I have already authenticated the GitHub account.

My AWS CodePipeline is failing with this error:

CLIENT_ERROR: authorization failed for primary source and source version

CodeBuild role needs permission to access and use CodePipeline connection:

• https://docs.aws.amazon.com/codepipeline/latest/userguide/troubleshooting.html#codebuild-role-connections

Disconnecting and re-authenticating to GutHub in CodeBuild of the job fixed this error for me.

Make sure that you still have access to the access token used to connect to GitHub before disconnecting from it!

Access tokens can be set up/found here on your GitHub profile.

1. Select Source

2. Edit Source (disconnect and reconnect)

3.Enter access token and Save.

I know it is too late to answer but just log my case.

In the CodePipeline, it is using a CodeBuild Project.
CodeBuild Project has different IAM Role with the CodePipeline itself.

And the CodeBuild Project gets the source from S3 bucket which was pulled by CodePipeline in the previous stage.
(It depends on your settings)

So the CodeBuild Role need both of the CodeStar and S3 permission.
(If the source is coming from GitHub)

To know clear root cause, you can refer to the CloudTrail > Event History. It shows which event and sources occurred issues.

In my case, 'AWSCodeStarFullAccess' didn't solve the issues, because that managed policy doesn't have 'codestar-connections:*' permission.

I added to more policies for the CodeBuild Role and it worked.

1. Search the CodeBuild source directory in the S3 and allow it.
2. Add policy to allow 'codestar-connections:*'

Might you can configure them better.

I had the same problem, and it was solved by adding CodeCommit permissions to the CodeBuild roles.