Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS codebuild fails cant download source when initiated from codepipeline

Tags:

amazon-web-services

aws-codepipeline

aws-codebuild

I have a an AWS codebuild job that works fine when I initate manually as a root user.

I have a codepipe line that should initiate the build job when codecommit merges into master. It fires the job and the build start but it fails when trying to download source.

Ive attached full S3/codebuild/codecommit policies to the pipeline, but it still throws access denied.

Which permissions am I missing?

like image 732
user618509 Avatar asked Jan 24 '18 18:01

user618509

People also ask

Does CodePipeline use CodeBuild?

CodePipeline integrates with multiple AWS and third-party services, including GitHub, AWS CodeCommit, CodeBuild, AWS CloudFormation, Amazon S3, and many others.

What is the difference between CodeDeploy and CodePipeline?

CodePipeline builds, tests, and deploys your code every time there is a code change, based on the release process models you define. AWS CodeDeploy belongs to "Deployment as a Service" category of the tech stack, while AWS CodePipeline can be primarily classified under "Continuous Deployment".

Is not authorized to perform CodePipeline?

I am not authorized to perform an action in CodePipeline If the AWS Management Console tells you that you're not authorized to perform an action, you must contact your administrator for assistance. Your administrator is the person who provided you with your user name and password.

1 Answers

This generally happens when you have a CodeBuild project already and you integrate it to the CodePipeline project. The Codebuild now does not download the sources from CodeCommit/Github repo. Instead, it will try to dowload the source artifact created in the codepipeline bucket in S3. So, you will need to provide permissions to the CodeBuild role to access the codepipline bucket in S3.

You can do this by modifying Codebuild role's attached policy (or attaching a new policy) that gives access to the following operations

s3:ListObjects
s3:GetObject
s3:ListBucket

for your Codepipeline bucket and its objects

"arn:aws:s3:::codepipeline-bucket",
"arn:aws:s3:::codepipeline-bucket/*"

Or you can just choose to add all operations for this bucket and its object. You can release the changes and it would work. Lmk if it does not.

like image 140
stelo Avatar answered Sep 24 '22 18:09

stelo
Sign in to Comment

Related questions

Should I be concerned with bit flips on Amazon S3?
How to use AWS iOS SDK to delete an object?
AWS CloudFront distributions under same domain as web server
How to read large file from Amazon S3?
IAM allowing a user to access everything for ec2 on a region
Default Instances are re-initiating continuously
Sending mail via aws ses with attachment in node.js
DB Security Groups can only be associated with VPC DB Instances using API versions
Deploy image to AWS Elastic Beanstalk from private Docker repo
Should you use AWS IAM roles and permission for application users?
Disable progress output aws s3 sync without disabling all output
Why does the AWS cli reject my IAM ARN for not matching the regex/pattern?
Cloudwatch log service combining logs
error when "sudo pip" on an AWS ec2 instance
No such file or directory error when configuring aws on cygwin
Cannot use AWS SDK in Spring Boot Application (Socket not created by this factory)
Can Windows Server 2016 EC2 mount EFS?
Can't get ixgbevf to build on current Ubuntu AMI
how to change existing kubernetes aws cluster with kops (change nodes type)
AWS Batch CLIENT_ERROR Invalid IamInstanceProfile

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!