AWS CodeDeploy访问被拒绝错误

时间:2018-04-20 16:05:53

标签: amazon-web-services aws-code-deploy

我遇到AWS Code Deploy问题,似乎在访问S3时出现问题,以下是错误消息:

2018-04-20 16:52:35 INFO  [codedeploy-agent(2983)]: [Aws::CodeDeployCommand::Client 200 0.023779 0 retries] put_host_command_complete(command_status:"Failed",diagnostics:{format:"JSON",payload:"{\"error_code\":5,\"script_name\":\"\",\"message\":\"Access Denied\",\"log\":\"\"}"},host_command_identifier:"WyJjb20uYW1hem9uLmFwb2xsby5kZXBsb3ljb250cm9sLmRvbWFpbi5Ib3N0Q29tbWFuZElkZW50aWZpZXIiLHsiZGVwbG95bWVudElkIjoiQ29kZURlcGxveS9ldS13ZXN0LTEvUHJvZC9hcm46YXdzOnNkczpldS13ZXN0LTE6OTExODQyOTUzODAzOmRlcGxveW1lbnQvZC1JRUFFQ09NRlMiLCJob3N0SWQiOiJhcm46YXdzOmVjMjpldS13ZXN0LTE6OTExODQyOTUzODAzOmluc3RhbmNlL2ktMDkxMGQzZjI4YWI0OTA2OGQiLCJjb21tYW5kTmFtZSI6IkRvd25sb2FkQnVuZGxlIiwiY29tbWFuZFBvc2l0aW9uIjoyLCJjb21tYW5kQXR0ZW1wdCI6MX1d")  

2018-04-20 16:52:35 ERROR [codedeploy-agent(2983)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Error during perform: Aws::S3::Errors::AccessDenied - Access Denied - /opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call'

我的EC2实例已使用IAM角色启动:CodeDeploy-EC2-Instance-Profile,其中包含以下权限:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::codepipeline-eu-west-1-373398414592"
            ]
        }
    ]
}

据我所知,这是正确的。

我尝试过以下方法:

删除AWS凭证文件(〜/ .aws / credentials),以防IAM角色与此文件之间发生任何冲突。但它没有任何区别,我仍然遇到了上述错误。

我还注意到它的' put_host_command_complete'这是失败的,所以我更新了上述政策的行动部分,以获得PUT权限,即

"Action": [
    "s3:Get*",
    "s3:List*",
    "s3: Put*"
]

但这也没有任何区别。

任何帮助表示感谢。

此致 史蒂夫

3 个答案:

答案 0 :(得分:0)

我认为您的资源应该是这样的,

{
"Version": "2012-10-17",
"Statement": [
    {
        "Action": [
            "s3:Get*",
            "s3:List*"
        ],
        "Effect": "Allow",
        "Resource": [
            "arn:aws:s3:::<your-s3-bucket-name>/*"
        ]
    }
]}

答案 1 :(得分:0)

您需要将Amazon S3存储桶指定为实例配置文件角色中的资源。有关详细信息,请查看https://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-create-iam-instance-profile.html

答案 2 :(得分:0)

