来自 CodePipeline (AWS) 的 CodeBuild (AWS) 不工作
CodeBuild (AWS) from CodePipeline (AWS) is not working
我已经从代码管道向导创建了一个代码构建项目,其中包含所有必需的选项和有效的 IAM 角色。我还添加了访问和写入 S3 存储桶中的数据所需的 IAM 角色策略。下面提到的政策我已经考虑过访问 S3。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"arn:aws:logs:aws/codebuild",
"arn:aws:logs:aws/codebuild:*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::pipeline”,
"arn:aws:s3::: pipeline/*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
]
}
]
}
启动管道后,代码构建失败,出现下面提到的错误
DOWNLOAD_SOURCE Failed:
CLIENT_ERROR: symlink /codebuild/output/.../libcrypto.1.0.0.dylib: no such file or directory for primary source and source version arn:aws:s3:::codepipeline-bucketSource/Ap4g3sv.zip
我研究了很多,查阅了各种AWS文档,但找不到解决方案。
看起来您的策略只提供对 'pipeline' 存储桶的访问权限,但不提供对 'codepipeline-bucketSource' 的访问权限。您能否暂时尝试授予 S3 对角色 at-least 的完全访问权限,以便我们可以调试这是否实际上是与访问相关的问题。
经过大量研究,我终于发现这只是一个权限问题。我不得不如下所述更改政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
添加此修改后,我的代码构建和管道开始工作。
我已经从代码管道向导创建了一个代码构建项目,其中包含所有必需的选项和有效的 IAM 角色。我还添加了访问和写入 S3 存储桶中的数据所需的 IAM 角色策略。下面提到的政策我已经考虑过访问 S3。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"arn:aws:logs:aws/codebuild",
"arn:aws:logs:aws/codebuild:*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::pipeline”,
"arn:aws:s3::: pipeline/*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
]
}
]
}
启动管道后,代码构建失败,出现下面提到的错误
DOWNLOAD_SOURCE Failed:
CLIENT_ERROR: symlink /codebuild/output/.../libcrypto.1.0.0.dylib: no such file or directory for primary source and source version arn:aws:s3:::codepipeline-bucketSource/Ap4g3sv.zip
我研究了很多,查阅了各种AWS文档,但找不到解决方案。
看起来您的策略只提供对 'pipeline' 存储桶的访问权限,但不提供对 'codepipeline-bucketSource' 的访问权限。您能否暂时尝试授予 S3 对角色 at-least 的完全访问权限,以便我们可以调试这是否实际上是与访问相关的问题。
经过大量研究,我终于发现这只是一个权限问题。我不得不如下所述更改政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
添加此修改后,我的代码构建和管道开始工作。