我有一个AWS管理帐户和开发帐户。
我从管理层运行我的管道,它将资源部署到eu-west-2和us-east-1区域的dev中。因此,在我的管理账户中,我有两个人工制品商店——一个用于eu-west-2,一个用于us-east-1。
由于某些原因,在部署时我会出现此错误。
复制失败复制项目"项目源"失败:将项目从eu-west-2中的bucketA复制到us-east-1中的Bucket B失败:提供的KMS ARN无效:"无效的ARN s3"。
我已经对pipeline_artifact_kms_key使用的arns进行了三次检查,这似乎是正确的。
下面是我的一些代码片段。
Resources:
CodePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: "somepipeline"
ArtifactStores:
- Region: eu-west-2
ArtifactStore:
EncryptionKey:
Type: KMS
Id: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/artefact_encryption_key/arn:1}}"
Location: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/build_bucket/name:1}}"
Type: S3
- Region: us-east-1
ArtifactStore:
EncryptionKey:
Type: KMS
Id: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/mgmt/us-east-1/pipeline_artefact_kms_key/arn:1}}"
Location: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/mgmt/us-east-1/build_bucket/name:1}}"
Type: S3
RoleArn: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/pipeline_role_arn/mgmt:1}}"
Stages:
- Name: GetSource
Actions:
- Name: FetchProjectPipelineCode
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
Configuration:
Owner: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/github/organisation:1}}"
Repo: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/github/repository:1}}"
PollForSourceChanges: 'false'
Branch:
Ref: BranchToBuild
OAuthToken: !Sub "{{resolve:secretsmanager:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/github/oauth_token:SecretString:token}}"
OutputArtifacts:
- Name: project-source
RunOrder: 1
- Name: DeployAuthLambdasToDev
Actions:
- Name: DeployLambdas-dev
RoleArn: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/pipeline_role_arn/dev:1}}"
ActionTypeId:
Category: Deploy
Owner: AWS
Version: '1'
Provider: CloudFormation
InputArtifacts:
- Name: project-source
OutputArtifacts:
- Name: lambdas_outputs_dev
Configuration:
ActionMode: REPLACE_ON_FAILURE
Capabilities: CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND
RoleArn: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/pipeline_role_arn/dev:1}}"
StackName: !Sub "${UniqueId}-AuthLambdas"
TemplatePath: project-source::aws/pipeline/us-east-1/dev/lambdas.cf.yaml
TemplateConfiguration: project-source::aws/pipeline/service_config.json
OutputFileName: stack_outputs.json
Region: us-east-1
RunOrder: 1更新:
我设法解决了这个问题,这是ARN要做的事情。由于某种原因,SSM没有正确解决它。我不知道为什么我检查SSM时非常注意细节,包括版本号!