CodeBuild policy error: "Not authorized to perform: ssm:GetParameters"
CodeBuild policy error: "Not authorized to perform: ssm:GetParameters"
我需要传输我在 CodeBuild 中指定的变量,但出现此错误:
Phase context status code: Decrypted Variables
Error Message: AccessDeniedException:
User: arn:aws:sts::<acc_id>:assumed-role/codebuild-image_builder-service-role/AWSCodeBuild-c892c6f5-ffba-48ec-a53f-35ddca9818a5 is not authorized to perform: ssm:GetParameters on resource: arn:aws:ssm:eu-west-1:<acc_id>:parameter/eu-west-1 because no identity-based policy allows the ssm:GetParameters action
我的 buildspec.yml 文件:
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker image...
- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
您可以在日志中看到
not authorized to perform: ssm:GetParameters on resource:
检查您的 Codebuild 的服务角色是否具有 right/policy/permissions 访问参数存储的权限。
您可以查看此页面https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html以添加权限
我需要传输我在 CodeBuild 中指定的变量,但出现此错误:
Phase context status code: Decrypted Variables
Error Message: AccessDeniedException:
User: arn:aws:sts::<acc_id>:assumed-role/codebuild-image_builder-service-role/AWSCodeBuild-c892c6f5-ffba-48ec-a53f-35ddca9818a5 is not authorized to perform: ssm:GetParameters on resource: arn:aws:ssm:eu-west-1:<acc_id>:parameter/eu-west-1 because no identity-based policy allows the ssm:GetParameters action
我的 buildspec.yml 文件:
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker image...
- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
您可以在日志中看到
not authorized to perform: ssm:GetParameters on resource:
检查您的 Codebuild 的服务角色是否具有 right/policy/permissions 访问参数存储的权限。
您可以查看此页面https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html以添加权限