Home > Software engineering >  AWS CloudFormation Getting 403 When Accessing S3
AWS CloudFormation Getting 403 When Accessing S3

Time:10-19

We have a CodePipeline process set up, and all stages work except the CodeDeploy stage.

Our pipeline stage is as follows:

  • GenerateChangeSet for CloudFormation
  • ExecuteChangeSet for CloudFormation
  • Deploy for CodeDeploy

These stages were set up and configured by CodeStar.

Our GenerateChangeSet stage tries to access s3 to get our BuildArtifact, but fails with the following error:

Action execution failed
Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 40P7HSHQGWXSRA72; S3 Extended Request ID: I6hiCC7xx YmnQMLfUnMzZziLDz/5b8uJWzOqWNZwSiVRCS14Q6UyVfss6q80teO5MAGuR9Xft4=; Proxy: null)

This suggests that CloudFormation cannot access s3, but I've checked and rechecked the policy that it uses and it definitely has the correct permissions for accessing s3.

I'm not quite sure why this error is happening, given that the role policy does indeed have access to s3. I even went with the nuclear option of granting this role full control over s3 (with a view to reverting once I solved the issue), but to no avail, the error still occurs.

Has anyone encountered this before? Anyone know why it might be happening?

CodePudding user response:

I discovered the issue. The CloudFormation template file (template.yml and template-configuration.yml) was reading the one from the repo, but that had been removed at some point prior, so I was getting access denied errors from that resource.

I wish the error message was more explicit, it would have saved hours.

Page link:https//www.codepudding.com/Softwareengineering/157692.html

Prev:How can I update a lifecycle configuration with a filter based on both prefix and multiple tags in R
Next:Upgrading S3Client to S3AsyncClient how to get Publisher<ByteBuffer>?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding