I have a codepipeline with some codebuild stages. When stage 1 of codebuild project finished, I can't see the output build artifact. The source artifact is available on S3. Problem is with build output artifact.
Error:
When I click on it I see: The object "terraform/BuildArtif/XeLscuU" was not found
My setup:
- Codebuild runs on account A and assume a role from account B to deploy something to account B.
- Codepiline role has this S3 permissions:
"s3:*", "Resource": "*"
- Codebuild project role has this permission:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:DeleteObject",
"s3:PutObject",
"s3:Describe*",
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor0"
}
]
}
-
Role on account B which I assume in a buildspec has administrator access.
-
My codebuild is in VPC, cross account access via transit gateway.
-
S3 bucket has those permissions:
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::accountA:role/service-role/codepipelinerole",
"arn:aws:iam::accountB:role/adminrole",
"arn:aws:iam::accountA:role/service-role/codebuildprojectrole"
]
},
"Action": [
"s3:RestoreObject",
"s3:ReplicateObject",
"s3:PutObjectVersionTagging",
"s3:PutObjectTagging",
"s3:PutObjectAcl",
"s3:PutObject",
"s3:List*",
"s3:Get*"
],
"Resource": [
"arn:aws:s3:::codepipeline-eu-west-1-accountA/*",
"arn:aws:s3:::codepipeline-eu-west-1-accountA"