本文介绍了从Codepipeline启动时,AWS Codebuild无法下载源的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个AWS Codebuild作业,当我以root用户身份手动启动时,它可以正常工作.

I have a an AWS codebuild job that works fine when I initate manually as a root user.

我有一条代码管道行,当codecommit合并到master时应启动构建作业.它会触发作业并开始构建,但是在尝试下载源代码时会失败.

I have a codepipe line that should initiate the build job when codecommit merges into master. It fires the job and the build start but it fails when trying to download source.

我已经将完整的S3/codebuild/codecommit策略附加到了管道中,但是仍然导致访问被拒绝.

Ive attached full S3/codebuild/codecommit policies to the pipeline, but it still throws access denied.

我缺少哪些权限?

推荐答案

通常,当您已经有CodeBuild项目并将其集成到CodePipeline项目中时,就会发生这种情况.现在,Codebuild无法从CodeCommit/Github存储库中下载源代码.相反,它将尝试下载在S3的代码管道存储区中创建的源工件. 因此,您需要向CodeBuild角色提供权限,才能访问S3中的代码行存储桶.

This generally happens when you have a CodeBuild project already and you integrate it to the CodePipeline project. The Codebuild now does not download the sources from CodeCommit/Github repo. Instead, it will try to dowload the source artifact created in the codepipeline bucket in S3. So, you will need to provide permissions to the CodeBuild role to access the codepipline bucket in S3.

您可以通过修改 Codebuild角色的附加策略(或附加新策略)来实现此目的,

You can do this by modifying Codebuild role's attached policy (or attaching a new policy) that gives access to the following operations

s3:ListObjects
s3:GetObject
s3:ListBucket

您的 Codepipeline存储桶及其对象

"arn:aws:s3:::codepipeline-bucket",
"arn:aws:s3:::codepipeline-bucket/*"

或者您可以选择为该存储桶及其对象添加所有操作.您可以释放所做的更改,并且可以使用.如果不是,则为Lmk.

Or you can just choose to add all operations for this bucket and its object. You can release the changes and it would work. Lmk if it does not.

这篇关于从Codepipeline启动时,AWS Codebuild无法下载源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-17 08:27