CodePipeine 无法从 CodeCommit 获取源

问题描述 投票:0回答:1

codepipline

 尝试从
codecommit
 获取源代码时出现此错误

The service role or action role doesn’t have the permissions required to access the AWS CodeCommit repository named defon-liff. Update the IAM role permissions, and then try again. Error: User: arn:aws:sts::665852216333:assumed-role/df-stag-code-adminPipelineRole8AA4BBC2-LGTJJRF5EP4E/1720168399052 is not authorized to perform: codecommit:GetBranch on resource: arn:aws:codecommit:ap-northeast-1:665852216828:defon-liff because no identity-based policy allows the codecommit:GetBranch action

我想这是因为

df-stag-code-adminPipelineRole8AA4BBC2-LGTJJRF5EP4E
无法访问
CodeCommit


所以,我调查了
df-stag-code-adminPipelineRole8AA4BBC2-LGTJJRF5EP4E
,这个政策名为
adminPipelineRoleDefaultPolicyC79967BE


那么它有两个假设的角色。


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*",
                "s3:DeleteObject*",
                "s3:PutObject",
                "s3:PutObjectLegalHold",
                "s3:PutObjectRetention",
                "s3:PutObjectTagging",
                "s3:PutObjectVersionTagging",
                "s3:Abort*"
            ],
            "Resource": [
                "arn:aws:s3:::si2-s3d-91",
                "arn:aws:s3:::si2-s3d-91/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
            ],
            "Resource": "arn:aws:kms:ap-northeast-1:665852216333:key/bf3cf318-1376-44de-a014-18107XXXXXX",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::665852216333:role/df-stag-code-adminPipelinedfstagadmionsourcedfstag-1OZJ7LB64WXO2",
            "Effect": "Allow"
        },
        {
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::665852216333:role/df-stag-code-adminPipelinedfstagadmionbuilddfstaga-8NGM8PIRUGQ3",
            "Effect": "Allow"
        }
    ]
}

所以,我检查了
df-stag-code-adminPipelinedfstagadmionsourcedfstag-1OZJ7LB64WXO2


这有政策
adminPipelinedfstagadmionsourcedfstagadminsourceCodePipelineActionRoleDefaultPolicy32499DC6


那么,它有


  {
        "Action": [
            "codecommit:GetBranch",
            "codecommit:GetCommit",
            "codecommit:UploadArchive",
            "codecommit:GetUploadArchiveStatus",
            "codecommit:CancelUploadArchive"
        ],
        "Resource": "arn:aws:codecommit:ap-northeast-1:665852216333:defon-*",
        "Effect": "Allow"
    }

看起来它可以访问代码提交
defon-*


但是错误仍然发生


我该如何解决这个问题?


我想知道错误消息
df-stag-code-adminPipelineRole8AA4BBC2-LGTJJRF5EP4E/1720168399052


这与问题有何相关
1720168399052
??

    

	

    
    amazon-web-services
    
    aws-codepipeline
    
    aws-codecommit
    
    codebuild
    
    
1个回答

    

      
      
      

        

          

            

              
0
投票

              
            

          

        

        
按照错误提示执行操作,将 
codecommit:GetBranch
(以及最有可能在 adminPipelinedfstagadmionsourcedfstag 上列出的其他代码提交相关权限)添加到角色 
df-stag-code-adminPipelineRole...


别担心
1720168399052
 - 这与担任该角色有关。

    

	

      

      
    

  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2024. All rights reserved.