如何解决发生错误:ServerlessDeploymentBucket - API:s3:CreateBucket Access Denied
从基于 CDK 的 CI-CD 管道运行管道时,假设管道具有通过角色所需的权限,则不会在参数中传递配置文件。
我正在使用来自 https://github.com/awslabs/aws-simple-cicd/
的管道我的 deployment-role.yml 文件有一个如下所示的策略:
DeploymentPolicy:
Type: AWS::IAM::Policy
Properties:
PolicyName: deployment-policy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'cloudformation:*'
- 'iam:*'
- 'lambda:*'
- 'ecs:*'
- 'ecr:*'
- 'logs:*'
- 'ssm:*'
- 'acm:*'
- 'apigateway:*'
- 'application-autoscaling:*'
- 'autoscaling:*'
- 'cloudfront:*'
- 'cloudwatch:*'
- 'elasticache:*'
- 'elasticloadbalancing:*'
- 'events:*'
- 'route53:*'
- 'sns:*'
- 'sqs:*'
- 's3:*'
- 'dynamodb:*'
- 'xray:*'
- 'cognito-idp:*'
Resource: '*'
Roles:
- !Ref DeploymentRole
-
鉴于该策略具有对 s3 的完全访问权限,我希望部署能够通过,但失败并显示以下错误消息:
lerna notice cli v4.0.0
326 | lerna info ci enabled
327 | lerna info Executing command in 4 packages: "npm run deploy"
328 | vlncc-sns: > vlncc-sns@0.1.0 deploy
329 | vlncc-sns: > sls deploy -v
330 | tenant-mgmt-service: > tenant-mgmt-service@0.1.0 deploy
331 | tenant-mgmt-service: > sls deploy -v
332 | vlncc-sns: Serverless: Deprecation warning: Variables resolver reports following resolution errors:
333 | vlncc-sns: - Cannot resolve variable at "provider.profile": Value not found at "opt" source
334 | vlncc-sns: From a next major it we will be communicated with a thrown error.
335 | vlncc-sns: Set "variablesResolutionMode: 20210219" in your service config,to adapt to this behavior Now
336 | vlncc-sns: More Info: https://www.serverless.com/framework/docs/deprecations/#NEW_VARIABLES_RESOLVER
337 | tenant-mgmt-service: Serverless: Deprecation warning: Variables resolver reports following resolution errors:
338 | tenant-mgmt-service: - Cannot resolve variable at "provider.profile": Value not found at "opt" source,339 | tenant-mgmt-service: - Cannot resolve variable at "provider.iamRoleStatements.0": Cannot load file from outside of service folder
340 | tenant-mgmt-service: From a next major it we will be communicated with a thrown error.
341 | tenant-mgmt-service: Set "variablesResolutionMode: 20210219" in your service config,to adapt to this behavior Now
342 | tenant-mgmt-service: More Info: https://www.serverless.com/framework/docs/deprecations/#NEW_VARIABLES_RESOLVER
343 | vlncc-sns:
344 | vlncc-sns: Serverless Warning --------------------------------------
345 | vlncc-sns:
346 | vlncc-sns: A valid option to satisfy the declaration 'opt:profile' Could not be found.
347 | vlncc-sns:
348 | vlncc-sns: Serverless: Packaging service...
349 | vlncc-sns: Serverless: Creating Stack...
350 | tenant-mgmt-service:
351 | tenant-mgmt-service: Serverless Warning --------------------------------------
352 | tenant-mgmt-service:
353 | tenant-mgmt-service: A valid option to satisfy the declaration 'opt:profile' Could not be found.
354 | tenant-mgmt-service:
355 | vlncc-sns: Serverless: Checking Stack create progress...
356 | tenant-mgmt-service: Serverless: Configuration warning at 'functions.getPool.events[0].http': unrecognized property 'documentation'
357 | tenant-mgmt-service: Serverless:
358 | tenant-mgmt-service: Serverless: Learn more about configuration validation here: http://slss.io/configuration-validation
359 | tenant-mgmt-service: Serverless:
360 | tenant-mgmt-service: Serverless: Deprecation warning: Starting with version 3.0.0,following property will be replaced:
361 | tenant-mgmt-service: "provider.iamRoleStatements" -> "provider.iam.role.statements"
362 | tenant-mgmt-service: More Info: https://www.serverless.com/framework/docs/deprecations/#PROVIDER_IAM_SETTINGS
363 | tenant-mgmt-service: Serverless: Deprecation warning: Resolution of lambda version hashes was improved with better algorithm,which will be used in next major release.
