- 最新
- 最多得票
- 最多評論
Hi Peter,
The S3 access denied appears to be to the PipelineAsset bucket (ex: pipelinestack-pipelineartifactsbucketaea9a052-xxxxxxbb1c), but the executing role for the 'DeployAlpha' 'AppsyncCdkAppStack.Prepare' uses 'arn:aws:iam::xxxxxxxxxxxx:role/cdk-hnb659fds-cfn-exec-role-xxxxxxxxxxxxx-us-west-2'. Looking at the permissions for this role, I can see that it does not have GetObject access to the above pipeline asset bucket. As a test, manually and temporarily adding S3 GetObject permissions to the pipelinestack-pipelineartifactsbucket for this role will allow the pipeline to succeed.
Note that this sample uses an older CDK version and updating to the latest will change how to run this sample; the methods used in this sample are deprecated.
Sorry for the delay (getting caught up in other things). It's still not working. I even gave public access to the pipeline bucket but the same error is thrown
Peter
So I tracked down the deployment artefact in the bucket that was given the problem. I also gave public access to that and then it looks like the pipeline continues a bit further. However, next problem
"Failed to assume service-linked role ...aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync, please retry. (Service: AWSAppSync; Status Code: 403; Error Code: AccessDeniedException; Request ID: 26297786-44f1-4763-b38f-a0d27154b013; Proxy: null)" Seems to happen when trying to create the dynamodb table
To summarize. After upgrading to version aws-cdk libs version 1.138.0 (the latest 1.x for now) and some weird struggles with npm versions it eventually started working...which is nice What I don't understand is how people actually develop in such an environment. This (really small) build pipeline takes ~10 minutes or so and depending on what part one is developing for there is really no escape from running your code inside aws. A 10 minute tdd cycle does not make sense whatsoever, and then I have not thought through what it would mean to debug issues.
Any tips anyone?
相關內容
- 已提問 10 個月前
Hello, thanks for replying! I will test your proposal asap and provide feedback here.
Hi Peter, Just following up. Did my comments help unblock you?