aws-maven s3 wagon running in codebuild is not using service role for s3 access

Question

I have the following aws codebuild project setup:

pom.xml:

    
        
             
                org.springframework.build
                aws-maven
                5.0.0.RELEASE
            
        
    

    
        
            aws-release
            AWS S3 Release Repository
        
        s3://somebucket/release
        
            true
        
        
            false

buildspec.yml:

version: 0.2
phases:
  install:
    commands:
      - echo Install started on `date`
    runtime-versions:
      java: corretto17
  pre_build:
    commands:
      - echo Starting pre_build
      - mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec -e

My codebuild service role has AmazonS3FullAccess attached to it.

Without specifying AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY as environment variables in code build I am getting below error:

[ERROR] Failed to execute goal on project my-app: Could not resolve dependencies for project com.my.path:my-app:jar:0.0.1-SNAPSHOT: Failed to collect dependencies at com.my-utils:my-utils:jar:2.1.0: Failed to read artifact descriptor for com.my-utils:my-utils:jar:2.1.0: The following artifacts could not be resolved: com.my-utils:my-utils:2.1.0 (absent): Could not transfer artifact com.my-utils:my-utils:pom:2.1.0 from/to aws-release (s3://somebucket/release): Unable to load AWS credentials from any provider in the chain -> [Help 1]

Is there a way to use the aws-maven s3 wagon in codebuild by using iam roles rather than providing credentials defined in AWS_ACCESS_KEY & AWS_SECRET_ACCESS_KEY?

AWS_ACCESS_KEY & AWS_SECRET_ACCESS_KEY can be compromised so easily and using roles is such a better concept...

aws-maven s3 wagon running in codebuild is not using service role for s3 access

Answers (0)

Related Questions