stackoom
  简体   繁体   中英

AWS: IAM Policy for CodePipeline?

 原文  2018-02-24 21:40:02       amazon-web-services/ aws-codepipeline/ aws-codebuild/ aws-codecommit

Question

No matter how open an IAM policy I give to my CodePipeline role, my CodeBuild step always fails with Access Denied in the DOWNLOAD_SOURCE phase. The build works fine when I run manually from CodeBuild.

I have literally granted this policy to the CodePipeline service role, and the pipeline still fails: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Has anyone else encountered a similar problem? Where should I be looking to fix this?

1 answers

solution1
 2 ACCPTED  2018-02-25 02:38:13

The first place I'd look is your CodeBuild service role, make sure it has something like the following in the policy: 

{
      "Sid": "S3GetObjectPolicy",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion"
      ],
      "Resource": [
        "*"
      ]
    },

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS IAM policy for SQS AWS IAM policy issue AWS Codepipeline wizard “Could not create IAM role” AWS CFT template IAM Policy AWS Cloudformation IAM Policy with Resource AWS IAM Policy permissions query IAM Policy with `aws:ResourceTag` not supported AWS PowerUser with MFA (IAM policy) AWS IAM S3 Policy AWS IAM Policy elasticbeanstalk:DescribeEnvironmentHealth
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM