docker - Codepipeline: Insufficient permissions Unable to access the artifact with Amazon S3 object key

Question

Hello I created a codepipeline project with the following configuration:

• Source Code in S3 pulled from Bitbucket.
• Build with CodeBuild, generating an docker image and storing it into a Amazon ECS repository.
• Deployment provider Amazon ECS.

All the process works ok until when it tries to deploy, for some reason I am getting the following error during deployment:

Insufficient permissions Unable to access the artifact with Amazon S3 object key 'FailedScanSubscriber/MyAppBuild/Wmu5kFy' located in the Amazon S3 artifact bucket 'codepipeline-us-west-2-913731893217'. The provided role does not have sufficient permissions.

During the building phase, it is even able to create a new docker image in the ECS repository.

I tried everything, changed IAM roles and policies, add full access to S3, I have even setted the S3 bucket as public, nothing worked. I am without options, if someone could help me that would be wonderful, I have poor experience with AWS, so any help is appreciated.

Answer 1

I was able to find a solution. The true issue is that when the deployment provider is set as Amazon ECS, we need to generate an output artifact indicating the name of the task definition and the image uri, for example:

post_build:
    commands:
      - printf '[{"name":"your.task.definition.name","imageUri":"%s"}]' $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG > imagedefinitions.json

artifacts:
    files: imagedefinitions.json