從CodePipeline對CodeCommit存儲庫的跨區域訪問
[英]Cross-Region access to CodeCommit repository from CodePipeline
原文
2019-08-03 15:08:41
6
1
amazon-web-services/
amazon-cloudformation/
aws-codepipeline/
aws-codecommit
問題描述
我正在使用CloudFormation構建CodePipeline。 管道已部署到eu-west-1區域,但是它必須從位於us-east-1區域的CodeCommit存儲庫中獲取源代碼。
管道定義如下所示:
CodePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Ref PipelineName
RoleArn: !GetAtt CodePipelineServiceRole.Arn
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: 1
OutputArtifacts:
- Name: SourceCodeOutputArtifact
Configuration:
RepositoryName: !Ref MyRepository
BranchName: !Ref DeploymentBranch
RunOrder: 1
Region: us-east-1
附加的角色和策略如下所示:
CodePipelineServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- codepipeline.amazonaws.com
CodePipelineServicePolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: CodePipelineServicePolicy
Roles:
- !Ref CodePipelineServiceRole
PolicyDocument:
Version: 2012-10-17
Statement:
......
- Effect: Allow
Action:
- codecommit:BatchGet*
- codecommit:BatchDescribe*
- codecommit:Get*
- codecommit:Describe*
- codecommit:List*
- codecommit:GitPull
Resource: !Sub "arn:aws:codecommit:us-east-1:${AWS::AccountId}:MyRepository*"
las,代碼管道仍然無法訪問我在us-east-1中的存儲庫,或者它正在錯誤的區域中尋找它,因此,我得到以下錯誤
The service role or action role doesn’t have the permissions required to access the AWS CodeCommit repository named MyRepository. Update the IAM role permissions, and then try again. Error: User: arn:aws:sts::111111111111:assumed-role/MyPipeline-CodePipelineServiceRole-N996SC3JYINW/1564844186052 is not authorized to perform: codecommit:GetBranch on resource: arn:aws:codecommit:eu-west-1:111111111111:MyRepository
任何幫助將不勝感激。
編輯:我知道我可以將存儲庫復制到另一個區域,但是我想知道有什么方法可以做我想做的事情而不將存儲庫復制到另一個區域嗎?
1 個解決方案
解決方案1
0 2019-08-12 09:33:33
您需要將代碼提交復制到其他區域。 您可以通過使用CI Job(ECS或Fargate中的預定容器)來執行此操作。
無服務器框架模板中的跨區域 Secrets Manager 訪問
[英]Cross-Region Secrets Manager Access in Serverless Framework Template
AWS Codepipeline 與來自另一個賬戶的 Codecommit 目標源存儲庫
[英]AWS Codepipeline with a Codecommit targetsource repository from another account
AWS跨賬戶,跨區域(到中國)訪問權限? CN中沒有Lambda-替代方案?
[英]AWS Cross-Account, Cross-Region (to China) access? No Lambda in CN - alternatives?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.