我看到了同样的问题。我选择了一个具有s3存储桶权限的正确实例角色

2018-07-22 21:50:23 ERROR [codedeploy-agent(1555)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Error during perform: Aws::S3::Errors::AccessDenied - Access Denied - /opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/aws-sdk-core/plugins/s3_sse_cpk.rb:19:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/aws-sdk-core/plugins/s3_dualstack.rb:24:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/aws-sdk-core/plugins/s3_accelerate.rb:34:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:20:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/aws-sdk-core/plugins/idempotency_token.rb:18:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/aws-sdk-core/plugins/param_converter.rb:20:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/seahorse/client/plugins/response_target.rb:21:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/seahorse/client/request.rb:70:in `send_request'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-2.10.104/lib/seahorse/client/base.rb:207:in `block (2 levels) in define_operation_methods'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_executor.rb:274:in `block in download_from_s3'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_executor.rb:269:in `open'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_executor.rb:269:in `download_from_s3'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_executor.rb:82:in `block in <class:CommandExecutor>'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_executor.rb:68:in `execute_command'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_poller.rb:114:in `process_command'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_poller.rb:96:in `acknowledge_and_process_command'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_poller.rb:75:in `block in perform'
/opt/codedeploy-agent/vendor/gems/concurrent-ruby-1.0.5/lib/concurrent/executor/ruby_thread_pool_executor.rb:348:in `run_task'
/opt/codedeploy-agent/vendor/gems/concurrent-ruby-1.0.5/lib/concurrent/executor/ruby_thread_pool_executor.rb:337:in `block (3 levels) in create_worker'
/opt/codedeploy-agent/vendor/gems/concurrent-ruby-1.0.5/lib/concurrent/executor/ruby_thread_pool_executor.rb:320:in `loop'
/opt/codedeploy-agent/vendor/gems/concurrent-ruby-1.0.5/lib/concurrent/executor/ruby_thread_pool_executor.rb:320:in `block (2 levels) in create_worker'
/opt/codedeploy-agent/vendor/gems/concurrent-ruby-1.0.5/lib/concurrent/executor/ruby_thread_pool_executor.rb:319:in `catch'
/opt/codedeploy-agent/vendor/gems/concurrent-ruby-1.0.5/lib/concurrent/executor/ruby_thread_pool_executor.rb:319:in `block in create_worker'
/opt/codedeploy-agent/vendor/gems/logging-1.8.2/lib/logging/diagnostic_context.rb:323:in `block in create_with_logging_context'
2018-07-22 21:50:23 WARN  [codedeploy-agent(1555)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Calling PutHostCommandComplete: "Code Error"
2018-07-22 21:50:23 INFO  [codedeploy-agent(1555)]: Version file found in /opt/codedeploy-agent/.version with agent version OFFICIAL_1.0-1.1518_deb.
2018-07-22 21:50:23 INFO  [codedeploy-agent(1555)]: [Aws::CodeDeployCommand::Client 200 0.034907 0 retries] put_host_command_complete(command_status:"Failed",diagnostics:{format:"JSON",payload:"{\"error_code\":5,\"script_name\":\"\",\"message\":\"Access Denied\",\"log\":\"\"}"},host_command_identifier:"WyJjb20uYW1hem9uLmFwb2xsby5kZXBsb3ljb250cm9sLmRvbWFpbi5Ib3N0Q29tbWFuZElkZW50aWZpZXIiLHsiZGVwbG95bWVudElkIjoiQ29kZURlcGxveS91cy13ZXN0LTIvUHJvZC9hcm46YXdzOnNkczp1cy13ZXN0LTI6NTA4MTc5ODMzNTI0OmRlcGxveW1lbnQvZC1RUVpMU0NIQVUiLCJob3N0SWQiOiJhcm46YXdzOmVjMjp1cy13ZXN0LTI6NTA4MTc5ODMzNTI0Omluc3RhbmNlL2ktMDI0ZjEzMzE5NmE2ZjgxYzMiLCJjb21tYW5kTmFtZSI6IkRvd25sb2FkQnVuZGxlIiwiY29tbWFuZFBvc2l0aW9uIjoyLCJjb21tYW5kQXR0ZW1wdCI6MX1d")

2018-07-22 21:50:24 INFO  [codedeploy-agent(1555)]: Version file found in /opt/codedeploy-agent/.version with agent version OFFICIAL_1.0-1.1518_deb.
^[[1;2C2018-07-22 21:51:24 INFO  [codedeploy-agent(1555)]: [Aws::CodeDeployCommand::Client 200 60.17959 0 retries] poll_host_command(host_identifier:"arn:aws:ec2:us-west-2:508179833524:instance/i-024f133196a6f81c3")
相关问题
最新问题