Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 出现错误:ServerlessDeploymentBucket-API:s3:CreateBucket访问被拒绝

Amazon web services 出现错误:ServerlessDeploymentBucket-API:s3:CreateBucket访问被拒绝

amazon-web-services

Amazon web services 出现错误:ServerlessDeploymentBucket-API:s3:CreateBucket访问被拒绝,amazon-web-services,serverless-framework,aws-cdk,aws-codepipeline,aws-codebuild,Amazon Web Services,Serverless Framework,Aws Cdk,Aws Codepipeline,Aws Codebuild,在从基于CDK的CI-CD管道运行管道时,假定管道具有通过角色所需的权限,则不会在参数中传递配置文件 我正在使用来自 My deployment-role.yml文件的策略如下所示: DeploymentPolicy: Type: AWS::IAM::Policy Properties: PolicyName: deployment-policy PolicyDocument: Version: 2012-10-17 Sta

在从基于CDK的CI-CD管道运行管道时,假定管道具有通过角色所需的权限,则不会在参数中传递配置文件

我正在使用来自

My deployment-role.yml文件的策略如下所示:

DeploymentPolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: deployment-policy
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - 'cloudformation:*'
              - 'iam:*'
              - 'lambda:*'
              - 'ecs:*'
              - 'ecr:*'
              - 'logs:*'
              - 'ssm:*'
              - 'acm:*'
              - 'apigateway:*'
              - 'application-autoscaling:*'
              - 'autoscaling:*'
              - 'cloudfront:*'
              - 'cloudwatch:*'
              - 'elasticache:*'
              - 'elasticloadbalancing:*'
              - 'events:*'
              - 'route53:*'
              - 'sns:*'
              - 'sqs:*'
              - 's3:*'
              - 'dynamodb:*'
              - 'xray:*'
              - 'cognito-idp:*'
            Resource: '*'
      Roles:
        - !Ref DeploymentRole
        -
鉴于策略具有对s3的完全访问权限,我希望部署能够完成,但部署失败,并显示以下错误消息:

