Shaun
Shaun

Reputation: 471

Failed AWS CodeBuild when running the aws s3 cp --recursive command

Can someone please help me figure out why my CodeBuild is failing? I am getting the following error in the log:

[Container] 2021/03/29 23:13:38 Command did not exit successfully aws s3 cp --recursive --acl public-read ./build s3://cloud-nova-s3-dev02/public/ exit status 1
[Container] 2021/03/29 23:13:38 Phase complete: POST_BUILD State: FAILED
[Container] 2021/03/29 23:13:38 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: aws s3 cp --recursive --acl public-read ./build s3://cloud-nova-s3-dev02/public/. Reason: exit status 1
[Container] 2021/03/29 23:13:38 Expanding base directory path: build
[Container] 2021/03/29 23:13:38 Assembling file list
[Container] 2021/03/29 23:13:38 Expanding build
[Container] 2021/03/29 23:13:38 Expanding file paths for base directory build
[Container] 2021/03/29 23:13:38 Assembling file list
[Container] 2021/03/29 23:13:38 Expanding **/*
[Container] 2021/03/29 23:13:38 Found 19 file(s)
[Container] 2021/03/29 23:13:38 Phase complete: UPLOAD_ARTIFACTS State: SUCCEEDED
[Container] 2021/03/29 23:13:38 Phase context status code:  Message:

This is what my S3 bucket policy looks like:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::cloud-nova-s3-dev02/*",
                "arn:aws:s3:::cloud-nova-s3-dev02"
            ]
        }
    ]
}

Here's an example of my buildspec.yml file:

version: 0.1
phases:
  pre_build:
    commands:
      - echo Installing source NPM dependencies...
      - npm install
  build:
    commands:
      - echo Build started on `date`
      - npm run build
  post_build:
    commands:
      # copy the contents of /build to S3
      - aws s3 cp --recursive --acl public-read ./build s3://cloud-nova-s3-dev02/public/
artifacts:
  files:
    - '**/*'
  base-directory: build

Upvotes: 3

Views: 2303

Answers (1)

Marcin
Marcin

Reputation: 239000

Your bucket policy allows only for s3:GetObject, which is for downloading objects from it. However, in your CodeBuild (CB), you are trying to upload the objects to it. So this fails.

To rectify the issue, you can add inline policy to your CB execution role which allows CB to upload objects. For example,

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::cloud-nova-s3-dev02/*"
        }
    ]
}

Upvotes: 4

Related Questions