Codepipeline:权限不足无法使用 Amazon S3 对象密钥访问工件 [英] Codepipeline: Insufficient permissions Unable to access the artifact with Amazon S3 object key
问题描述
您好,我创建了一个具有以下配置的代码管道项目:
Hello I created a codepipeline project with the following configuration:
- 从 Bitbucket 中提取的 S3 中的源代码.
- 使用 CodeBuild 进行构建,生成 docker 映像并将其存储到 Amazon ECS 存储库中.
- 部署提供商 Amazon ECS.
在尝试部署之前,所有过程都可以正常工作,但由于某种原因,我在部署过程中遇到以下错误:
All the process works ok until when it tries to deploy, for some reason I am getting the following error during deployment:
权限不足无法使用 Amazon S3 访问工件对象键FailedScanSubscriber/MyAppBuild/Wmu5kFy"位于Amazon S3 工件存储桶codepipeline-us-west-2-913731893217".这提供的角色没有足够的权限.
Insufficient permissions Unable to access the artifact with Amazon S3 object key 'FailedScanSubscriber/MyAppBuild/Wmu5kFy' located in the Amazon S3 artifact bucket 'codepipeline-us-west-2-913731893217'. The provided role does not have sufficient permissions.
在构建阶段,它甚至可以在 ECS 存储库中创建新的 docker 镜像.
During the building phase, it is even able to create a new docker image in the ECS repository.
我尝试了所有方法,更改了 IAM 角色和策略,添加了对 S3 的完全访问权限,我什至将 S3 存储桶设置为公开,但没有任何效果.我别无选择,如果有人可以帮助我那就太好了,我对 AWS 的经验很差,因此我们不胜感激.
I tried everything, changed IAM roles and policies, add full access to S3, I have even setted the S3 bucket as public, nothing worked. I am without options, if someone could help me that would be wonderful, I have poor experience with AWS, so any help is appreciated.
推荐答案
我找到了解决方案.真正的问题是,当部署提供商设置为 Amazon ECS 时,我们需要生成一个输出工件,指示任务定义的名称和图像 uri,例如:
I was able to find a solution. The true issue is that when the deployment provider is set as Amazon ECS, we need to generate an output artifact indicating the name of the task definition and the image uri, for example:
post_build:
commands:
- printf '[{"name":"your.task.definition.name","imageUri":"%s"}]' $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG > imagedefinitions.json
artifacts:
files: imagedefinitions.json
这篇关于Codepipeline:权限不足无法使用 Amazon S3 对象密钥访问工件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
