It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

S3 deployment is failing in bitbucket pipelines

I'm trying to deploy a static website on s3 bucket through bitbucket pipelines but getting Access Denied error on PutObject operation.

The bucket doesn't have public access, it serves through CloudFront distributions.

 

VERIFIED CHECKS:

  1. IAM user access
    • AmazonS3FullAccess
  2. Repository variables
    • AWS_ACCESS_KEY_ID
    • AWS_SECRET_ACCESS_KEY
    • QA_BUCKET
  3. Cloudfront distribution
    • Pointed to the correct bucket
    • Allowed HTTP Methods
      • GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
    • bucket policy
  4. Basic auth:
    • Through AWS Lambda
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity <ID>"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::qa.polarunicorn.com/*"
}
]
}

 

bitbucket-pipelines.yml

image: node:10.15.3

pipelines:
custom:
qa:
- step:
name: QA - Install, test and build
caches:
- node
script:
- yarn
- yarn test
- yarn build:dev
artifacts:
- dist/**
- step:
name: QA - Deploy on S3
deployment: test
script:
- pipe: atlassian/aws-s3-deploy:0.3.7
variables:
AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
AWS_DEFAULT_REGION: '$AWS_REGION_NAME'
S3_BUCKET: '$QA_BUCKET'
ACL: 'public-read'
LOCAL_PATH: 'dist'
DELETE_FLAG: 'true'

 

Pipeline's build status:

build-failing.png

 

I find and tried all the possible solutions but not able to catch the actual issue here because everything looks good, as expected... ☹️

  

1 answer

1 accepted

0 votes
Answer accepted

Hi @Gulshan_kumar do you have any other Bucket ACLs, IAM Policies or Bucket Policies configured? Does the IAM user owns the bucket and/or objects that you try to update?

Thanks for the update @Alexander Zhukov and I just found the issue and it requires a minor change, just needs to update the ACL value in the bitbucket-pipelines.yml as:

ACL: 'bucket-owner-full-control'

and earlier, I was using

ACL: 'public-read'

(check in the question above)

 

---

All the valid values are:

private | public-read | public-read-write | authenticated-read | bucket-owner-read | bucket-owner-full-control | private

Default: private
Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket Pipelines

What We Learned When We Researched Open Source Vulnerabilities in 7 Popular Coding Languages

...hey are a part of us, shaping how we interact with the world around us. The same holds true for programming languages when we think about how different kinds of vulnerabilities raise their heads in t...

1,052 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you