我正在尝试在AWS CodePipeline中设置管道,并触发CodeCommit的更改后,CodeBuild开始。它执行buildspec.yaml
文件中所述的命令,并且在将内容同步到S3存储桶时失败。
当前,我将AmazonS3FullAccess
策略附加到相应的CodeBuild服务角色,但它给我以下错误:
[Container] 2020/03/20 16:13:22 Running command aws s3 sync ./dist/ProjectName/ s3://project-name-dev
fatal error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
可能是什么问题?
将对象写入S3存储桶需要2个位置的许可:
由于您已经将'AmazonS3FullAccess'添加到了CodeBuild服务角色中,请检查存储桶策略,如果该策略不允许按Codebuild角色进行写入。您可以在存储桶上添加以下存储桶策略以解决此问题:
{
"Sid": "Stmt1561445614665",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<Account_Number>:role/service-role/<your-codebuild-service-role>". <===== Update with your codebuild service role ARN
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucketname", <===== Update with your bucket name
"arn:aws:s3:::bucketname/*" <===== Update with your bucket name
]
}