Menu
I'm trying to build my testing project, but everytime It failed in pre_build. I check the error log and it says:
[Container] 2017/03/26 19:28:21 An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:sts::074181202020:assumed-role/codebuild-Testing-project-service-role/AWSCodeBuild is not authorized to perform: ecr:GetAuthorizationToken on resource: *
I have tried to attach the following policies:
- IAMSelfManageServiceSpecificCredentials
- IAMFullAccess
- AmazonS3ReadOnlyAccess
- CodeBuildPolicy-Testing-project-1490555003058
- IAMReadOnlyAccess
- AWSCodeBuildAdminAccess
- IAMUserSSHKeys
- AWSCodeCommitFullAccess
- IAMFullAccess
- AmazonS3FullAccess
- AdministratorAccess
- AWSElasticBeanstalkFullAccess
- AWSCodePipelineFullAccess
- WSCodeBuildAdminAccess
But it still giving me the same error
Any help would be appreciated! Thanks!
200
To fetch an authorization token from CodeArtifact, you must call the GetAuthorizationToken API. Using the AWS CLI, you can call GetAuthorizationToken with the login or get-authorization-token command. aws codeartifact login (npm, pip, and twine): This command makes it easy to configure common package managers to use CodeArtifact in a single step.
The AWS CodeBuild service role associated with the build project does not exist or does not have sufficient permissions to trust CodeBuild. Make sure AWS STS is activated for the AWS region where you are attempting to create or update the build project.
Actually the getAuthorizationToken error can't be solved inside ECR (As you won't even see ecr:getAuthorizationToken there). You need to go to the IAM panel => Roles => CodeBuild Role => Grant Policy => AmazonEC2ContainerRegistryReadOnly You need to add permissions to the ECR repository policy, not to the CodeBuild service role.
The AWS Security Token Service (AWS STS) has been deactivated for the AWS region where you are attempting to create or update the build project. The AWS CodeBuild service role associated with the build project does not exist or does not have sufficient permissions to trust CodeBuild.
Actually the getAuthorizationToken error can't be solved inside ECR (As you won't even see ecr:getAuthorizationToken there).
You need to go to the IAM panel => Roles => CodeBuild Role => Grant Policy => AmazonEC2ContainerRegistryReadOnly
That enables it to get a token
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
