Questions tagged with AWS CodeCommit

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

CDK Stck Failed to publish one or more assets Access Denied

Hi All, In My BuildProject/BuildSpec (in my STG Account), I run this command : - cdk deploy --require-approval never it gives me this error : ``` myStack: deploying... [0%] start: Publishing e988sdsf934da0d45effe675sdscb946f3e1sds68:current [0%] check: Check s3://cdk-hnb65dds-assets-xxxxxxxx-cregion/assets/e9882ab1236873df4sdfeffe67sdfc8ce13bsdff3e1d6sdf8d68.zip Call failed: listObjectsV2({"Bucket":"cdk-hnsd59fds-assets-xxxxxxxx-region","Prefix":"assets/e98ssdfsd87dsffsdffdsfcc8sdsdfdd6141fsdd68.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [33%] fail: Access Denied [33%] start: Publishing c24b999656e4fe6c609c31dfadffbcdfdfc2c86df:current [33%] check: Check s3://cdk-hnb659fds-assets-xxxxxxxx-cregion/assets/c24b999656e4fe6c609c31dfadffbcdfdfc2c86df.zip Call failed: listObjectsV2({"Bucket":"cdk-hnb659fds-assets-xxxxxxxx-cregion","Prefix":"assets/c24b999656e4fe6c609c31dfadffbcdfdfc2c86df.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [66%] fail: Access Denied [66%] start: Publishing werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer:current [66%] check: Check s3://cdk-hnb659fds-assets-xxxxxxxx-cregion/assets/werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer.zip Call failed: listObjectsV2({"Bucket":"cdk-hnb659fds-assets-xxxxxxxx-cregion","Prefix":"assets/werer56e4fe6c609c3ewrd17a4d9c3afwr6b8c2wer.zip","MaxKeys":1}) => Access Denied (code=AccessDenied) [100%] fail: Access Denied ❌ myStack failed: Error: Failed to publish one or more assets. See the error messages above for more information. at publishAssets (/usr/local/lib/node_modules/aws-cdk/lib/util/asset-publishing.ts:27:11) ``` How can I give CDK stack running from BuildSpec permission to publish assets? I already added this policy to my codeBuild service role, but still same issue : ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject*", "s3:PutObject", "s3:PutObjectAcl", "s3:getBucketLocation" ], "Resource": [ "arn:aws:s3:::cdk*" ] } ] } ``` also had this error : ``` ser: arn:aws:sts::xxxxxx:assumed-role/codebuild-mybp-service-role/AWSCodeBuild-d1acsd11-4sad7-9sada6834ffsadbs is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:region:xxxxxxxx:function:myStack-CustomCDKBucketDeployment-l5dzxcszxA7assa because no identity-based policy allows the lambda:InvokeFunction action (Service: AWSLambda; Status Code: 403; Error Code: AccessDeniedException; Request ID: eedf2-03dfdf3-4ddsfd7-bfdg7-2dfsdff5c2dfgd0; Proxy: null) ``` not sure which lamda he wants to invoke here and why? what are the right permissions for this Thank you!!
2
answers
0
votes
1269
views
Jess
asked 9 months ago