个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我在自定义 VPC 和私有(private)子网中创建了 CodeBuild 项目。
私有(private)子网可以访问 Internet,AWS 控制台也确认 Internet 连接适用于此代码构建项目。我不断收到VPC_CLIENT_ERROR: Unexpected EC2 error: UnauthorizedOperation构建的“配置”阶段出错。我的服务角色政策中一定缺少某些东西,但无法弄清楚是什么。
这是 CodeBuild 项目(terraform):
resource "aws_codebuild_project" "frontend" {
name = "frontend"
build_timeout = "5"
service_role = "${aws_iam_role.frontend_build.arn}"
artifacts {
type = "S3"
location = "frontend.myapp.com"
namespace_type = "NONE"
packaging = "NONE"
path = "public"
}
environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "aws/codebuild/standard:1.0"
type = "LINUX_CONTAINER"
image_pull_credentials_type = "CODEBUILD"
environment_variable {
name = "SOME_KEY1"
value = "SOME_VALUE1"
}
}
logs_config {
cloudwatch_logs {
group_name = "build"
stream_name = "frontend-build"
}
}
source {
type = "GITHUB"
location = "https://github.com/MyOrg/my-repo.git"
git_clone_depth = 1
report_build_status = true
auth {
type = "OAUTH"
}
}
vpc_config {
vpc_id = module.vpc.vpc_id
subnets = module.vpc.private_subnets
security_group_ids = [aws_security_group.build.id]
}
}
resource "aws_iam_role" "frontend_build" {
name = "frontend-build"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:CreateNetworkInterfacePermission",
"Resource": "arn:aws:ec2:us-east-1:371508653482:network-interface/*",
"Condition": {
"StringEquals": {
"ec2:AuthorizedService": "codebuild.amazonaws.com",
"ec2:Subnet": "subnet-124641af7a83bf872"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ecr:BatchCheckLayerAvailability",
"ecr:CompleteLayerUpload",
"ecr:GetAuthorizationToken",
"ecr:InitiateLayerUpload",
"ecr:PutImage",
"ecr:UploadLayerPart",
"ecs:RunTask",
"iam:PassRole",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ssm:GetParameters"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:GetAuthorizationToken",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"logs:CreateLogGroup",
"logs:PutLogEvents",
"ecr:BatchCheckLayerAvailability"
],
"Resource": "*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::xxx-frontend-build-logs",
"arn:aws:s3:::xxx-frontend-build-logs/*"
]
}
]
}
resource "aws_security_group" "build" {
name = "build"
vpc_id = module.vpc.vpc_id
}
resource "aws_security_group_rule" "build_egress" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.build.id
}
最佳答案
在我看来,CodeBuild 服务角色无法在 VPC 中创建 ENI。问题似乎与 CodeBuild 角色策略中的这一行有关:
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:CreateNetworkInterfacePermission",
"Resource": "arn:aws:ec2:us-east-1:371508653482:network-interface/*",
"Condition": {
"StringEquals": {
"ec2:AuthorizedService": "codebuild.amazonaws.com",
"ec2:Subnet": "subnet-124641af7a83bf872" <================= Need full ARN here
}
}
},
"Condition": {
"StringEquals": {
"ec2:AuthorizedService": "codebuild.amazonaws.com",
"ec2:Subnet": "subnet-124641af7a83bf872"
}
}
"Condition": {
"StringEquals": {
"ec2:Subnet": [
"arn:aws:ec2:region:account-id:subnet/subnet-124641af7a83bf872"
],
"ec2:AuthorizedService": "codebuild.amazonaws.com"
}
关于amazon-web-services - AWS CodeBuild VPC_CLIENT_ERROR : Unexpected EC2 error: UnauthorizedOperation,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58321632/
25
4
0
一旦在 qconsole Marklogic 中运行以下代码,我就会遇到以下错误 XDMP-UNEXPECTED: (err:XPST0003) Unexpected token syntax err
我已经在我的包中编写了这个函数。 def partitionIntoDays(ls, number, lookupKey=None): ''' Partitions the location
我只是一个 android 初学者,我已经安装了 Android Studio(版本是 1.0.2),并创建了一个新的空白应用程序,按照名为“构建你的第一个应用程序”的官方教程,我学习到这个页面' h
这只是前几天工作,但我刚刚将我的代码更新到运行乘客 2.2.4 的审查服务器,而我的 2.3.4 rails 应用程序现在无法在那个盒子上启动。 乘客报告: Passenger encountered
我正在尝试使用带有 Angular 2的整页, 将其导入我的 app.module.ts 时出现以下错误。 "(SystemJS) Unexpected token ) at Obje
TFS2015 vNext 构建失败并出现记录器错误(下面附有错误消息)。根据我的调查,这看起来与 CentralLogger - "Microsoft.TeamFoundation.Distribu
计算机科学学校项目。我需要编写一个程序,其中用户声明数组的大小,然后以数字、非递减顺序填充数组,然后声明一个值 x。然后将 X 分配到适当的位置,以便整个数组按数字、非递减顺序排列。然后输出该数组。
在这 2 个方法中,inspect1 显示编译错误“Unexpected bound”而 inspect2 工作正常,为什么? public void inspect1(List u){ S
已关闭。这个问题是 not reproducible or was caused by typos 。目前不接受答案。 这个问题是由拼写错误或无法再重现的问题引起的。虽然类似的问题可能是 on-top
我正在尝试运行以下代码,但遇到了“此时意外”错误。 (echo COPY (SELECT ta.colA as name, ta.colB as user_e, ta.colC as user_n,
我有以下查询: select u.UserName, count(*) as total from Voting v join User u using (UserID) where unique (
我们有以下查询在 MSSQL 中完美运行但在 MySQL 中无法运行: select CONVERT(datetime, dateVal) as DateOccurred, itemID, COUNT
我的代码中存在缩进错误问题。它看起来是正确的...有人能指出我做错了什么吗?我的查询行不断收到错误。 def invoice_details(myDeliveryID): conn = pym
我有以下代码: int a , b , sum; cin>>a>>b; sum=a+b; cout>a>>b>>c; cout<
这个问题不太可能帮助任何 future 的访问者;它只与一个小的地理区域、一个特定的时间点或一个非常狭窄的情况有关,这些情况并不普遍适用于互联网的全局受众。为了帮助使这个问题更广泛地适用,visit
我在一个批处理文件上运行这个命令: for %I in (*.txt *.doc) do copy %I c:\test2 ...它不断返回: I was unexpected at this tim
创建查询时出现错误: 'from' unexpected 我的代码如下: @Override public Admin findByAdmin(Admin admin) {
我正在尝试运行此 python 代码,但我不断收到错误消息“意外缩进”。我不确定怎么了。间距似乎很好。有什么想法吗? services = ['Service1'] for service in
我在名为“circular_dependency”的目录中有一些 python 文件: 导入文件_1.py: from circular_dependency.import_file_2 import
我正在尝试使用 gcc 编译代码并运行可执行文件,但它抛出错误: gcc somefile.c -o somefile 编译成功。但是,当我尝试执行它时: $sh somefile 它导致:语法错误:
我是一名优秀的程序员,十分优秀!