aws codebuild UPLOAD_ARTIFACTS - CLIENT_ERROR: Error uploading artifacts: AccessDenied: Access Denied status code: 403

Question

I am using aws codebuild, where my source is "codecommit" and trying to upload artifact to S3. But getting below exception.

UPLOAD_ARTIFACTS - CLIENT_ERROR: Error uploading artifacts: AccessDenied: Access Denied status code: 403, request id: D420E19EA87D4CD4, host id: i4ELejOSIy/9QeIATzgJNd8ZjpkCGu+dzkvQ/juHFSF2g6+2uEMgG+ljwYzcW51Oq60peeEQhmE=

Followed this article - https://docs.aws.amazon.com/codebuild/latest/userguide/getting-started.html

Can some one help?

Answer 1

The IAM Role for the CodeBuild project is missing one or more of the necessary "kms" permissions for encrypting or un-encrypting encrypted artifacts.

Answer 2

I don't know if this is still active but apparently the problem isn't on s3 side and it's just a bad error.

The problem comes while codebuild trying to encrypt the artifacts and upload them to s3.

What solved my problem was to create a KMS key and in the encryption process you specify that key

Answer 3

It looks to be S3 Bucket access issue. You need to check below things to make this working :

1. Your bucket is in the same region where your codebuild is running.
2. Your bucket has a policy which allows codebuild to upload the objects.
3. Your CodeCommit, CodeBuild has IAM role (Policy) attached to it which has access to S3 bucket.

CodeCommit put the code into S3 bucket, Codebuild gets it from there and build it for you then put it back into S3 bucket and then at last CodeDeploy gets it from there and do the deployment. This is the complete process of Pipeline in AWS.

So in this whole process, there are multiple times when your AWS Services are talking to S3 and to make sure it goes smooth, check you bucket policy, IAM roles for every service and make sure they are able to get and put the content.