Menu
Hello I created a codepipeline project with the following configuration:
All the process works ok until when it tries to deploy, for some reason I am getting the following error during deployment:
Insufficient permissions Unable to access the artifact with Amazon S3 object key 'FailedScanSubscriber/MyAppBuild/Wmu5kFy' located in the Amazon S3 artifact bucket 'codepipeline-us-west-2-913731893217'. The provided role does not have sufficient permissions.
During the building phase, it is even able to create a new docker image in the ECS repository.
I tried everything, changed IAM roles and policies, add full access to S3, I have even setted the S3 bucket as public, nothing worked. I am without options, if someone could help me that would be wonderful, I have poor experience with AWS, so any help is appreciated.
343
CodePipeline triggers your pipeline to run when there is a commit to the source repository, providing the output artifact (any files to be built) from the Source stage. The output artifact (any files to be built) from the previous step is ingested as an input artifact to the Build stage.
S3 object artifacts are references to objects stored in S3 buckets. These artifacts are generally consumed by stages that read configuration from text files, such as a Deploy Manifest or AWS Deploy stage.
Artifacts is a property of the AWS::CodeBuild::Project resource that specifies output settings for artifacts generated by an AWS CodeBuild build.
I was able to find a solution. The true issue is that when the deployment provider is set as Amazon ECS, we need to generate an output artifact indicating the name of the task definition and the image uri, for example:
post_build: commands: - printf '[{"name":"your.task.definition.name","imageUri":"%s"}]' $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG > imagedefinitions.json artifacts: files: imagedefinitions.json This happens when AWS CodeDeploy cannot find the build artifact from AWS CodeBuild. If you go into the S3 bucket and check the path you would actually see that the artifact object is NOT THERE!
Even though the error says about a permission issue. This can happen due the absent of the artifact object.
Solution: Properly configure artifacts section in buildspec.yml and configure AWS Codepipeline stages properly specifying input and output artifact names.
artifacts: files: - '**/*' base-directory: base_dir name: build-artifact-name discard-paths: no Refer this article - https://medium.com/@shanikae/insufficient-permissions-unable-to-access-the-artifact-with-amazon-s3-247f27e6cdc3
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
