied for the S3 bucket <BucketName>Pipelines with an Amazon S3, Amazon ECR, or CodeCommit source no longer start automaticallyConnections error when connecting to GitHub: "A problem occurred, make sure cookies are enabled in your browser" or "An organization owner must install the GitHub app"Pipelines with execution mode changed to QUEUED or PARALLEL mode fails when run limit reachedPipelines in PARALLEL mode have an outdated pipeline definition if edited when changing to QUEUED or SUPERSEDED modePipelines changed from PARALLEL mode will display a previous execution modePipelines with connections that use trigger filtering by file paths might not start at branch creationPipelines with connections that use trigger filtering by file paths might not start when file limit is reachedCodeCommit or S3 source revisions in PARALLEL mode might not match EventBridge eventEC2 Deploy action fails with an error message No such fileEKS Deploy action fails with a cluster unreachable error messageNeed help with a different issue?
+Pipeline error: A pipeline configured with AWS Elastic Beanstalk returns an error message: "Deployment failed. The provided role does not have sufficient permissions: Service:AmazonElasticLoadBalancing"Deployment error: A pipeline configured with an AWS Elastic Beanstalk deploy action hangs instead of failing if the "DescribeEvents" permission is missingPipeline error: A source action returns the insufficient permissions message: "Could not access the CodeCommit repository repository-name. Make sure that the pipeline IAM role has sufficient permissions to access the repository."Pipeline error: A Jenkins build or test action runs for a long time and then fails due to lack of credentials or permissionsPipeline error: A pipeline created in one AWS Region using a bucket created in another AWS Region returns an "InternalError" with the code "JobFailed"Deployment error: A ZIP file that contains a WAR file is deployed successfully to AWS Elastic Beanstalk, but the application URL reports a 404 not found errorPipeline artifact folder names appear to be truncatedAdd CodeBuild GitClone permissions for connections to Bitbucket, GitHub, GitHub Enterprise Server, or GitLab.comAdd CodeBuild GitClone permissions for CodeCommit source actionsPipeline error: A deployment with the CodeDeployToECS action returns an error message: "Exception while trying to read the task definition artifact file from: <source artifact name>"GitHub (via OAuth app) source action: Repository list shows different repositoriesGitHub (via GitHub App) source action: Unable to complete the connection for a repositoryAmazon S3 error: CodePipeline service role <ARN> is getting S3 access denied for the S3 bucket <BucketName>Pipelines with an Amazon S3, Amazon ECR, or CodeCommit source no longer start automaticallyConnections error when connecting to GitHub: "A problem occurred, make sure cookies are enabled in your browser" or "An organization owner must install the GitHub app"Pipelines with execution mode changed to QUEUED or PARALLEL mode fails when run limit reachedPipelines in PARALLEL mode have an outdated pipeline definition if edited when changing to QUEUED or SUPERSEDED modePipelines changed from PARALLEL mode will display a previous execution modePipelines with connections that use trigger filtering by file paths might not start at branch creationPipelines with connections that use trigger filtering by file paths might not start when file limit is reachedCodeCommit or S3 source revisions in PARALLEL mode might not match EventBridge eventEC2 Deploy action fails with an error message No such fileEKS Deploy action fails with a cluster unreachable error messagePipeline does not trigger for all branches when multiple source actions reference the same repositoryNeed help with a different issue?
@@ -60,0 +61,2 @@ The following information might help you troubleshoot common issues in AWS CodeP
+  * Pipeline does not trigger for all branches when multiple source actions reference the same repository
+
@@ -521,0 +524,6 @@ An error similar to the following error messages displays in the logs for a depl
+## Pipeline does not trigger for all branches when multiple source actions reference the same repository
+
+**Problem:** A pipeline has multiple source actions that use connections (such as a Bitbucket, GitHub, or GitLab connection), with each source action pointing to a different branch of the same repository. Only one of the branches triggers the pipeline when you push changes. The connection's webhook subscription is registered for the combination of pipeline and repository, not per branch. As a result, multiple source actions targeting different branches of the same repository within a single pipeline are not supported.
+
+**Possible fixes:** Use a separate pipeline for each branch that you want to trigger independently.
+