Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CodeBuild (AWS) from CodePipeline (AWS) is not working

I have created a code build project from code pipeline wizard with all the necessary required options and valid IAM role. I have added IAM role policy as well which is required for accessing and writing the data inside S3 bucket. below mentioned policy I have already considered for accessing S3.

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Resource": [
            "arn:aws:logs:aws/codebuild",
            "arn:aws:logs:aws/codebuild:*"
        ],
        "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents"
        ]
    },
    {
        "Effect": "Allow",
        "Resource": [
            "arn:aws:s3:::pipeline”,
            "arn:aws:s3::: pipeline/*"
        ],
        "Action": [
            "s3:PutObject",
            "s3:GetObject",
            "s3:GetObjectVersion",
            "s3:GetBucketAcl",
            "s3:GetBucketLocation"
        ]
    }
]

}

Once I initiated a pipeline, code build is getting failed and I am getting below mentioned error

DOWNLOAD_SOURCE Failed: 
CLIENT_ERROR: symlink /codebuild/output/.../libcrypto.1.0.0.dylib: no such file or directory for primary source and source version arn:aws:s3:::codepipeline-bucketSource/Ap4g3sv.zip

I have researched a lot, have been through the various AWS documents but could not find the solution.

like image 656
Vee Mandke Avatar asked May 21 '19 06:05

Vee Mandke


2 Answers

Finally after a lot of research I found out that it was a permission issue only. I had to change the policy as mentioned below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:GetObjectVersion",
                "s3:GetBucketAcl",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        }
    ]
}

After adding this modification my code build and pipeline started working.

like image 114
Vee Mandke Avatar answered Sep 22 '22 22:09

Vee Mandke


Looks like your policy only provides access to 'pipeline' bucket, but not to 'codepipeline-bucketSource'. Could you try giving S3 full access to the role at-least for time being so that we can debug whether this is actually an access related issue.

like image 34
Nimin Unnikrishnan Avatar answered Sep 25 '22 22:09

Nimin Unnikrishnan