代码管道:权限不足无法使用Amazon S3对象密钥访问工件 [英] Codepipeline: Insufficient permissions Unable to access the artifact with Amazon S3 object key
问题描述
您好,我使用以下配置创建了代码管道项目:
Hello I created a codepipeline project with the following configuration:
- 从Bitbucket中提取的S3中的源代码.
- 使用CodeBuild进行构建,生成docker映像并将其存储到Amazon ECS存储库中.
- 部署提供商Amazon ECS.
所有过程都可以正常进行,直到尝试进行部署为止,由于某种原因,我在部署过程中遇到以下错误:
All the process works ok until when it tries to deploy, for some reason I am getting the following error during deployment:
权限不足,无法使用Amazon S3访问工件 位于以下位置的对象键"FailedScanSubscriber/MyAppBuild/Wmu5kFy" Amazon S3工件存储桶'codepipeline-us-west-2-913731893217'.这 提供的角色没有足够的权限.
Insufficient permissions Unable to access the artifact with Amazon S3 object key 'FailedScanSubscriber/MyAppBuild/Wmu5kFy' located in the Amazon S3 artifact bucket 'codepipeline-us-west-2-913731893217'. The provided role does not have sufficient permissions.
在构建阶段,它甚至能够在ECS存储库中创建新的docker映像.
During the building phase, it is even able to create a new docker image in the ECS repository.
我尝试了一切,更改了IAM角色和策略,添加了对S3的完全访问权限,甚至将S3存储桶设置为公共,但没有任何效果.我没有选择,如果有人可以帮助我,那太好了,我在AWS方面的经验很差,因此可以提供任何帮助.
I tried everything, changed IAM roles and policies, add full access to S3, I have even setted the S3 bucket as public, nothing worked. I am without options, if someone could help me that would be wonderful, I have poor experience with AWS, so any help is appreciated.
推荐答案
我能够找到解决方案.真正的问题是,当将部署提供程序设置为Amazon ECS时,我们需要生成一个输出工件,以指示任务定义的名称和图像uri,例如:
I was able to find a solution. The true issue is that when the deployment provider is set as Amazon ECS, we need to generate an output artifact indicating the name of the task definition and the image uri, for example:
post_build:
commands:
- printf '[{"name":"your.task.definition.name","imageUri":"%s"}]' $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG > imagedefinitions.json
artifacts:
files: imagedefinitions.json
这篇关于代码管道:权限不足无法使用Amazon S3对象密钥访问工件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
