我需要创建一个带有 terraform 的构建步骤的管道。我需要从工件中获取源代码,但 Terraform 文档不是很清楚。到目前为止,这是我的代码:
resource "aws_codebuild_project" "authorization" {
name = "authorization"
description = "BuildProject for authrorization service"
build_timeout = "5"
service_role = "${aws_iam_role.codebuild_role.arn}"
artifacts {
type = "CODEPIPELINE"
}
environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "aws/codebuild/docker:17.09.0"
type = "LINUX_CONTAINER"
privileged_mode = true
environment_variable {
"name" = "SOME_KEY1"
"value" = "SOME_VALUE1"
}
environment_variable {
"name" = "SOME_KEY2"
"value" = "SOME_VALUE2"
}
}
source {
type = "CODEPIPELINE"
buildspec = "buildspecs.yml"
}
tags {
"Environment" = "alpha"
}
}
问题是在该步骤的管道执行期间指向文件会导致我出现此错误:
DOWNLOAD_SOURCE Failed
[Container] 2018/03/29 11:15:31 Waiting for agent ping
[Container] 2018/03/29 11:15:31 Waiting for DOWNLOAD_SOURCE
Message: Access Denied
这就是我的管道的样子:
resource "aws_codepipeline" "foo" {
name = "tf-test-pipeline"
role_arn = "${aws_iam_role.codepipeline_role.arn}"
artifact_store {
location = "${aws_s3_bucket.foo.bucket}"
type = "S3"
encryption_key {
id = "${aws_kms_key.a.arn}"
type = "KMS"
}
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "AWS"
provider = "CodeCommit"
version = "1"
output_artifacts = ["src"]
configuration {
RepositoryName = "authorization"
BranchName = "master"
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["src"]
version = "1"
configuration {
ProjectName = "${aws_codebuild_project.authorization.name}"
}
}
}
}
我想我做错了什么,但我似乎无法在某处找到我的案例。Source 需要从 CodePipeline 中的 Source 步骤接收,这一步是可以的。我知道管道是如何工作的,但是 terraform 的实现非常混乱。编辑:我已经检查了 S3 存储桶,并且可以确认 Source 步骤已成功将工件上传到那里。所以问题仍然存在,当我在第二步时,我无法访问源代码。角色是允许对所有资源的所有访问。管道的控制台版本看起来很正常,没有任何内容未填充。角色很好。