问题
I created a CodeBuild Project that uses a docker image for node8. The purpose of this CodeBuild project is to do unit testing. It takes an input artifact from CodeCommit. And in the buildspec.yml it runs a test command.
This is my (simple) buildspec file:
version: 0.2
phases:
install:
commands:
- echo "install phase started"
- npm install
- echo "install phase ended"
pre_build:
commands:
- echo "pre_build aka test phase started"
- echo "mocha unit test"
- npm test
- echo "mocha unit test ended"
build:
commands:
- echo "build phase started"
- echo "build complete"
The build is failing at the DOWNLOAD_SOURCE phase with the following:
PHASE - DOWNLOAD_SOURCE
Start time 2 minutes ago
End time 2 minutes ago
Message Access Denied
The only logs in the build logs are the following
[Container] 2018/01/12 11:30:22 Waiting for agent ping
[Container] 2018/01/12 11:30:22 Waiting for DOWNLOAD_SOURCE
Thanks in advance.
Screenshot of the CodeBuild policies.
回答1:
I found a fix. It was a problem with my permissions. I added this to make it work.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"arn:aws:logs:eu-west-1:723698621383:log-group:/aws/codebuild/project",
"arn:aws:logs:eu-west-1:723698621383:log-group:/aws/codebuild/project:*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::codepipeline-eu-west-1-*"
],
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion"
]
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameters"
],
"Resource": "arn:aws:ssm:eu-west-1:723698621383:parameter/CodeBuild/*"
}
]
}
回答2:
I had similar error and will post my fix in case it helps anyone else. I was using CodePipeline and had two separate builds happening. Build #1 would complete its build and the output artifact for that was to be the input artifact for Build #2. Build #2 was failing on the the DOWNLOAD_SOURCE phase with the following error:
AccessDenied: Access Denied status code: 403
The problem was that in my build spec for Build #1, I didn't have the artifacts defined. After calling out the artifact files/folders in Build #1, then Build #2 was able to download the source without issue.
来源:https://stackoverflow.com/questions/48225778/aws-codebuild-fails-while-downloading-source-message-access-denied