无法从Terraform中的工件AWS CodeBuild获取源代码

时间:2018-03-29 11:56:41

标签: amazon-web-services terraform aws-codepipeline aws-codebuild terraform-provider-aws

我需要使用带有terraform的buildstep创建一个管道。我需要从工件中获取源代码,但Terraform文档不是很清楚。到目前为止,这是我的代码:

resource "aws_codebuild_project" "authorization" {
  name         = "authorization"
  description  = "BuildProject for authrorization service"
  build_timeout      = "5"
  service_role = "${aws_iam_role.codebuild_role.arn}"

  artifacts {
    type = "CODEPIPELINE"
  }

  environment {
    compute_type = "BUILD_GENERAL1_SMALL"
    image        = "aws/codebuild/docker:17.09.0"
    type         = "LINUX_CONTAINER"
    privileged_mode = true

    environment_variable {
      "name"  = "SOME_KEY1"
      "value" = "SOME_VALUE1"
    }

    environment_variable {
      "name"  = "SOME_KEY2"
      "value" = "SOME_VALUE2"
    }
  }


  source {
    type = "CODEPIPELINE"
    buildspec = "buildspecs.yml"
  }

  tags {
    "Environment" = "alpha"
  }
}

问题是指向文件会在该步骤的管道执行期间遇到此错误:

DOWNLOAD_SOURCE Failed 
[Container] 2018/03/29 11:15:31 Waiting for agent ping 
[Container] 2018/03/29 11:15:31 Waiting for DOWNLOAD_SOURCE
Message: Access Denied

这就是我的Pipeline的样子:

resource "aws_codepipeline" "foo" {
  name     = "tf-test-pipeline"
  role_arn = "${aws_iam_role.codepipeline_role.arn}"

  artifact_store {
    location = "${aws_s3_bucket.foo.bucket}"
    type     = "S3"
    encryption_key {
      id   = "${aws_kms_key.a.arn}"
      type = "KMS"
    }
  }

  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "AWS"
      provider         = "CodeCommit"
      version         = "1"
      output_artifacts = ["src"]

      configuration {
        RepositoryName = "authorization"
        BranchName = "master"
      }
    }
  }

  stage {
    name = "Build"

    action {
      name            = "Build"
      category        = "Build"
      owner           = "AWS"
      provider        = "CodeBuild"
      input_artifacts = ["src"]
      version         = "1"

      configuration {
        ProjectName = "${aws_codebuild_project.authorization.name}"
      }
    }
  }
}

我想我做错了什么,但我似乎无法在某处找到我的案例。 需要从CodePipeline中的Source步骤接收源,此步骤正常。我知道管道是如何工作的,但是terraform的实现非常令人困惑。 编辑:我已经检查过S3存储桶,我可以确认Source步骤是否成功上传了那些工件。所以问题仍然是我在第二步时无法访问源。角色允许对所有资源进行所有访问。管道的控制台版本看起来正常,没有任何未填充。角色很好。

1 个答案:

答案 0 :(得分:0)

当您已经拥有CodeBuild项目并将其集成到CodePipeline项目时,通常会发生这种情况。 Codebuild现在不从CodeCommit / Github repo下载源代码。相反,它将尝试下载在S3中的codepipeline存储桶中创建的源工件。因此,您需要提供CodeBuild角色的权限才能访问S3中的codepipline存储桶。

相关问题
最新问题