我试图在AWS CodePipeline中设置管道,并触发CodeCommit的更改后,CodeBuild开始。它执行buildspec.yaml文件中所述的命令,并且在将内容同步到S3存储桶时失败。
当前,我已将AmazonS3FullAccess策略附加到各自的CodeBuild服务角色,但它给了我以下错误:
[Container] 2020/03/20 16:13:22 Running command aws s3 sync ./dist/ProjectName/ s3://project-name-dev
fatal error: An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
可能是什么问题?
答案 0 :(得分:3)
将对象写入S3存储桶需要2个地方的权限:
由于您已经向CodeBuild服务角色添加了“ AmazonS3FullAccess”,因此请检查存储桶策略(如果该策略不允许按Codebuild角色进行写入)。您可以在存储桶上添加以下存储桶策略以解决此问题:
{
"Sid": "Stmt1561445614665",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<Account_Number>:role/service-role/<your-codebuild-service-role>". <===== Update with your codebuild service role ARN
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::bucketname", <===== Update with your bucket name
"arn:aws:s3:::bucketname/*" <===== Update with your bucket name
]
}