[英]Cross-Region access to CodeCommit repository from CodePipeline
I am building a CodePipeline using CloudFormation. 我正在使用CloudFormation构建CodePipeline。 The pipeline is deployed to the
eu-west-1
region however it must get the source code from the CodeCommit repository that is located in the us-east-1
region. 管道已部署到
eu-west-1
区域,但是它必须从位于us-east-1
区域的CodeCommit存储库中获取源代码。
The pipeline definition looks like this: 管道定义如下所示:
CodePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Ref PipelineName
RoleArn: !GetAtt CodePipelineServiceRole.Arn
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: 1
OutputArtifacts:
- Name: SourceCodeOutputArtifact
Configuration:
RepositoryName: !Ref MyRepository
BranchName: !Ref DeploymentBranch
RunOrder: 1
Region: us-east-1
The attached role and policy looks like this: 附加的角色和策略如下所示:
CodePipelineServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- codepipeline.amazonaws.com
CodePipelineServicePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: CodePipelineServicePolicy
Roles:
- !Ref CodePipelineServiceRole
PolicyDocument:
Version: 2012-10-17
Statement:
......
- Effect: Allow
Action:
- codecommit:BatchGet*
- codecommit:BatchDescribe*
- codecommit:Get*
- codecommit:Describe*
- codecommit:List*
- codecommit:GitPull
Resource: !Sub "arn:aws:codecommit:us-east-1:${AWS::AccountId}:MyRepository*"
Alas, the code pipeline still don't have access to my repository in the us-east-1
, or it is looking for it in the incorrect region, and as a result I'm getting the following error las,代码管道仍然无法访问我在
us-east-1
中的存储库,或者它正在错误的区域中寻找它,因此,我得到以下错误
The service role or action role doesn’t have the permissions required to access the AWS CodeCommit repository named MyRepository. Update the IAM role permissions, and then try again. Error: User: arn:aws:sts::111111111111:assumed-role/MyPipeline-CodePipelineServiceRole-N996SC3JYINW/1564844186052 is not authorized to perform: codecommit:GetBranch on resource: arn:aws:codecommit:eu-west-1:111111111111:MyRepository
Any help would be greatly appreciated. 任何帮助将不胜感激。
Edit: I know that I can replicate the repo to another region but I am wondering is there any way to do what I want to do without replicating the repo to another region? 编辑:我知道我可以将存储库复制到另一个区域,但是我想知道有什么方法可以做我想做的事情而不将存储库复制到另一个区域吗?
You need to replicate the codecommit to the other region. 您需要将代码提交复制到其他区域。 You can do it by using a CI Job, a scheduled container in ECS or Fargate.
您可以通过使用CI Job(ECS或Fargate中的预定容器)来执行此操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.