Sunday, March 12, 2017

AWS CodeBuild and why I have no hair left

I'll blog soon about AWS CodeBuild and CodePipeline when I get around to documenting all of my frustrations but for now,  to save some poor souls from losing their hair, here are some quick tips:


  1. CodeBuild is not very helpful regarding malformed YAML in your buildspec.yml file.  If things don't work, check to make sure your buildspec.yml file is well formed.
  2. As if that were not bad enough, even if it is well formed, if you include elements it does not recognize it might just skip them silently.  I inadvertently used pre-build instead of pre_build and lost some hair on that one.
  3. As verified in this blog post, CodeBuild will not upload artifacts to the root of a bucket - it really wants a folder name.  Odd really, since S3 objects have key names and folders do not really exist.  I was trying to create a yum repository in a bucket that is hosting a website and wanted my files to in the root of the bucket.  No can do pal.
  4. If you want to sync some files to said website bucket and are making the site publicly available by setting permissions as I was using the CLI, you'll need to make sure that your CodeBuild policy that is attached to the role you use to run CodeBuilder has the proper permissions to your S3 bucket.  In this case you'll need ListObject, PutObject, GetObject, and PutObjectAcl.   Here's what the policy might look like:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Resource": [
                "arn:aws:logs:us-east-1:*********:log-group:/aws/codebuild/bedrock-build",
                "arn:aws:logs:us-east-1:*********:log-group:/aws/codebuild/bedrock-build:*"
            ],
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ]
        },
        {
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::codepipeline-us-east-1-*"
            ],
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:GetObjectVersion"
            ]
        },
        {
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::openbedrock",
                "arn:aws:s3:::openbedrock/*",
                "arn:aws:s3:::repo.openbedrock.net",
                "arn:aws:s3:::repo.openbedrock.net/*"
            ],
            "Action": [
                "s3:Put*",
                "s3:Get*",
                "s3:List*"
            ]
        }
    ]
}

More about my adventures with CodeBuild and CodePipeline later...

No comments:

Post a Comment

Feel free to leave a helpful comment. Nastiness is unbecoming. Spam will be promptly deleted.