我需要传输我在 CodeBuild 中指定的变量,但出现此错误:
阶段上下文状态代码:解密变量
错误消息:AccessDeniedException:
用户:arn:aws:sts::<acc_id>:assumed-role/codebuild-image_builder-service-role/AWSCodeBuild-c892c6f5-ffba-48ec-a53f-35ddca9818a5 不是授权执行:ssm:GetParameters 资源:arn:aws:ssm:eu-west-1:<acc_id>:parameter/eu-west-1 因为没有基于身份的策略允许 ssm:GetParameters 操作
我的buildspec.yml文件:
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
- docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
- docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker image...
- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG