0

尝试将 codedeploy 与 codeship 一起使用时,我感到很头疼,并且

Codeship 文档不是很清楚。我有一个从 codeship 构建的示例代码。

我有:

  1. EC2 服务器实例

  2. 具有部署组的 CodeDeploy 应用程序:TestDeploymentGroup 此组与 EC2 服务器相关,并且具有 arn:aws:iam::514211081162:role/CodeDeploy

  3. 具有访问密钥 ID 和秘密访问密钥的用户:

4- 带有策略的 S3 存储桶

 {
 "Version": "2012-10-17",
 "Statement": [
    {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::514211081162:role/CodeDeploy"
        },
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::myapp/*"
    }
]
}

IAM 政策:

代码部署策略

arn:aws:iam::514211081162:policy/CodeDeployPolicy

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "codedeploy:RegisterApplicationRevision",
            "codedeploy:GetApplicationRevision"
        ],
        "Resource": [
            "*"
        ]
    },
    {
        "Effect": "Allow",
        "Action": [
            "codedeploy:CreateDeployment",
            "codedeploy:GetDeployment"
        ],
        "Resource": [
            "*"
        ]
    },
    {
        "Effect": "Allow",
        "Action": [
            "codedeploy:GetDeploymentConfig"
        ],
        "Resource": [
            "*"
        ]
    }
]
}

此策略有一个附加实体:角色:CodeDeploy

arn:aws:iam::514211081162:role/CodeDeploy

arn:aws:iam::514211081162:instance-profile/CodeDeploy

角色 CodeDeploy 附加了 CodeDeployPolicy(在此处定义)。他有信任关系

{
"Version": "2012-10-17",
"Statement": [
{
  "Sid": "",
  "Effect": "Allow",
  "Principal": {
    "Service": [
      "codedeploy.us-east-1.amazonaws.com",
      "codedeploy.us-west-2.amazonaws.com"
    ]
  },
  "Action": "sts:AssumeRole"
}
]
}

当我尝试部署时,我得到:

upload failed: ../../../../../../tmp/AWSCODEDEPLOY_deployment_8dbb2cbc72a5db1e2e15368cbe97e0b5fcdf987e.zip to s3://aws-codedeploy-us-west-2/myapp/AWSCODEDEPLOY_deployment_8dbb2cbc72a5db1e2e15368cbe97e0b5fcdf987e.zip
A client error (AccessDenied) occurred when calling the    CreateMultipartUpload operation: Access Denied

我知道这是一个权限问题,但老实说,这对我来说参数太多了,我完全迷失了......

4

1 回答 1

0

您确定目标存储桶是正确的吗?

我很难相信s3://aws-codedeploy-us-west-2/(从错误中)是你的。也不s3://myapp是(来自存储桶策略),尽管我认为这可能是您的示例名称。

于 2015-11-12T00:55:07.973 回答