AWS Codebuild Plugin on jenkins not working #66
Comments
|
When you leave the AWS credentials in the configuration blank, the plugin will pick up credentials from the default credential provider chain. You should make sure your IAM role is somewhere in that chain. If you have a Jenkins pipeline, you can use the AWS steps plugin to provide the |
|
We are seeing the same issue where it appears the plugin is not assuming the role correctly. For example, when we run the following: It outputs the correct projects in the "develop" account. But the CodeBuild plugin returns: |
|
@jveldboom thanks for letting us know about this. We will attempt to reproduce this behavior and look into the root cause. |
|
We're seeing similar issues as described above. Are there any updates to the fix? @leobaran-aws |
|
We're still looking into this issue. Thanks for your patience. |
|
Fixed in f1939d8. Let me know if this works for you. |
I have a containerized Jenkins in my kubernetes cluster and I would like to create a pipeline on that. Right now we use AWS for all our services at my company. I would like to know how to counter this error that I get when I run code build amazon plugin in Jenkins with my specific builspec.yml file. I can provide you with all the IAM roles and the policy set up I have used and would like to know where exactly I am going wrong or what the issue could be.
ERROR:
[AWS CodeBuild Plugin] Using credentials provided by the DefaultAWSCredentialsProviderChain for authorization
ERROR: Build step failed with exception
com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 11760BE0CD404492; S3 Extended Request ID: RXTWOTmY5hD2XuiHZPuHBfzuCs2o6C9+AkvKJrBwVV8QJV3IL847ZVe3Mg99+e3Q8bGZqpgNq0Y=), S3 Extended Request ID: RXTWOTmY5hD2XuiHZPuHBfzuCs2o6C9+AkvKJrBwVV8QJV3IL847ZVe3Mg99+e3Q8bGZqpgNq0Y=
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1632)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1058)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4365)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4312)
at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:4306)
at com.amazonaws.services.s3.AmazonS3Client.getBucketVersioningConfiguration(AmazonS3Client.java:2240)
at com.amazonaws.services.s3.AmazonS3Client.getBucketVersioningConfiguration(AmazonS3Client.java:2225)
at Validation.checkBucketIsVersioned(Validation.java:209)
at CodeBuilder.perform(CodeBuilder.java:328)
at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:81)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744)
at hudson.model.Build$BuildExecution.build(Build.java:206)
at hudson.model.Build$BuildExecution.doRun(Build.java:163)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
at hudson.model.Run.execute(Run.java:1794)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Build step 'AWS CodeBuild' marked build as failure
[BFA] Scanning build for known causes...
[BFA] No failure causes found
[BFA] Done. 0s
Finished: FAILURE
IAM ROLES:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CodeBuildProjects",
"Effect": "Allow",
"Action": [
"codebuild:StartBuild",
"codebuild:StopBuild",
"codebuild:BatchGet*",
"codebuild:Get*",
"codebuild:List*",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"codecommit:ListBranches"
],
"Resource": "arn:aws:codebuild:us-east-1:997938224961:project/JenkinsPipeline"
},
{
"Sid": "CodeBuildLogs",
"Action": [
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:::log-group:/aws/codebuild/:log-stream:"
},
{
"Sid": "CodeBuildBuckets",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::quantopian-codebuild-staging",
"arn:aws:s3:::quantopian-codebuild-staging/*"
]
}
]
}
And I have made the configuration settings almost similar to the one provided in this document : https://aws.amazon.com/blogs/devops/simplify-your-jenkins-builds-with-aws-codebuild/
Secondly, from this I haven’t used a code commit AWS repository, I am using a GitHub repository which has established a connection with my Jenkins system.
Please do guide me on what I should do next so that I can proceed. Is there an evident error that I am making or is it not possible to create the connection with the s3 bucket considering the fact that I am leaving the credentials part of the Jenkins configuration page blank, as I have created a role for amazon using Assumeroles so that credential entry is not required.
The text was updated successfully, but these errors were encountered: