Creating a fresh AWS CodePipeline through the wizard can result in immediate errors.
In your CodeBuild build logs, you’ll see:
In your CodeBuild phase details, you’ll see:
CLIENT_ERROR: AccessDenied: Access Denied status code: 403,
request id: XXX, host id: XXX/XXX= for primary source and
source version arn:aws:s3:::${BUCKET}/${PREFIX}/${ARTIFACT_ID}
This happens when you select a non-default S3 bucket location for the Artifact store. In this case, the role/policies automatically created by AWS are not granted access to the Custom S3 bucket location.
In the UI, you’ll see:
To fix this, add the following permissions to the CodeBuild policy:
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::${BUCKET_NAME}*"
]
},