Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS CodeBuild GetAuthorizationToken failed

Tags:

amazon-web-services

amazon-ec2

aws-codepipeline

aws-codebuild

I'm trying to build my testing project, but everytime It failed in pre_build. I check the error log and it says:

[Container] 2017/03/26 19:28:21 An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:sts::074181202020:assumed-role/codebuild-Testing-project-service-role/AWSCodeBuild is not authorized to perform: ecr:GetAuthorizationToken on resource: *

I have tried to attach the following policies:

  • IAMSelfManageServiceSpecificCredentials
  • IAMFullAccess
  • AmazonS3ReadOnlyAccess
  • CodeBuildPolicy-Testing-project-1490555003058
  • IAMReadOnlyAccess
  • AWSCodeBuildAdminAccess
  • IAMUserSSHKeys
  • AWSCodeCommitFullAccess
  • IAMFullAccess
  • AmazonS3FullAccess
  • AdministratorAccess
  • AWSElasticBeanstalkFullAccess
  • AWSCodePipelineFullAccess
  • WSCodeBuildAdminAccess

But it still giving me the same error

Any help would be appreciated! Thanks!

like image 200
Nucleus Avatar asked Mar 26 '17 19:03

Nucleus

People also ask

How do I get an authorization token from AWS codeartifact?

To fetch an authorization token from CodeArtifact, you must call the GetAuthorizationToken API. Using the AWS CLI, you can call GetAuthorizationToken with the login or get-authorization-token command. aws codeartifact login (npm, pip, and twine): This command makes it easy to configure common package managers to use CodeArtifact in a single step.

Why can't I trust my AWS codebuild build project?

The AWS CodeBuild service role associated with the build project does not exist or does not have sufficient permissions to trust CodeBuild. Make sure AWS STS is activated for the AWS region where you are attempting to create or update the build project.

How to solve the getauthorizationtoken error inside ECR?

Actually the getAuthorizationToken error can't be solved inside ECR (As you won't even see ecr:getAuthorizationToken there). You need to go to the IAM panel => Roles => CodeBuild Role => Grant Policy => AmazonEC2ContainerRegistryReadOnly You need to add permissions to the ECR repository policy, not to the CodeBuild service role.

What happened to the AWS Security Token Service (AWS STS)?

The AWS Security Token Service (AWS STS) has been deactivated for the AWS region where you are attempting to create or update the build project. The AWS CodeBuild service role associated with the build project does not exist or does not have sufficient permissions to trust CodeBuild.

1 Answers

Actually the getAuthorizationToken error can't be solved inside ECR (As you won't even see ecr:getAuthorizationToken there).

You need to go to the IAM panel => Roles => CodeBuild Role => Grant Policy => AmazonEC2ContainerRegistryReadOnly

That enables it to get a token

like image 68
Jimmy Avatar answered Sep 27 '22 20:09

Jimmy
Sign in to Comment

Related questions

AWS S3 Bucket name already exists
Change AWS ECS service's security groups
List files in Glacier with AWS CLI
Why can't terraform SSH in to EC2 Instance using supplied example?
AWS Transfer Acceleration with pre-signed URLs using JavaScript SDK
Change read/write access of a folder in Ubuntu Linux
What URL should I use for Amazon CloudFront content?
How to submit aws batch job periodically
How to find size of a folder inside an S3 bucket?
Hadoop 2.9.2, Spark 2.4.0 access AWS s3a bucket
Kubernetes support for Internal Load Balancers in AWS
S3: how to upload large number of files
Cloudformation Cloudwatch InputTemplate Formatting
502 bad gateway Elastic Beanstalk Spring Boot
AWS: Dedicated Host VS Dedicated Instance, why the first is more expensive than the later?
List EC2 volumes in Boto
How to Set Aws Amazon Server Time? Can't find /etc/sysconfig/clock file
Access Denied for index.html Amazon S3 static website
How to create a "folder-like" (i.e. PREFIX) object on S3 using the AWS CLI?
How to use powershell to install and configure IIS, SSL certificate, urlrewrite, git and clone repository

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!