lerna notice cli v4.0.0

326 | lerna info ci enabled
327 | lerna info Executing command in 4 packages: "npm run deploy"
328 | vlncc-sns: > vlncc-sns@0.1.0 deploy
329 | vlncc-sns: > sls deploy -v
330 | tenant-mgmt-service: > tenant-mgmt-service@0.1.0 deploy
331 | tenant-mgmt-service: > sls deploy -v
332 | vlncc-sns: Serverless: Deprecation warning: Variables resolver reports following resolution errors:
333 | vlncc-sns:               - Cannot resolve variable at "provider.profile": Value not found at "opt" source
334 | vlncc-sns:             From a next major it we will be communicated with a thrown error.
335 | vlncc-sns:             Set "variablesResolutionMode: 20210219" in your service config, to adapt to this behavior now
336 | vlncc-sns:             More Info: https://www.serverless.com/framework/docs/deprecations/#NEW_VARIABLES_RESOLVER
337 | tenant-mgmt-service: Serverless: Deprecation warning: Variables resolver reports following resolution errors:
338 | tenant-mgmt-service:               - Cannot resolve variable at "provider.profile": Value not found at "opt" source,
339 | tenant-mgmt-service:               - Cannot resolve variable at "provider.iamRoleStatements.0": Cannot load file from outside of service folder
340 | tenant-mgmt-service:             From a next major it we will be communicated with a thrown error.
341 | tenant-mgmt-service:             Set "variablesResolutionMode: 20210219" in your service config, to adapt to this behavior now
342 | tenant-mgmt-service:             More Info: https://www.serverless.com/framework/docs/deprecations/#NEW_VARIABLES_RESOLVER
343 | vlncc-sns:
344 | vlncc-sns:  Serverless Warning --------------------------------------
345 | vlncc-sns:
346 | vlncc-sns:   A valid option to satisfy the declaration 'opt:profile' could not be found.
347 | vlncc-sns:
348 | vlncc-sns: Serverless: Packaging service...
349 | vlncc-sns: Serverless: Creating Stack...
350 | tenant-mgmt-service:
351 | tenant-mgmt-service:  Serverless Warning --------------------------------------
352 | tenant-mgmt-service:
353 | tenant-mgmt-service:   A valid option to satisfy the declaration 'opt:profile' could not be found.
354 | tenant-mgmt-service:
355 | vlncc-sns: Serverless: Checking Stack create progress...
356 | tenant-mgmt-service: Serverless: Configuration warning at 'functions.getPool.events[0].http': unrecognized property 'documentation'
357 | tenant-mgmt-service: Serverless:
358 | tenant-mgmt-service: Serverless: Learn more about configuration validation here: http://slss.io/configuration-validation
359 | tenant-mgmt-service: Serverless:
360 | tenant-mgmt-service: Serverless: Deprecation warning: Starting with version 3.0.0, following property will be replaced:
361 | tenant-mgmt-service:               "provider.iamRoleStatements" -> "provider.iam.role.statements"
362 | tenant-mgmt-service:             More Info: https://www.serverless.com/framework/docs/deprecations/#PROVIDER_IAM_SETTINGS
363 | tenant-mgmt-service: Serverless: Deprecation warning: Resolution of lambda version hashes was improved with better algorithm, which will be used in next major release.
364 | tenant-mgmt-service:             Switch to it now by setting "provider.lambdaHashingVersion" to "20201221"
365 | tenant-mgmt-service:             More Info: https://www.serverless.com/framework/docs/deprecations/#LAMBDA_HASHING_VERSION_V2
366 | tenant-mgmt-service: Serverless: Using configuration:
367 | tenant-mgmt-service: {
368 | tenant-mgmt-service:   "packager": "npm",
369 | tenant-mgmt-service:   "packagerOptions": {},
370 | tenant-mgmt-service:   "webpackConfig": "../../node_modules/serverless-bundle/src/webpack.config.js",
371 | tenant-mgmt-service:   "includeModules": {
372 | tenant-mgmt-service:     "forceExclude": [
373 | tenant-mgmt-service:       "aws-sdk"
374 | tenant-mgmt-service:     ],
375 | tenant-mgmt-service:     "forceInclude": null,
376 | tenant-mgmt-service:     "packagePath": "package.json"
377 | tenant-mgmt-service:   },
378 | tenant-mgmt-service:   "keepOutputDirectory": false
379 | tenant-mgmt-service: }
380 | tenant-mgmt-service: Serverless: Removing /codebuild/output/src181728188/src/services/tenant-mgmt-service/.webpack
381 | tenant-mgmt-service: Serverless: Bundling with Webpack...
382 | vlncc-sns: CloudFormation - CREATE_IN_PROGRESS - AWS::CloudFormation::Stack - vlncc-sns-sandbox
383 | vlncc-sns: CloudFormation - CREATE_IN_PROGRESS - AWS::S3::Bucket - ServerlessDeploymentBucket
384 | vlncc-sns: CloudFormation - CREATE_FAILED - AWS::S3::Bucket - ServerlessDeploymentBucket
385 | vlncc-sns: CloudFormation - DELETE_IN_PROGRESS - AWS::CloudFormation::Stack - vlncc-sns-sandbox
386 | vlncc-sns: CloudFormation - DELETE_COMPLETE - AWS::S3::Bucket - ServerlessDeploymentBucket
387 | vlncc-sns: CloudFormation - DELETE_COMPLETE - AWS::CloudFormation::Stack - vlncc-sns-sandbox
388 | vlncc-sns: Serverless: Operation failed!
389 | vlncc-sns: Serverless: View the full error output: https://us-west-2.console.aws.amazon.com/cloudformation/home?region=us-west-2#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aus-west-2%3A074808352032%3Astack%2Fvlncc-sns-sandbox%2F99468730-85f5-11eb-9aea-069c3947cedb
390 | vlncc-sns:
391 | vlncc-sns:  Serverless Error ----------------------------------------
392 | vlncc-sns:
393 | vlncc-sns:   An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied.
394 | vlncc-sns:
395 | vlncc-sns:   Get Support --------------------------------------------
396 | vlncc-sns:      Docs:          docs.serverless.com
397 | vlncc-sns:      Bugs:          github.com/serverless/serverless/issues
398 | vlncc-sns:      Issues:        forum.serverless.com
399 | vlncc-sns:
400 | vlncc-sns:   Your Environment Information ---------------------------
401 | vlncc-sns:      Operating System:          linux
402 | vlncc-sns:      Node Version:              12.19.1
403 | vlncc-sns:      Framework Version:         2.29.0
404 | vlncc-sns:      Plugin Version:            4.5.0
405 | vlncc-sns:      SDK Version:               n/a
406 | vlncc-sns:      Components Version:        3.7.3
407 | vlncc-sns:
408 | vlncc-sns: npm ERR! code 1
409 | vlncc-sns: npm ERR! path /codebuild/output/src181728188/src/resources/sns
410 | vlncc-sns: npm ERR! command failed
411 | vlncc-sns: npm ERR! command sh -c sls deploy -v
412 | vlncc-sns: npm ERR! A complete log of this run can be found in:
413 | vlncc-sns: npm ERR!     /root/.npm/_logs/2021-03-16T01_19_15_364Z-debug.log
414 | lerna ERR! npm run deploy exited 1 in 'vlncc-sns'
415 | lerna WARN complete Waiting for 2 child processes to exit. CTRL-C to exit immediately.
416 | npm ERR! code 1
417 | npm ERR! path /codebuild/output/src181728188/src
418 | npm ERR! command failed
419 | npm ERR! command sh -c  lerna run deploy --stream
420 |  
421 | npm ERR! A complete log of this run can be found in:
422 | npm ERR!     /root/.npm/_logs/2021-03-16T01_19_15_414Z-debug.log
423 |  
424 | [Container] 2021/03/16 01:19:15 Command did not exit successfully bash ${CODEBUILD_SRC_DIR}/scripts/deploy.sh exit status 1
425 | [Container] 2021/03/16 01:19:15 Phase complete: BUILD State: FAILED
426 | [Container] 2021/03/16 01:19:15 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: bash ${CODEBUILD_SRC_DIR}/scripts/deploy.sh. Reason: exit status 1
427 | [Container] 2021/03/16 01:19:15 Entering phase POST_BUILD
428 | [Container] 2021/03/16 01:19:15 Phase complete: POST_BUILD State: SUCCEEDED
429 | [Container] 2021/03/16 01:19:15 Phase context status code:  Message:
为什么呢?如何修复它?

应该将S3权限添加到您的代码构建(CB)项目角色中,而不是添加到代码管道(CP)角色中。原因是CB容器是实际尝试访问S3的实体,而不是CP。

感谢您的回复。我编辑了yml文件,但没有部署需要手动完成的堆栈。@SKhurana没问题。很高兴它成功了:-)