For some reason I can't transfer my Firebase configuration JSON to my EB environment during my CodePipeline run.

This is in my .ebextensions/firebase.conf file

Resources:
  AWSEBAutoScalingGroup:
    Metadata:
      AWS::CloudFormation::Authentication:
        S3Auth:
          type: "s3"
          buckets: ["*bucket-name*"]
          roleName:
            "Fn::GetOptionSetting":
              Namespace: "aws:autoscaling:launchconfiguration"
              OptionName: "IamInstanceProfile"
              DefaultValue: "aws-elasticbeanstalk-ec2-role"

files:
    "/tmp/fbsecuritykey.js":
        mode: "000400"
        owner: root
        group: root
        authentication: "S3Auth"
        source: https://*bucket-name*.s3.us-west-1.amazonaws.com/fbsecuritykey.js

container_commands:
  file_transfer_1:
    command: "mv /tmp/fbsecuritykey.js /var/app/current"

I've tried a bunch of stuff. With the container_commands and without and nothing seems to work.

I've italicised the bucket name intentionally btw :) It's correct in my configuration.

The pipeline shows no errors during the run.

Any help is appreciated.Thanks.

CodePudding user response：

Your S3 bucket needs to allow access by the aws-elasticbeanstalk-ec2-role. You can either use the default Elastic Beanstalk bucket that is generated for your region, since those permissions exist already on that bucket, or you can use a custom bucket, but you will have to add permissions for the Elastic Beanstalk ec2 role to access your custom bucket.

If you want to use your custom bucket, then under Bucket Permissions, add a Bucket Policy that looks something like:

{
  "Version": "2012-10-17",
  "Id": "Policy12345",
  "Statement": [
      {
          "Sid": "Stmt12345",
          "Effect": "Allow",
          "Principal": {
              "AWS": "arn:aws:iam::YOUR_ACCOUNT_NUMBER:role/aws-elasticbeanstalk-ec2-role"
          },
          "Action": "s3:*",
          "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
      }
  ]
}