364 | tenant-mgmt-service: Switch to it Now by setting "provider.lambdaHashingVersion" to "20201221"
365 | tenant-mgmt-service: More Info: https://www.serverless.com/framework/docs/deprecations/#LAMBDA_HASHING_VERSION_V2
366 | tenant-mgmt-service: Serverless: Using configuration:
367 | tenant-mgmt-service: {
368 | tenant-mgmt-service: "packager": "npm",369 | tenant-mgmt-service: "packagerOptions": {},370 | tenant-mgmt-service: "webpackConfig": "../../node_modules/serverless-bundle/src/webpack.config.js",371 | tenant-mgmt-service: "includeModules": {
372 | tenant-mgmt-service: "forceExclude": [
373 | tenant-mgmt-service: "aws-sdk"
374 | tenant-mgmt-service: ],375 | tenant-mgmt-service: "forceInclude": null,376 | tenant-mgmt-service: "packagePath": "package.json"
377 | tenant-mgmt-service: },378 | tenant-mgmt-service: "keepOutputDirectory": false
379 | tenant-mgmt-service: }
380 | tenant-mgmt-service: Serverless: Removing /codebuild/output/src181728188/src/services/tenant-mgmt-service/.webpack
381 | tenant-mgmt-service: Serverless: Bundling with Webpack...
382 | vlncc-sns: CloudFormation - CREATE_IN_PROGRESS - AWS::CloudFormation::Stack - vlncc-sns-sandBox
383 | vlncc-sns: CloudFormation - CREATE_IN_PROGRESS - AWS::S3::Bucket - ServerlessDeploymentBucket
384 | vlncc-sns: CloudFormation - CREATE_Failed - AWS::S3::Bucket - ServerlessDeploymentBucket
385 | vlncc-sns: CloudFormation - DELETE_IN_PROGRESS - AWS::CloudFormation::Stack - vlncc-sns-sandBox
386 | vlncc-sns: CloudFormation - DELETE_COMPLETE - AWS::S3::Bucket - ServerlessDeploymentBucket
387 | vlncc-sns: CloudFormation - DELETE_COMPLETE - AWS::CloudFormation::Stack - vlncc-sns-sandBox
388 | vlncc-sns: Serverless: Operation Failed!
389 | vlncc-sns: Serverless: View the full error output: https://us-west-2.console.aws.amazon.com/cloudformation/home?region=us-west-2#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aus-west-2%3A074808352032%3Astack%2Fvlncc-sns-sandBox%2F99468730-85f5-11eb-9aea-069c3947cedb
390 | vlncc-sns:
391 | vlncc-sns: Serverless Error ----------------------------------------
392 | vlncc-sns:
393 | vlncc-sns: An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied.
394 | vlncc-sns:
395 | vlncc-sns: Get Support --------------------------------------------
396 | vlncc-sns: Docs: docs.serverless.com
397 | vlncc-sns: Bugs: github.com/serverless/serverless/issues
398 | vlncc-sns: Issues: forum.serverless.com
399 | vlncc-sns:
400 | vlncc-sns: Your Environment information ---------------------------
401 | vlncc-sns: Operating System: linux
402 | vlncc-sns: Node Version: 12.19.1
403 | vlncc-sns: Framework Version: 2.29.0
404 | vlncc-sns: Plugin Version: 4.5.0
405 | vlncc-sns: SDK Version: n/a
406 | vlncc-sns: Components Version: 3.7.3
407 | vlncc-sns:
408 | vlncc-sns: npm ERR! code 1
409 | vlncc-sns: npm ERR! path /codebuild/output/src181728188/src/resources/sns
410 | vlncc-sns: npm ERR! command Failed
411 | vlncc-sns: npm ERR! command sh -c sls deploy -v
412 | vlncc-sns: npm ERR! A complete log of this run can be found in:
413 | vlncc-sns: npm ERR! /root/.npm/_logs/2021-03-16T01_19_15_364Z-debug.log
414 | lerna ERR! npm run deploy exited 1 in 'vlncc-sns'
415 | lerna WARN complete Waiting for 2 child processes to exit. CTRL-C to exit immediately.
416 | npm ERR! code 1
417 | npm ERR! path /codebuild/output/src181728188/src
418 | npm ERR! command Failed
419 | npm ERR! command sh -c lerna run deploy --stream
420 |
421 | npm ERR! A complete log of this run can be found in:
422 | npm ERR! /root/.npm/_logs/2021-03-16T01_19_15_414Z-debug.log
423 |
424 | [Container] 2021/03/16 01:19:15 Command did not exit successfully bash ${CODEBUILD_SRC_DIR}/scripts/deploy.sh exit status 1
425 | [Container] 2021/03/16 01:19:15 Phase complete: BUILD State: Failed
426 | [Container] 2021/03/16 01:19:15 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: bash ${CODEBUILD_SRC_DIR}/scripts/deploy.sh. Reason: exit status 1
427 | [Container] 2021/03/16 01:19:15 Entering phase POST_BUILD
428 | [Container] 2021/03/16 01:19:15 Phase complete: POST_BUILD State: SUCCEEDED
429 | [Container] 2021/03/16 01:19:15 Phase context status code: Message:
这是为什么?我该如何解决?
解决方法
应将 S3 权限添加到您的 CodeBuild (CB) 项目角色,而不是 CodePipeline (CP) 角色。原因是CB容器是实际尝试访问S3的实体,而不是CP。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。