I am using CodeBuild with
- Image: aws/codebuild/nodejs:7.0.0
- service role: code-buid-some-service-role
In my buildspec the following command runs
aws s3 sync ./webroot s3://s3-us-west-2.amazonaws.com/some-amazing-s3-bucket/test
This is the bucket policy:
{
"Version": "2012-10-17",
"Id": "Policy1502332584348",
"Statement": [
{
"Sid": "Stmt1502332580996",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789:role/service-role/code-buid-some-service-role"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::some-amazing-s3-bucket/*",
"arn:aws:s3:::some-amazing-s3-bucket"
]
}
]
}
Code build is failing with this:
[Container] 2017/08/10 02:41:16 Running command aws s3 sync ./webroot s3://s3-us-west-2.amazonaws.com/some-amazing-s3-bucket/test
fatal error: An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied
What am I missing? I have the bucket policy wide open while testing this and it's still failing.
Best Answer
Adding the following to the CodeBuild generated role worked for me: