尝试将 codedeploy 与 codeship 一起使用时,我感到很头疼,并且
Codeship 文档不是很清楚。我有一个从 codeship 构建的示例代码。
我有:
EC2 服务器实例
具有部署组的 CodeDeploy 应用程序:TestDeploymentGroup 此组与 EC2 服务器相关,并且具有 arn:aws:iam::514211081162:role/CodeDeploy
具有访问密钥 ID 和秘密访问密钥的用户:
4- 带有策略的 S3 存储桶
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::514211081162:role/CodeDeploy"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::myapp/*"
}
]
}
IAM 政策:
代码部署策略
arn:aws:iam::514211081162:policy/CodeDeployPolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codedeploy:RegisterApplicationRevision",
"codedeploy:GetApplicationRevision"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"codedeploy:CreateDeployment",
"codedeploy:GetDeployment"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"codedeploy:GetDeploymentConfig"
],
"Resource": [
"*"
]
}
]
}
此策略有一个附加实体:角色:CodeDeploy
arn:aws:iam::514211081162:role/CodeDeploy
arn:aws:iam::514211081162:instance-profile/CodeDeploy
角色 CodeDeploy 附加了 CodeDeployPolicy(在此处定义)。他有信任关系
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.us-east-1.amazonaws.com",
"codedeploy.us-west-2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
当我尝试部署时,我得到:
upload failed: ../../../../../../tmp/AWSCODEDEPLOY_deployment_8dbb2cbc72a5db1e2e15368cbe97e0b5fcdf987e.zip to s3://aws-codedeploy-us-west-2/myapp/AWSCODEDEPLOY_deployment_8dbb2cbc72a5db1e2e15368cbe97e0b5fcdf987e.zip
A client error (AccessDenied) occurred when calling the CreateMultipartUpload operation: Access Denied
我知道这是一个权限问题,但老实说,这对我来说参数太多了,我完全迷失了......