我需要使用带有Terraform的buildStep创建管道。我需要从工件中获取来源,但是Terraform文档并不十分清楚。到目前为止,这是我的代码:
resource "aws_codebuild_project" "authorization" {
name = "authorization"
description = "BuildProject for authrorization service"
build_timeout = "5"
service_role = "${aws_iam_role.codebuild_role.arn}"
artifacts {
type = "CODEPIPELINE"
}
environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "aws/codebuild/docker:17.09.0"
type = "LINUX_CONTAINER"
privileged_mode = true
environment_variable {
"name" = "SOME_KEY1"
"value" = "SOME_VALUE1"
}
environment_variable {
"name" = "SOME_KEY2"
"value" = "SOME_VALUE2"
}
}
source {
type = "CODEPIPELINE"
buildspec = "buildspecs.yml"
}
tags {
"Environment" = "alpha"
}
}
问题是指向文件在该步骤的管道执行期间会给我带来错误:
DOWNLOAD_SOURCE Failed
[Container] 2018/03/29 11:15:31 Waiting for agent ping
[Container] 2018/03/29 11:15:31 Waiting for DOWNLOAD_SOURCE
Message: Access Denied
这就是我的管道的样子:
resource "aws_codepipeline" "foo" {
name = "tf-test-pipeline"
role_arn = "${aws_iam_role.codepipeline_role.arn}"
artifact_store {
location = "${aws_s3_bucket.foo.bucket}"
type = "S3"
encryption_key {
id = "${aws_kms_key.a.arn}"
type = "KMS"
}
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "AWS"
provider = "CodeCommit"
version = "1"
output_artifacts = ["src"]
configuration {
RepositoryName = "authorization"
BranchName = "master"
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["src"]
version = "1"
configuration {
ProjectName = "${aws_codebuild_project.authorization.name}"
}
}
}
}
我想我做错了什么,但我似乎找不到某个地方描述的案子。需要从Codepipeline中的源步骤接收源,此步骤还可以。我知道管道的工作原理,但是Terraform实施非常令人困惑。编辑:我已经检查了S3存储桶,可以确认源步骤成功地上传了那里的工件。因此,问题仍然是,当我进入第二步时,我无法访问源。角色允许所有资源上的所有访问权限。管道的控制台版本看起来很正常,没有填充。角色很好。
这通常会发生在您已经拥有一个代码建立项目并将其集成到CodePipeline项目时。CodeBuild现在未从CodeCommit/github存储库下载来源。相反,它将尝试下载在S3中的Codepipeline存储桶中创建的源文物。因此,您将需要为CodeBuild角色提供权限,以访问S3中的CodePipline Bucket。