search

aws / aws-codedeploy-agent

Host Agent for AWS CodeDeploy
https://aws.amazon.com/codedeploy
Apache License 2.0
328 stars 188 forks source link

enabling s3 versioning makes codebuild agent not download Artifacts #336

Closed dilanka-att closed 1 year ago

dilanka-att commented 1 year ago

I recently enabled s3 versioning on some codebuild buckets due to a security audit. Soon after I found that the codebuild-agent could not download the previously downloadable Build Artifacts.

t0shiii commented 1 year ago

This is the repository for CodeDeploy. Please reach out to CodeBuild for help on this issue.

dilanka-att commented 1 year ago

This is the repository for CodeDeploy. Please reach out to CodeBuild for help on this issue.

Hi @t0shiii, So my usecase is in a code-pipeline I have the

  1. source set as github
  2. build as codebuild (which places a build artifact in and s3 bucket XXX)
  3. codedeploy agent deploys to EC2.

Above process was working fine but due to a security scan we enabled object versioning on the bucket on step2. Post that the code-deploy agent could not download the artifact from the now versioned s3 bucket.

I did a test downloading the s3 artifact using the aws cli and that worked. So I think there was sufficient IAM permissions for the EC2 instance to download the artifact.

t0shiii commented 1 year ago

If the CodeDeploy Agent is failing in DownloadBundle, please check either the deployment logs or the agent logs. Information about both logs can be found in the CodeDeploy documentation