运行 aws s3 cp --recursive 命令时 AWS CodeBuild 失败

Failed AWS CodeBuild when running the aws s3 cp --recursive command

有人可以帮我弄清楚我的 CodeBuild 失败的原因吗?我在日志中收到以下错误:

[Container] 2021/03/29 23:13:38 Command did not exit successfully aws s3 cp --recursive --acl public-read ./build s3://cloud-nova-s3-dev02/public/ exit status 1
[Container] 2021/03/29 23:13:38 Phase complete: POST_BUILD State: FAILED
[Container] 2021/03/29 23:13:38 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: aws s3 cp --recursive --acl public-read ./build s3://cloud-nova-s3-dev02/public/. Reason: exit status 1
[Container] 2021/03/29 23:13:38 Expanding base directory path: build
[Container] 2021/03/29 23:13:38 Assembling file list
[Container] 2021/03/29 23:13:38 Expanding build
[Container] 2021/03/29 23:13:38 Expanding file paths for base directory build
[Container] 2021/03/29 23:13:38 Assembling file list
[Container] 2021/03/29 23:13:38 Expanding **/*
[Container] 2021/03/29 23:13:38 Found 19 file(s)
[Container] 2021/03/29 23:13:38 Phase complete: UPLOAD_ARTIFACTS State: SUCCEEDED
[Container] 2021/03/29 23:13:38 Phase context status code:  Message:

这就是我的 S3 存储桶策略:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::cloud-nova-s3-dev02/*",
                "arn:aws:s3:::cloud-nova-s3-dev02"
            ]
        }
    ]
}

这是我的 buildspec.yml 文件的示例:

version: 0.1
phases:
  pre_build:
    commands:
      - echo Installing source NPM dependencies...
      - npm install
  build:
    commands:
      - echo Build started on `date`
      - npm run build
  post_build:
    commands:
      # copy the contents of /build to S3
      - aws s3 cp --recursive --acl public-read ./build s3://cloud-nova-s3-dev02/public/
artifacts:
  files:
    - '**/*'
  base-directory: build

您的存储桶策略仅允许 s3:GetObject,用于从中下载对象。但是,在您的 CodeBuild (CB) 中,您正在尝试将对象上传到它。所以这失败了。

要纠正此问题,您可以将 inline policy 添加到您的 CB 执行角色 以允许 CB 上传对象。例如,

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::cloud-nova-s3-dev02/*"
        }
    ]
}