我的CloudWatch Event规则不会触发我的CodePipeline管道

时间:2018-11-19 16:58:39

标签: amazon-web-services continuous-integration amazon-cloudwatch aws-codepipeline

AWS CloudWatch Events遇到一些问题。

我正在创建一个CodePipeline CI管道,该管道具有一个CodeCommit存储库作为源,一个CodeBuild项目作为构建/测试阶段(然后将其部署到Lambda,但问题不存在)。

我们有多个项目,我们将推动其他多个项目。因此,我创建了一个脚本来管理AWS CI内容(即,创建管道,CodeBuild项目,...以及与该管道链接的CloudWatch Events规则)。

我第一次输入代码时,它可以工作。但是,然后,此过程不再因推动CodeCommit而触发。

我找到了一个解决方案(但不是我想要的解决方案):我只需要修改管道,修改阶段(源代码),不动任何东西并保存null修改:并且它可以工作(在保存之前,它会询问创建与此管道关联的CloudWatch Events规则的授权。

有人遇到这个问题吗?您做了什么绕过它? 我真的想制作一个100%自动化的CI,我不想每次团队创建新存储库或在现有存储库上推送新分支时都去AWS控制台。

编辑:

这是我的CloudWatch Events规则的JSON:

{
    "Name": "company-ci_codepipeline_project-stage", 
    "EventPattern": "cf. second JSON", 
    "State": "ENABLED", 
    "Arn": "arn:aws:events:region:xxx:rule/company-ci_codepipeline_project-stage", 
    "Description": "CloudWatch Events rule to automatically trigger the needed pipeline from every push to project repository, on the stage branch on CodeCommit."
}

这是EventPattern JSON:

{
  "source": [
    "aws.codecommit"
  ],
  "detail-type": [
    "CodeCommit repository state change"
  ],
  "resources": [
    "arn:aws:codecommit:region:xxx:project"
  ],
  "detail": {
    "event": [
      "referenceCreated",
      "referenceUpdated"
    ],
    "referenceType": [
      "branch"
    ],
    "referenceName": [
      "stage"
    ]
  }
}

1 个答案:

答案 0 :(得分:2)

我发现此问题通常与事件规则/目标/角色配置有关。如果您没有与规则关联的目标,则在查看指标时将不会看到调用的事件。由于您的EventPattern看起来正确,因此我认为目标可能是您的问题。

您应该有一个配置好的目标,类似于:

{
    "Rule": "company-ci_codepipeline_project-stage",
    "Targets": [
        {
            "RoleArn": "arn:aws:iam::xxx:role/cwe-codepipeline",
            "Id": "ProjectPipelineTarget",
            "Arn": "arn:aws:codepipeline:region:xxx:your-pipeline"
        }
    ]
}

如果这一切都很好,我接下来将检查与目标关联的角色是否授予正确的权限。我的角色看起来像:

{
    "Role": {
        "Description": "Allows CloudWatch Events to invoke targets and perform actions in built-in targets on your behalf.",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Action": "sts:AssumeRole",
                    "Principal": {
                        "Service": "events.amazonaws.com"
                    },
                    "Effect": "Allow",
                    "Sid": ""
                }
            ]
        },
        "MaxSessionDuration": 3600,
        "RoleId": "xxxx",
        "CreateDate": "2018-08-06T20:56:19Z",
        "RoleName": "cwe-codepipeline",
        "Path": "/",
        "Arn": "arn:aws:iam::xxx:role/cwe-codepipeline"
    }
}

它具有以下内联策略:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "codepipeline:StartPipelineExecution"
            ],
            "Resource": [
                "arn:aws:codepipeline:*:xxx:*"
            ]
        }
    ]
}

作为参考,请查看此documentation

相关问题
最新问题