I am getting the following error on the source stage of my code pipeline:
I feel like I know this means my access token doesn't have access to s3 service, but I do I have created buckets and even ran CLI against it using my access key.
Any tips?
Action execution failed
GitHub Upload to S3 failed with the following error: The AWS Access Key Id needs a subscription for the service (Service: Amazon S3; Status Code: 400; Error Code: KMS.SubscriptionRequiredException; Request ID: NWPB863XQQJV86T2; S3 Extended Request ID: XC5qnepPTZxI0mzF6K3epFPIXpYn+iJiivZqSRjeZ4hR7yVZRAKJT0laFpGZ4twOZYOrusfaZBc=; Proxy: null) (Service: null; Status Code: 0; Error Code: null; Request ID: null; S3 Extended Request ID: null; Proxy: null)
There are a lot of steps to build a CI/CD that works. You have to make sure that you follow each step and all the config settings. The best advice is to follow theses AWS tutorials step by step. I followed these a few weeks ago and they work.
Tutorial: Create a simple pipeline (S3 bucket)
Tutorial: Create a simple pipeline (CodeCommit repository)
Related
I'm getting the error below after running the pipepline
Unable to fetch parameters [/cdk-bootstrap/hnb659fds/version] from parameter store for this account. (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: 9bc784ac-193c-4dbe-97c0-4ecb90ce4c2d; Proxy: null)
I'm trying to setup CI/CD via code commit, code deploy, and pipeline. I added another stage in the pipleline for cloudformation but I'm getting this error when I try to run the pipeline.
Source and Build stage Succeeds but it fails on deploy stage.
I have an AWS Glue Spark job that fails with the following error:
An error occurred while calling o362.cache. com.amazon.ws.emr.hadoop.fs.shaded.com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: ...; S3 Extended Request ID: ...; Proxy: null), S3 Extended Request ID: ...
I believe the error is thrown at line where the Spark persist() method is called on a DataFrame. The Glue job is assigned an IAM role that has full S3 access (all locations/operations allowed), yet I'm still getting the S3 exception. I tried setting the "Temporary path" for the Glue job on the AWS Console to a specific S3 bucket with full access, I also tried setting the Spark temporary directory to a specific S3 bucket with full access via:
conf = pyspark.SparkConf()
conf.set('spark.local.dir', 's3://...')
self.sc = SparkContext(conf=conf)
which didn't help. It's very strange that the job is failing even with full S3 access. Not sure what to try next, any help would be really appreciated. Thank you!
I am trying to create cross account deployment using codepipeline and terraform. My codecommit repo is account A and codepipeline is in account B. I want to create trigger so that whenever I merge the branch it should trigger codepipeline to start in Account B.
I tried using Event bridge but it only sends notification. I also need source artifacts for codebuild project. So I tried using couple of articles from Medium such as this. But I am getting this error. Currently it doesn't even get to build stage fails before that
The service role or action role doesn’t have the permissions required to access the Amazon S3 bucket named artifacts-bucket-dev. Update the IAM role permissions, and then try again. Error: Amazon S3:AccessDenied:Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: K86ED6QM; S3 Extended Request ID: BsVDy7vYRyL2mavM+XbZNrWxR+y8Do=; Proxy: null)
I tried updating the role and actually gave administrator permission as I just wanted it work.
We have a CodePipeline process set up, and all stages work except the CodeDeploy stage.
Our pipeline stage is as follows:
GenerateChangeSet for CloudFormation
ExecuteChangeSet for CloudFormation
Deploy for CodeDeploy
These stages were set up and configured by CodeStar.
Our GenerateChangeSet stage tries to access s3 to get our BuildArtifact, but fails with the following error:
Action execution failed
Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 40P7HSHQGWXSRA72; S3 Extended Request ID: I6hiCC7xx+YmnQMLfUnMzZziLDz/5b8uJWzOqWNZwSiVRCS14Q6UyVfss6q80teO5MAGuR9Xft4=; Proxy: null)
This suggests that CloudFormation cannot access s3, but I've checked and rechecked the policy that it uses and it definitely has the correct permissions for accessing s3.
I'm not quite sure why this error is happening, given that the role policy does indeed have access to s3. I even went with the nuclear option of granting this role full control over s3 (with a view to reverting once I solved the issue), but to no avail, the error still occurs.
Has anyone encountered this before? Anyone know why it might be happening?
I discovered the issue. The CloudFormation template file (template.yml and template-configuration.yml) was reading the one from the repo, but that had been removed at some point prior, so I was getting access denied errors from that resource.
I wish the error message was more explicit, it would have saved hours.
I'm trying to just test out AWS s3 with eclipse using Java, I'm just trying to execute the Amazon s3 sample, but it doesn't recognise my credentials, and I'm sure my credentials are legitimate, it gives me the following error:
===========================================
Getting Started with Amazon S3
===========================================
Listing buckets
Caught an AmazonServiceException, which means your request made it to Amazon S3, but was rejected with an error response for some reason.
Error Message: Status Code: 403, AWS Service: Amazon S3, AWS Request ID: 057D91D336C1FASC, AWS Error Code: InvalidAccessKeyId, AWS Error Message: The AWS Access Key Id you provided does not exist in our records.
HTTP Status Code: 403
AWS Error Code: InvalidAccessKeyId
Error Type: Client
Request ID: 057D91D336C1FASC
a little update here:
so there's a credential file that aws creates in the computer system. mine case was '/Users/macbookpro/.aws/credentials'
the file in this place decides the default accessKeyId and stuff.. go ahead and update it.
So I ran into the same issue, but i think i figured it out.
I was using Node.js, but i think the problem should be the same since it's how they have structured their object was the issue.
in javascript if you run this in the backend,
var aws = require('aws-sdk');
aws.config.accessKeyId= "Key bablbalab"
console.log(aws.config.accessKeyId)
you will find it prints out something different. coz the correct way of setting the accessKeyId isn't what they have provided in the official website tutorial
aws.config.accessKeyId="balbalb"
or
aws.config.loadFromPath = ('./awsConfig.json')
or any of that.
If you log the entire "aws.config", you will find the correct way is
console.log(aws.config)
console.log(aws.config.credentials.secretAccessKey)
aws.config.credentials.secretAccessKey="Key balbalab"
you see the structure of the object? there's the inconsistence