问题
I have hosted an angular 7 app on AWS S3 bucket as a static website and now want to automate the deployment of newer version when my github repo is updated.
I want the files from the newer version to replace the files of the previous version in the s3 bucket. Here's how I am going about it
I have a buildspec file
version: 0.2
phases:
install:
commands:
# install dependencies
- echo Installng source NPM dependencies...
- npm install npm@latest -g
- npm install -g @angular/cli
pre_build:
commands:
- echo Prebuild steps
- npm install
build:
commandS:
# build angular app
- echo Build started on `date`
- ng build
post_build:
commands:
# clear S3 bucket
- aws s3 rm s3://${S3_BUCKET} --recursive
- echo S3 bucket cleared
# copy files from dist folder into S3 bucket
- aws s3 cp dist s3://${S3_BUCKET} --recursive
- echo Build completed on `date`
when code pipeline runs, the process fails at post_build as shown in the log here
[Container] 2019/04/11 10:33:49 Running command aws s3 rm s3://${S3_BUCKET} --recursive /usr/local/lib/python2.7/dist-packages/urllib3/util/ssl_.py:354: SNIMissingWarning: An HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings SNIMissingWarning delete failed: s3://trips9ja-admin/3rdpartylicenses.txt An error occurred (AccessDenied) when calling the DeleteObject operation: Access Denied delete failed: s3://trips9ja-admin/Trips9jaPipeline/SourceArti/FyvYEvb.zip An error occurred (AccessDenied) when calling the DeleteObject operation: Access Denied delete failed: s3://trips9ja-admin/assets/bus.png An error occurred (AccessDenied) when calling the DeleteObject operation: Access Denied
And that's where I got stuck. So what is it I am doing wrong and what does the error mean?
I have an S3 bucket policy to allow Code build access like this
{
"Sid": "CodeBuildPermision",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::735681810231:role/service-role/codebuild-service-role"
},
"Action": "s3:*",
"Resource": "arn:aws:s3:::<bucket name>"
}
回答1:
Resolved the issue by adding another line to the "Resource" of the S3 bucket policy that allows access to all contents of the bucket like this
"Resource": ["arn:aws:s3:::<bucket name>", "arn:aws:s3:::<bucket name>/*"]
来源:https://stackoverflow.com/questions/55630610/automating-angular-7-app-deployment-with-aws-s3-and-codepipeline