Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

S3 deployment is failing in bitbucket pipelines

I'm trying to deploy a static website on s3 bucket through bitbucket pipelines but getting Access Denied error on PutObject operation.

The bucket doesn't have public access, it serves through CloudFront distributions.

 

VERIFIED CHECKS:

  1. IAM user access
    • AmazonS3FullAccess
  2. Repository variables
    • AWS_ACCESS_KEY_ID
    • AWS_SECRET_ACCESS_KEY
    • QA_BUCKET
  3. Cloudfront distribution
    • Pointed to the correct bucket
    • Allowed HTTP Methods
      • GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
    • bucket policy
  4. Basic auth:
    • Through AWS Lambda
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <ID>"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::qa.polarunicorn.com/*"
}
]
}

 

bitbucket-pipelines.yml

image: node:10.15.3

pipelines:
custom:
qa:
- step:
name: QA - Install, test and build
caches:
- node
script:
- yarn
- yarn test
- yarn build:dev
artifacts:
- dist/**
- step:
name: QA - Deploy on S3
deployment: test
script:
- pipe: atlassian/aws-s3-deploy:0.3.7
variables:
AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION: '$AWS_REGION_NAME'
S3_BUCKET: '$QA_BUCKET'
ACL: 'public-read'
LOCAL_PATH: 'dist'
DELETE_FLAG: 'true'

 

Pipeline's build status:

build-failing.png

 

I find and tried all the possible solutions but not able to catch the actual issue here because everything looks good, as expected... ☹️

  

1 answer

1 accepted

1 vote
Answer accepted

Hi @Gulshan kumar do you have any other Bucket ACLs, IAM Policies or Bucket Policies configured? Does the IAM user owns the bucket and/or objects that you try to update?

Thanks for the update @Alexander Zhukov and I just found the issue and it requires a minor change, just needs to update the ACL value in the bitbucket-pipelines.yml as:

ACL: 'bucket-owner-full-control'

and earlier, I was using

ACL: 'public-read'

(check in the question above)

 

---

All the valid values are:

private | public-read | public-read-write | authenticated-read | bucket-owner-read | bucket-owner-full-control | private

Default: private
Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket Pipelines

Bitbucket Pipelines Runners is now in open beta

We are excited to announce the open beta program for self-hosted runners. Bitbucket Pipelines Runners is available to everyone. Please try it and let us know your feedback. If you have any issue...

2,326 views 50 18
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you