Based on your error, the ZIP file is being created locally but failing to upload to S3. Here are the likely issues and solutions:

1. S3 Bucket Policy Issue Your S3 bucket may not have the correct permissions. Add a bucket policy that allows the necessary principals to upload objects:

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowCodeDeployUploads",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::YOUR_ACCOUNT_ID:role/YOUR_ROLE_NAME"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::codedeploy/artifacts/*"
}
]
}

2. IAM Role Permissions Ensure your IAM role/user has the required S3 permissions:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::codedeploy",
"arn:aws:s3:::codedeploy/*"
]
}
]
}

3. Fix the Shell Script Your script has formatting issues. Here's the corrected version:

#!/bin/bash
set -euo pipefail

# Configuration
APPLICATION_NAME="app"
DEPLOYMENT_GROUP_NAME="app"
S3_BUCKET="codedeploy"
AWS_REGION="us-east-1"
ZIP_NAME="app.zip"
S3_KEY="artifacts/${ZIP_NAME}"

# Create Deployment Bundle
echo "Creating deployment bundle..."
rm -f "${ZIP_NAME}"

zip -r "${ZIP_NAME}" \
appspec.yml \
deployment \
managers \
manager_utils \
-x "*.git*" \
-x "*__pycache__*" \
-x "*.pyc"

# Verify ZIP creation
if [ ! -f "${ZIP_NAME}" ]; then
echo "❌ ZIP file was not created"
exit 1
fi
echo "✅ ZIP file created: ${ZIP_NAME}"

# Upload to S3
echo "Uploading to S3: s3://${S3_BUCKET}/${S3_KEY}..."
aws s3 cp "${ZIP_NAME}" "s3://${S3_BUCKET}/${S3_KEY}" \
--region "${AWS_REGION}"

# Check upload status
if [ $? -ne 0 ]; then
echo "❌ S3 upload failed"
exit 1
fi

# Verify Upload
echo "Verifying S3 upload..."
if aws s3 ls "s3://${S3_BUCKET}/${S3_KEY}" --region "${AWS_REGION}" > /dev/null 2>&1; then
echo "✅ File successfully uploaded to S3: ${S3_KEY}"
else
echo "❌ File not found in S3: ${S3_KEY}"
exit 1
fi

# Trigger CodeDeploy Deployment
echo "Triggering CodeDeploy deployment..."
DEPLOYMENT_ID=$(aws deploy create-deployment \
--application-name "${APPLICATION_NAME}" \
--deployment-group-name "${DEPLOYMENT_GROUP_NAME}" \
--s3-location bucket="${S3_BUCKET}",key="${S3_KEY}",bundleType=zip \
--ignore-application-stop-failures \
--region "${AWS_REGION}" \
--query "deploymentId" \
--output text)

echo "✅ Deployment triggered: ${DEPLOYMENT_ID}"

# Monitor Deployment Status
echo "Monitoring deployment status..."
if aws deploy wait deployment-successful \
--deployment-id "${DEPLOYMENT_ID}" \
--region "${AWS_REGION}"; then
echo "✅ Deployment completed successfully"
else
echo "❌ Deployment failed"
exit 1
fi

4. CDK Code for S3 Bucket If you're using CDK, ensure your bucket is properly configured:

import * as s3 from 'aws-cdk-lib/aws-s3';
import * as iam from 'aws-cdk-lib/aws-iam';

const bucket = new s3.Bucket(this, 'CodeDeployBucket', {
bucketName: 'codedeploy',
versioned: true,
removalPolicy: cdk.RemovalPolicy.RETAIN,
});

// Grant permissions to your role
bucket.grantPut(yourRole);
bucket.grantRead(yourRole);

5. Debugging Steps Run these commands to diagnose the issue:

# Check if bucket exists
aws s3 ls s3://codedeploy --region us-east-1

# Check your AWS credentials
aws sts get-caller-identity

# Try manual upload with verbose output
aws s3 cp app.zip s3://codedeploy/artifacts/app.zip --region us-east-1 --debug

The most common cause is insufficient IAM permissions for S3 operations. Verify your IAM role has the necessary permissions and that the S3 bucket policy allows uploads from your principal.
Sources
Ingest CSV data to Amazon DynamoDB using AWS Lambda | AWS Database Blog