CodeBuild 无法 运行 CDK 合成器

CodeBuild failing to run CDK synth

我在 codebuild 上遇到问题 运行 cdk synth,它只是说:You are not authorized to perform this operation.

这是一个 CDK 应用程序,使用 @aws-cdk/app-delivery 依赖项来提供一些基础设施来创建 CI/CD 管道。我使用的代码构建图像是:aws/codebuild/nodejs:10.1.0

buildspec.yml 是 app-delivery 在他们的自述文件中共享的标准,只需添加 --loglevel verbose 以便更好地了解正在发生的事情

phases:
  install:
    commands:
      # Installs the npm dependencies as defined by the `package.json` file
      # present in the root directory of the package
      # (`cdk init app --language=typescript` would have created one for you)
      - npm install
  build:
    commands:
      # Builds the CDK App so it can be synthesized
      - npm run build
      # Synthesizes the CDK App and puts the resulting artifacts into `dist`
      - npm run cdk synth --loglevel verbose -- -o dist
artifacts:
  # The output artifact is all the files in the `dist` directory
  base-directory: dist
  files: '**/*'

这里是代码构建日志:

[Container] 2019/06/06 19:20:11 Running command npm run cdk synth --loglevel verbose -- -o dist 
npm info it worked if it ends with ok 
npm verb cli [ '/usr/local/bin/node', 
npm verb cli   '/usr/local/bin/npm', 
npm verb cli   'run', 
npm verb cli   'cdk', 
npm verb cli   'synth', 
npm verb cli   '--loglevel', 
npm verb cli   'verbose', 
npm verb cli   '--', 
npm verb cli   '-o', 
npm verb cli   'dist' ] 
npm info using npm@5.6.0 
npm info using node@v10.1.0 
npm verb run-script [ 'precdk', 'cdk', 'postcdk' ] 
npm info lifecycle dvi-infrastructure-cdk@0.1.0~precdk: dvi-infrastructure-cdk@0.1.0 
npm info lifecycle dvi-infrastructure-cdk@0.1.0~cdk: dvi-infrastructure-cdk@0.1.0 

> dvi-infrastructure-cdk@0.1.0 cdk /codebuild/output/src891487954/src 
> cdk "synth" "-o" "dist" 

You are not authorized to perform this operation. 
npm verb lifecycle dvi-infrastructure-cdk@0.1.0~cdk: unsafe-perm in lifecycle true 
npm verb lifecycle dvi-infrastructure-cdk@0.1.0~cdk: PATH: /usr/local/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin:/codebuild/output/src891487954/src/node_modules/.bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
npm verb lifecycle dvi-infrastructure-cdk@0.1.0~cdk: CWD: /codebuild/output/src891487954/src 
npm info lifecycle dvi-infrastructure-cdk@0.1.0~cdk: Failed to exec cdk script 
npm verb stack Error: dvi-infrastructure-cdk@0.1.0 cdk: `cdk "synth" "-o" "dist"` 
npm verb stack Exit status 1 
npm verb stack     at EventEmitter.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/npm-lifecycle/index.js:285:16) 
npm verb stack     at EventEmitter.emit (events.js:182:13) 
npm verb stack     at ChildProcess.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/npm-lifecycle/lib/spawn.js:55:14) 
npm verb stack     at ChildProcess.emit (events.js:182:13) 
npm verb stack     at maybeClose (internal/child_process.js:957:16) 
npm verb stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:246:5) 
npm verb pkgid dvi-infrastructure-cdk@0.1.0 
npm verb cwd /codebuild/output/src891487954/src 
npm verb Linux 4.14.114-83.126.amzn1.x86_64 
npm verb argv "/usr/local/bin/node" "/usr/local/bin/npm" "run" "cdk" "synth" "--loglevel" "verbose" "--" "-o" "dist" 
npm verb node v10.1.0 
npm verb npm  v5.6.0 
npm ERR! code ELIFECYCLE 
npm ERR! errno 1 
npm ERR! dvi-infrastructure-cdk@0.1.0 cdk: `cdk "synth" "-o" "dist"` 
npm ERR! Exit status 1 
npm ERR!  
npm ERR! Failed at the dvi-infrastructure-cdk@0.1.0 cdk script. 
npm ERR! This is probably not a problem with npm. There is likely additional logging output above. 
npm verb exit [ 1, true ] 

npm ERR! A complete log of this run can be found in: 
npm ERR!     /root/.npm/_logs/2019-06-06T19_20_13_082Z-debug.log 

[Container] 2019/06/06 19:20:13 Command did not exit successfully npm run cdk synth --loglevel verbose -- -o dist exit status 1 
[Container] 2019/06/06 19:20:13 Phase complete: BUILD State: FAILED 
[Container] 2019/06/06 19:20:13 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: npm run cdk synth --loglevel verbose -- -o dist. Reason: exit status 1 

我已经能够通过我的 buildspec.yml 中的 运行 npm run cdk synth -- -v -o dist 命令检查哪个错误。有了这个我得到了以下错误:

Some context information is missing. Fetching... 
Reading AZs for 244496089465:us-west-2 
Using default AWS SDK credentials for account 244496089465 
You are not authorized to perform this operation. 
UnauthorizedOperation: You are not authorized to perform this operation. 
    at Request.extractError (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/services/ec2.js:50:35) 
    at Request.callListeners (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/sequential_executor.js:106:20) 
    at Request.emit (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/sequential_executor.js:78:10) 
    at Request.emit (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/request.js:683:14) 
    at Request.transition (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/request.js:22:10) 
    at AcceptorStateMachine.runTo (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/state_machine.js:14:12) 
    at /codebuild/output/src133069252/src/node_modules/aws-sdk/lib/state_machine.js:26:10 
    at Request.<anonymous> (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/request.js:38:9) 
    at Request.<anonymous> (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/request.js:685:12) 
    at Request.callListeners (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/sequential_executor.js:116:18)

因此,通过将以下权限 ec2:DescribeAvailabilityZones 添加到 codebuild 角色中解决了我的问题