0

I have created a working CodePipeline for my AWS SAM application. It is using only Source and Build phases with the following buildspec.yaml file

version: 0.2
phases:
  install:
    runtime-versions:
      python: 3.7
    commands:
      - pip install --user aws-sam-cli
      - USER_BASE_PATH=$(python -m site --user-base)
      - export PATH=$PATH:$USER_BASE_PATH/bin
  build:
    commands:
      - sam build
  post_build:
    commands:
      sam package --s3-bucket deploy-bucket --output-template-file deployment.yaml
    # finally:
    #   sam deploy --template-file deployment.yaml --stack-name MyStackSAM--region us-east-1 --capabilities CAPABILITY_IAM

As you can see I have commented out the last two lines as I want to move that action to a Deploy stage in CodePipeline

My Deploy step looks like this:

screensot

My CloudFormationPipelineServiceRole has full admin permission at this point, never the less, I'm still getting the following error as the result of executing this stage.

Action execution failed
Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: XXXXFFFFFXXXX; S3 Extended Request ID: XXXXFFFFFXXXXFFFFFXXXXX=)

I am stuck as to why I'm getting this error. Any help would be greatly appreciated.

Improve this question

1 Answer 1

Reset to default
2

First, sam package expects source template file that needs to be passed via --template-file flag. I don't see that template file anywhere in your code. Which template file are you trying to package?

Second, you are not uploading the necessary artifacts to the s3 bucket. The only thing that you are uploading is zipped code but as you can see from the command that you have commented out:

sam deploy --template-file deployment.yaml --stack-name MyStackSAM--region us-east-1 --capabilities CAPABILITY_IAM

you also need this file deployment.yaml but you didn't specify that in your code. There is no way for CodeBuild to guess which artifacts you want to preserve.

You will need to add additional artifacts section to the bottom of your buildspec file and specify those artifacts.

artifacts:
  type: zip
  files:
    - template.yaml             # (where do you have this file?)
    - outputtemplate.yaml       # (deployment.yaml in your case)

Note that the artifacts section needs to be on the same level as version and phases

version: 0.2
phases:
  ...
artifacts:
  ...
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Worked like a charm! To answer your question regarding template.yaml I believe that sam build defaults to this specific name if nothing is specified. So I ended up adding only deployment.yaml to files: section and that did the trick. Thanks again!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.