By using AWS re:Post, you agree to the Terms of Use
/AWS CodeCommit/

Questions tagged with AWS CodeCommit

Sort by most recent
  • 1
  • 90 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

CDK Stck Failed to publish one or more assets Access Denied

Hi All, In My BuildProject/BuildSpec (in my STG Account), I run this command : - cdk deploy --require-approval never it gives me this error : ``` myStack: deploying... [0%] start: Publishing e988sdsf934da0d45effe675sdscb946f3e1sds68:current [0%] check: Check s3://cdk-hnb65dds-assets-xxxxxxxx-cregion/assets/e9882ab1236873df4sdfeffe67sdfc8ce13bsdff3e1d6sdf8d68.zip Call failed: listObjectsV2({"Bucket":"cdk-hnsd59fds-assets-xxxxxxxx-region","Prefix":"assets/e98ssdfsd87dsffsdffdsfcc8sdsdfdd6141fsdd68.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [33%] fail: Access Denied [33%] start: Publishing c24b999656e4fe6c609c31dfadffbcdfdfc2c86df:current [33%] check: Check s3://cdk-hnb659fds-assets-xxxxxxxx-cregion/assets/c24b999656e4fe6c609c31dfadffbcdfdfc2c86df.zip Call failed: listObjectsV2({"Bucket":"cdk-hnb659fds-assets-xxxxxxxx-cregion","Prefix":"assets/c24b999656e4fe6c609c31dfadffbcdfdfc2c86df.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [66%] fail: Access Denied [66%] start: Publishing werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer:current [66%] check: Check s3://cdk-hnb659fds-assets-xxxxxxxx-cregion/assets/werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer.zip Call failed: listObjectsV2({"Bucket":"cdk-hnb659fds-assets-xxxxxxxx-cregion","Prefix":"assets/werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [100%] fail: Access Denied ❌ myStack failed: Error: Failed to publish one or more assets. See the error messages above for more information. at publishAssets (/usr/local/lib/node_modules/aws-cdk/lib/util/asset-publishing.ts:27:11) ``` How can I give CDK stack running from BuildSpec permission to publish assets? I already added this policy to my codeBuild service role, but still same issue : ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject*", "s3:PutObject", "s3:PutObjectAcl", "s3:getBucketLocation" ], "Resource": [ "arn:aws:s3:::cdk*" ] } ] } ``` also had this error : ``` ser: arn:aws:sts::xxxxxx:assumed-role/codebuild-mybp-service-role/AWSCodeBuild-d1acsd11-4sad7-9sada6834ffsadbs is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:region:xxxxxxxx:function:myStack-CustomCDKBucketDeployment-l5dzxcszxA7assa because no identity-based policy allows the lambda:InvokeFunction action (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: eedf2-03dfdf3-4ddsfd7-bfdg7-2dfsdff5c2dfgd0; Proxy: null) ``` not sure which lamda he wants to invoke here and why? what are the right permissions for this Thank you!!
2
answers
0
votes
7
views
Jess
asked 2 months ago

Codedeploy to server farm - high level understanding and confirmation

Morning all, I want to confirm I am on the right track and just logically trying to put things in order. I have a group of servers that are quite static (no need for autoscaling). It's a java app, and Beanstalk doesn't support the app. So right now the developer is going to each server via custom ports to undeploy and deploy new apps. The farm has grown and its time consuming. Some of the reading is a bit confusing, so for a quick high level, I had these questions/help items. Using the left side nav from codecommit, **Under Source** - its always just one file (a .war file). so regardless, I believe I will need to use either GIT/CodeCommit and can't just have the developer upload a file to an S3 bucket right? That would enable the version control, revert, etc. **Under Deploy** - Applications - I have created the application, service role, type and configuration (by key/value). Also have the enable load balancing checked with a test group (one server right now). I don't think I really need to worry about the artifacts or the build, all I want is for the developer to finish his WAR file, commit. So not sure what is the magic that after I he commits, it takes that code, then push's to the servers. The agent is installed and just not sure if I need a pipeline setup, or there is something between the deploy and the agent and a simple answer here may prove much faster than other resources. So thank you again for the feedback and/or suggestions if there is a better way but think once setup this really is quite simple.
2
answers
0
votes
3
views
lraymond
asked 4 months ago

How to perform CodePipeline ECS deployment based on Git tag

Hi fellow AWS humans, I am running an ECS application that is automatically built and deployed using CodeCommit, CodePipeline, and ECR. The infratructure is managed with Terraform. My setup is fairly comparable to this tutorial here: https://devops-ecs-fargate.workshop.aws/en/1-introduction.html The current ci/cd workflow is as follows: 1. Git push to CodeCommit repo main branch 2. CodePipeline builds a container Image and pushes it to the ECR registry 3. Deploy the most recently built container to ECS and update the service This is fine for very simple setups and I'm ok doing trunk based development (which, according to this blog post, is the suggested way when working with CodePipeline: https://aws.amazon.com/blogs/devops/multi-branch-codepipeline-strategy-with-event-driven-architecture/). However, **I don't want the most recent build to be pushed *straight to production***. What I' like to achieve is a 2-step ci/cd process (2 pipelines, 2 separate target environments): 1. Git push to CodeCommit repo main branch 2. CodePipeline builds a container Image and pushes it to the ECR registry 3. The most recently built container is deployed in the ECS **dev environment** 4. Tagging a specific commit (using **git tag**) will trigger a separate CodePipeline 5. The pipeline triggered in step 4 deploys the associated container to the **production environment** It seems that the only way to use CodePipeline's built-in features for deployment is by specifying a fixed branch name from which all vcs commits will trigger a new build/deployment - I see no way of specifying a git tag (and no way of specifying any wildcards either). This blog post (https://aws.amazon.com/blogs/devops/adding-custom-logic-to-aws-codepipeline-with-aws-lambda-and-amazon-cloudwatch-events/) suggests that there are ways to circumvent this shortcoming by using a Lambda and CloudWatch Events. My questions are: - is there any way to achieve the illustrated ci/cd setup with AWS CodePipeline? - if it is possible: What would be a best practice to implement this? Thanks for any pointers and your help! Kind regards and big thanks, Maik
2
answers
0
votes
13
views
maik
asked 5 months ago
  • 1
  • 90 / page