下载源时,AWS Codebuild失败.消息:访问被拒绝
Qai*_*udé 8 amazon-web-services node.js amazon-elastic-beanstalk aws-codepipeline aws-codebuild
我创建了一个CodeBuild项目,它使用了node8的docker镜像.CodeBuild项目的目的是进行单元测试.它需要CodeCommit的输入工件.在buildspec.yml中,它运行一个测试命令.
这是我的(简单)buildspec文件:
version: 0.2
phases:
install:
commands:
- echo "install phase started"
- npm install
- echo "install phase ended"
pre_build:
commands:
- echo "pre_build aka test phase started"
- echo "mocha unit test"
- npm test
- echo "mocha unit test ended"
build:
commands:
- echo "build phase started"
- echo "build complete"
DOWNLOAD_SOURCE阶段的构建失败,具有以下内容:
PHASE - DOWNLOAD_SOURCE
2分钟前的开始时间
结束时间 2分钟前
消息 访问被拒绝
构建日志中的唯一日志如下
[集装箱] 2018/01/12 11:30:22等待代理人ping
[集装箱] 2018/01/12 11:30:22等待DOWNLOAD_SOURCE
提前致谢.
CodeBuild政策的屏幕截图.
我找到了解决方法。我的权限有问题。我添加了它以使其工作。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"arn:aws:logs:eu-west-1:723698621383:log-group:/aws/codebuild/project",
"arn:aws:logs:eu-west-1:723698621383:log-group:/aws/codebuild/project:*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::codepipeline-eu-west-1-*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion"
]
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameters"
],
"Resource": "arn:aws:ssm:eu-west-1:723698621383:parameter/CodeBuild/*"
}
]
}
- 你能解释一下你在哪里添加的吗? (5认同)
我遇到了同样的错误,访问 S3 存储桶 url 时出现权限问题。最初,我使用了自动生成的 codepipeline-us-west-2-* 存储桶名称和策略:
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::codepipeline-us-west-2-*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
]
}
更改为我自己的存储桶名称后,策略必须更新为:
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::project-name-files/*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
]
}
| 归档时间: |
|
| 查看次数: |
7387 次 |
| 最近记录: |