I have created a code build project from code pipeline wizard with all the necessary required options and valid IAM role. I have added IAM role policy as well which is required for accessing and writing the data inside S3 bucket. below mentioned policy I have already considered for accessing S3.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"arn:aws:logs:aws/codebuild",
"arn:aws:logs:aws/codebuild:*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::pipeline”,
"arn:aws:s3::: pipeline/*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
]
}
]
}
Once I initiated a pipeline, code build is getting failed and I am getting below mentioned error
DOWNLOAD_SOURCE Failed:
CLIENT_ERROR: symlink /codebuild/output/.../libcrypto.1.0.0.dylib: no such file or directory for primary source and source version arn:aws:s3:::codepipeline-bucketSource/Ap4g3sv.zip
I have researched a lot, have been through the various AWS documents but could not find the solution.
Finally after a lot of research I found out that it was a permission issue only. I had to change the policy as mentioned below:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
After adding this modification my code build and pipeline started working.
Looks like your policy only provides access to 'pipeline' bucket, but not to 'codepipeline-bucketSource'. Could you try giving S3 full access to the role at-least for time being so that we can debug whether this is actually an access related issue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With