AWS CodeBuild script fails s3 sync with AccessDenied

I am using CodeBuild with

Image: aws/codebuild/nodejs:7.0.0
service role: code-buid-some-service-role

In my buildspec the following command runs

aws s3 sync ./webroot s3://s3-us-west-2.amazonaws.com/some-amazing-s3-bucket/test

This is the bucket policy:

{
    "Version": "2012-10-17",
    "Id": "Policy1502332584348",
    "Statement": [
        {
            "Sid": "Stmt1502332580996",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789:role/service-role/code-buid-some-service-role"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::some-amazing-s3-bucket/*",
                "arn:aws:s3:::some-amazing-s3-bucket"
            ]
        }
    ]
}

Code build is failing with this:

[Container] 2017/08/10 02:41:16 Running command aws s3 sync ./webroot s3://s3-us-west-2.amazonaws.com/some-amazing-s3-bucket/test
fatal error: An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

What am I missing? I have the bucket policy wide open while testing this and it's still failing.

{ "Effect": "Allow", "Resource": [ "arn:aws:s3:::mytestbucket", "arn:aws:s3:::mytestbucket/*" ], "Action": [ "s3:PutObject", "s3:Get*", "s3:List*" ] }

AWS CodeBuild script fails s3 sync with AccessDenied

Best Answer

Related Topic

Best Answer

Related Solutions

AWS – Status check fails when loading AMI created from snapshot

AWS RDS CLI: AccessDenied on CreateDBSnapshot

Related Topic