CodeBuild 使用 ACL 将构建工件上传到 S3 [英] CodeBuild upload build artifact to S3 with ACL

问题描述

我有 2 个 AWS 账户.假设 A 和 B.

I have 2 AWS accounts. Lets say A and B.

账户 A 使用 CodeBuild 构建工件并将其上传到 B 拥有的 S3 存储桶.B 账户已为存储桶设置了 ACL 权限，以便向 A 授予写入权限.

Account A uses CodeBuild to build and upload artifacts to an S3 bucket owned by B. B account has set a ACL permission for the bucket in order to give Write permissions to A.

工件文件已成功上传到 S3 存储桶.但是，B 帐户对该文件没有任何权限，因为该文件归 A 所有.

The artifact file is successfully uploaded to the S3 bucket. However, B account doesnt have any permission over the file, since the file is owned by A.

账户 A 可以通过运行

Account A can change the ownership by running

aws s3api put-object-acl --bucket bucket-name --key key-name --acl bucket-owner-full-control

但这必须在每次从 A 帐户构建后手动运行.如何通过 CodeBuild 程序向账户 B 授予权限?或者帐户 B 如何覆盖此所有权权限错误.

But this has to be manually run after every build from A account. How can I grant permissions to account B through CodeBuild procedure? Or how can account B override this ownership permission error.

CodeBuild 使用网络钩子自动启动，我的构建规范是这样的:

The CodeBuild starts automatically with web-hooks and my buildspec is this:

 version: 0.2
 env:
 phases:
  install:
    runtime-versions:
      java: openjdk8
    commands:
      - echo Entered the install phase...
  build:
    commands:
      - echo Entered the build phase...
  post_build:
    commands:
      - echo Entered the post_build phase...
artifacts:
  files:
    - 'myFile.txt'

推荐答案

我在构建阶段使用了 aws cli 命令.

I did it using aws cli commands from the build phase.

version: 0.2
phases:
  build:
    commands:
      - mvn install...
      - aws s3 cp my-file s3://bucketName --acl bucket-owner-full-control

我正在使用构建阶段，因为即使构建不成功也会执行 post_build.

I am using the build phase, since post_build will be executed even if the build was not successful.

使用示例更新答案.

这篇关于CodeBuild 使用 ACL 将构建工件上传到 S3的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！