所以,我对AWS非常新,并且拥有一个使用AWS CodeStar构建的简单管道。来源 ->应用程序 -> beta。我正在尝试部署到Beta网站,我会得到此失败。
我尝试在http://docs.aws.amazon.com/iam/latest/userguide/id_roles_create_for-service.html上关注仪器,然后选择要担任此角色的服务。但这不是我所看到的。我看不到选择Codepipeline的能力,我认为这是需要访问弹性豆键的服务。
我以为我可能已经误解了他们正在谈论的服务,并以其他方式选择了弹性beanstalk,但这也与说明有所不同。
我尝试了此页面:http://docs.aws.amazon.com/codepipeline/latest/latest/userguide/how-to-custom-role.html#view-view-default-service-nervice-poly-policy-policy-policy-policy-and-comp.他们如何创建默认的AWS codepipeline服务角色策略
*****************************************************************************
这是整个管道的屏幕截图
这是AWScodestarServicerole策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ProjectEventRules",
"Effect": "Allow",
"Action": [
"events:PutTargets",
"events:RemoveTargets",
"events:PutRule",
"events:DeleteRule",
"events:DescribeRule"
],
"Resource": [
"arn:aws:events:*:*:rule/awscodestar-*"
]
},
{
"Sid": "ProjectStack",
"Effect": "Allow",
"Action": [
"cloudformation:*Stack*",
"cloudformation:CreateChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:GetTemplate"
],
"Resource": [
"arn:aws:cloudformation:*:*:stack/awscodestar-*",
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/aws-cloud9-*",
"arn:aws:cloudformation:*:aws:transform/CodeStar*"
]
},
{
"Sid": "ProjectStackTemplate",
"Effect": "Allow",
"Action": [
"cloudformation:GetTemplateSummary",
"cloudformation:DescribeChangeSet"
],
"Resource": "*"
},
{
"Sid": "ProjectQuickstarts",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::awscodestar-*/*"
]
},
{
"Sid": "ProjectS3Buckets",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::aws-codestar-*",
"arn:aws:s3:::aws-codestar-*/*",
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
]
},
{
"Sid": "ProjectServices",
"Effect": "Allow",
"Action": [
"codestar:*Project",
"codestar:*Resource*",
"codestar:List*",
"codestar:Describe*",
"codestar:Get*",
"codestar:AssociateTeamMember",
"codecommit:*",
"codepipeline:*",
"codedeploy:*",
"codebuild:*",
"ec2:RunInstances",
"autoscaling:*",
"cloudwatch:Put*",
"ec2:*",
"elasticbeanstalk:*",
"elasticloadbalancing:*",
"iam:ListRoles",
"logs:*",
"sns:*",
"cloud9:CreateEnvironmentEC2",
"cloud9:DeleteEnvironment",
"cloud9:DescribeEnvironment*",
"cloud9:ListEnvironments"
],
"Resource": "*"
},
{
"Sid": "ProjectWorkerRoles",
"Effect": "Allow",
"Action": [
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:GetRole",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:SetDefaultPolicyVersion",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:AddRoleToInstanceProfile",
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:RemoveRoleFromInstanceProfile"
],
"Resource": [
"arn:aws:iam::*:role/CodeStarWorker*",
"arn:aws:iam::*:policy/CodeStarWorker*",
"arn:aws:iam::*:instance-profile/awscodestar-*"
]
},
{
"Sid": "ProjectTeamMembers",
"Effect": "Allow",
"Action": [
"iam:AttachUserPolicy",
"iam:DetachUserPolicy"
],
"Resource": "*",
"Condition": {
"ArnEquals": {
"iam:PolicyArn": [
"arn:aws:iam::*:policy/CodeStar_*"
]
}
}
},
{
"Sid": "ProjectRoles",
"Effect": "Allow",
"Action": [
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:CreatePolicyVersion",
"iam:DeletePolicyVersion",
"iam:ListEntitiesForPolicy",
"iam:ListPolicyVersions"
],
"Resource": [
"arn:aws:iam::*:policy/CodeStar_*"
]
},
{
"Sid": "InspectServiceRole",
"Effect": "Allow",
"Action": [
"iam:ListAttachedRolePolicies"
],
"Resource": [
"arn:aws:iam::*:role/aws-codestar-service-role",
"arn:aws:iam::*:role/service-role/aws-codestar-service-role"
]
},
{
"Sid": "IAMLinkRole",
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "cloud9.amazonaws.com"
}
}
}
]
}
另外,我无法更新角色的权限,因为它说它是亚马逊创建的角色,并且是只读的角色。
我猜我缺少的东西很简单。我想念它!
预先感谢!
尝试多种方法来调整设置和权限。我尝试创建一个重复的管道,而一切都在新管道上使用,但没有旧管道。
因此,为了解决问题,我删除了保存在CodeStar中的管道,并创建了一个相同的新管道。然后,我删除了CodeStar中的连续部署瓷砖,然后添加了一个新的连续部署瓷砖,选择了我创建的新管道。
。这解决了问题,管道有效。
首次进入AWS CodeStar控制台时,提示您创建服务角色。您应该选择是。这创建了一个名为" AwscodestarServicerole"的角色。
这个角色具有您需要的权限。
此链接将引导您通过设置AWS CODESTAR:
设置AWS CODESTAR