Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CodeBuild] Build fails after introducing environmentVariables with type BuildEnvironmentVariableType.PARAMETER_STORE #9980

Closed
markusl opened this issue Aug 26, 2020 · 6 comments · Fixed by #11917
Closed

[CodeBuild] Build fails after introducing environmentVariables with type BuildEnvironmentVariableType.PARAMETER_STORE #9980

markusl opened this issue Aug 26, 2020 · 6 comments · Fixed by #11917
Assignees
@skinny85
Labels
@aws-cdk/aws-codebuild Related to AWS CodeBuild bug This issue is a bug. effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p2

Comments

@markusl
Copy link
Contributor

markusl commented Aug 26, 2020

After introducing the environment variable to the CDK Pipeline, the pipeline seems to fail in the 'Build' phase:

[Container] 2020/08/26 12:43:34 Phase context status code: Decrypted Variables Error Message: AccessDeniedException: User: arn:aws:sts::yyy:assumed-role/xxx-7BL0BNH108AP/AWSCodeBuild-05e07ae5-3da4-48a9-a206-5b44d40f4004 is not authorized to perform: ssm:GetParameters on resource: arn:aws:ssm:eu-central-1:yyy:parameter/VARIABLE_NAME

Reproduction Steps

    const pipeline = new pipelines.CdkPipeline(this, id, {
      cloudAssemblyArtifact,

      sourceAction: new codepipeline_actions.CodeCommitSourceAction({
        actionName: 'Source',
        repository,
        branch: 'master',
        output: sourceArtifact,
      }),

      synthAction: pipelines.SimpleSynthAction.standardNpmSynth({
      // The build will fail with missing permission after introducing 'environmentVariables'
        environmentVariables: {
          VARIABLE_NAME: {
            type: codebuild.BuildEnvironmentVariableType.PARAMETER_STORE,
            value: 'VARIABLE_NAME'
          }
        },
        sourceArtifact,
        cloudAssemblyArtifact,
        buildCommand: 'npm run build && npm run test'
      }),
    });

What did you expect to happen?

The relevant IAM configuration should be created automatically.

Environment

  • CLI Version : 1.60.0 (build 8e3f53a)
  • Framework Version: 1.60.0
  • Node.js Version: v14.8.0
  • OS : macOS
  • Language (Version): 4.0.2

This is 🐛 Bug Report
@markusl markusl added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Aug 26, 2020
@github-actions github-actions bot added the @aws-cdk/pipelines CDK Pipelines library label Aug 26, 2020
@rix0rrr rix0rrr assigned NGL321 and SomayaB and unassigned rix0rrr Aug 27, 2020
@SomayaB SomayaB removed their assignment Nov 2, 2020
@rix0rrr
Copy link
Contributor

rix0rrr commented Nov 13, 2020

This needs to be implemented in CodeBuild

@rix0rrr rix0rrr changed the title [cdk-pipelines] Build fails after introducing environmentVariables with type BuildEnvironmentVariableType.PARAMETER_STORE [CodeBuild] Build fails after introducing environmentVariables with type BuildEnvironmentVariableType.PARAMETER_STORE Nov 13, 2020
@rix0rrr rix0rrr added @aws-cdk/aws-codebuild Related to AWS CodeBuild and removed @aws-cdk/pipelines CDK Pipelines library labels Nov 13, 2020
@rix0rrr rix0rrr assigned skinny85 and unassigned NGL321 Nov 13, 2020
@skinny85
Copy link
Contributor

skinny85 commented Dec 5, 2020

Hey @markusl ,

this was recently fixed in CodeBuild: #11770 .

Can you try updating, and see if the problem persists?

Thanks,
Adam

@skinny85 skinny85 added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Dec 5, 2020
@markusl
Copy link
Contributor Author

markusl commented Dec 5, 2020
edited
Loading

@skinny85 Is this already released? I think I did not see this yet in the CHANGELOG. Will check this out if it's included in a release.

Thanks,
Markus

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Dec 6, 2020
@markusl
Copy link
Contributor Author

markusl commented Dec 7, 2020

It seems not to work yet possibly due to this 3c5c2f4#diff-a8640958f8311388cd004191bfc1b0939145226e363e90ad1a0c45bc6aa30953R826

@skinny85
Copy link
Contributor

skinny85 commented Dec 7, 2020

Oh, that's a great catch @markusl !

Any chance of a quick PR fixing that? Should be a simple fix 🙂. https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md

@markusl markusl mentioned this issue Dec 7, 2020
Merged
@skinny85 skinny85 added effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p2 and removed needs-triage This issue or PR still needs to be triaged. labels Dec 7, 2020
@mergify mergify bot closed this as completed in #11917 Dec 8, 2020
mergify bot pushed a commit that referenced this issue Dec 8, 2020
@markusl
fix(codebuild): incorrect SSM Parameter ARN in Project's IAM permissi…
7a09c18 
…ons (#11917)

(CodeBuild) Build fails after introducing environmentVariables with type BuildEnvironmentVariableType.PARAMETER_STORE.

Fixes #9980 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented Dec 8, 2020

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

flochaz pushed a commit to flochaz/aws-cdk that referenced this issue Jan 5, 2021
@markusl @flochaz
fix(codebuild): incorrect SSM Parameter ARN in Project's IAM permissi…
81e777d 
…ons (aws#11917)

(CodeBuild) Build fails after introducing environmentVariables with type BuildEnvironmentVariableType.PARAMETER_STORE.

Fixes aws#9980 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-codebuild Related to AWS CodeBuild bug This issue is a bug. effort/small Small work item – less than a day of effort good first issue Related to contributions. See CONTRIBUTING.md in-progress This issue is being actively worked on. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(codebuild): incorrect SSM Parameter ARN in Project's IAM permissions
5 participants
@skinny85 @rix0rrr @markusl @NGL321 @SomayaB