Codepipeline: Insufficient permissions Unable to access the artifact with Amazon S3 object key
Solution 1
I was able to find a solution. The true issue is that when the deployment provider is set as Amazon ECS, we need to generate an output artifact indicating the name of the task definition and the image uri, for example:
post_build:
commands:
- printf '[{"name":"your.task.definition.name","imageUri":"%s"}]' $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG > imagedefinitions.json
artifacts:
files: imagedefinitions.json
Solution 2
This happens when AWS CodeDeploy cannot find the build artifact from AWS CodeBuild. If you go into the S3 bucket and check the path you would actually see that the artifact object is NOT THERE!
Even though the error says about a permission issue. This can happen due the absent of the artifact object.
Solution: Properly configure artifacts section in buildspec.yml and configure AWS Codepipeline stages properly specifying input and output artifact names.
artifacts:
files:
- '**/*'
base-directory: base_dir
name: build-artifact-name
discard-paths: no
Refer this article - https://medium.com/@shanikae/insufficient-permissions-unable-to-access-the-artifact-with-amazon-s3-247f27e6cdc3
Related videos on Youtube
08 : 46
20 : 34
19 : 44
09 : 39
06 : 27
03 : 58
![[ AWS 17 ] CodePipeline demo using S3 & CodeDeploy](https://i.ytimg.com/vi/KCcoQ7GBra8/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLD1jL9EVUhj1L6cTy5dUGi-3y17qg)
25 : 54
07 : 15
Abraao Carmo
Updated on June 04, 2022Comments
-
Abraao Carmo almost 2 years
Hello I created a codepipeline project with the following configuration:
- Source Code in S3 pulled from Bitbucket.
- Build with CodeBuild, generating an docker image and storing it into a Amazon ECS repository.
- Deployment provider Amazon ECS.
All the process works ok until when it tries to deploy, for some reason I am getting the following error during deployment:
Insufficient permissions Unable to access the artifact with Amazon S3 object key 'FailedScanSubscriber/MyAppBuild/Wmu5kFy' located in the Amazon S3 artifact bucket 'codepipeline-us-west-2-913731893217'. The provided role does not have sufficient permissions.
During the building phase, it is even able to create a new docker image in the ECS repository.
I tried everything, changed IAM roles and policies, add full access to S3, I have even setted the S3 bucket as public, nothing worked. I am without options, if someone could help me that would be wonderful, I have poor experience with AWS, so any help is appreciated.
-
Tony over 3 yearsThanks... this is exactly the problem.
-
NiklasLehnfeld about 2 yearsThanks for that good hint. We are currently facing this issue and didn't notice that there is an additional field for the encryption key in the codebuild step. We thought it takes the encryption key set for the artifact Bucket.
