diff --git a/packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts b/packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts
index 0fe05412d297a..d92adc8225782 100644
--- a/packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts
+++ b/packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts
@@ -291,6 +291,14 @@ export interface S3SourceOptions {
    * @default - The bucket name
    */
   readonly actionName?: string;
+
+  /**
+   * The role that will be assumed by the pipeline prior to executing
+   * the `S3Source` action.
+   *
+   * @default - a new role will be generated
+   */
+  readonly role?: iam.IRole;
 }
 
 class S3Source extends CodePipelineSource {
@@ -309,6 +317,7 @@ class S3Source extends CodePipelineSource {
       bucketKey: this.objectKey,
       trigger: this.props.trigger,
       bucket: this.bucket,
+      role: this.props.role,
       variablesNamespace,
     });
   }
diff --git a/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts b/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts
index 6b419bd417c3f..9295f104a25bf 100644
--- a/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts
+++ b/packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts
@@ -255,3 +255,36 @@ test('can use source attributes in pipeline', () => {
     ],
   });
 });
+
+test('pass role to s3 codepipeline source', () => {
+  const bucket = new s3.Bucket(pipelineStack, 'Bucket');
+  const role = new Role(pipelineStack, 'TestRole', {
+    assumedBy: new AnyPrincipal(),
+  });
+  new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', {
+    input: cdkp.CodePipelineSource.s3(bucket, 'thefile.zip', {
+      role,
+    }),
+  });
+
+  Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', {
+    Stages: Match.arrayWith([{
+      Name: 'Source',
+      Actions: [
+        Match.objectLike({
+          Configuration: Match.objectLike({
+            S3Bucket: { Ref: Match.anyValue() },
+            S3ObjectKey: 'thefile.zip',
+          }),
+          Name: { Ref: Match.anyValue() },
+          RoleArn: {
+            'Fn::GetAtt': [
+              Match.stringLikeRegexp('TestRole.*'),
+              'Arn',
+            ],
+          },
+        }),
+      ],
+    }]),
+  });
+});