Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Deployment variable is not reflecting in pipelines

I am using bitbucket pipeline to deploy using S3 deploy and for invalidation of by using aws-cloudfront-invalidate.


I have declared some variables at repository level and some at deployment environment level. 


DISTRIBUTION_ID is a part deployment variable and during the run pipeline it is throwing error (DISTRIBUTION_ID can be a null) while invalidation pipe.


When I move DISTRIBUTION_ID to repository level variable, it is working.


I am using latest version of both pipes.

1 answer

1 accepted

0 votes
Answer accepted

@Jaisa Ram can you provide the code of your pipeline? To use deployment variables you need to put the keyword to pipeline, sth like as


name: Deploy

deployment: production


BUT be aware that deployment variables overwrites repository ones.

For more details see docs:

Regards, Galyna

Thanks @Halyna Berezovska , it works after updating deployment keyword

Hi, @Halyna Berezovska 
I'm using the same deployment variables that I'm using with the previous pipe (aws-s3-deploy) but It shows me the following errors:

✖ Validation errors:
AWS_ACCESS_KEY_ID:- null value not allowed
- null value not allowed
DISTRIBUTION_ID:- null value not allowed

I had the same problem and I tried to fixed it using by moving all the variables to the repository settings.

Shouldn't aws-cloudfront-invalidate accept the deployment variables such as was-s3-deploy does?

The issue now is that it shows me the following error:

ERROR: Error creating a cloudfront invalidation

✖ Failed to create a cloudfront invalidation: An error occurred (AccessDenied) when calling the CreateInvalidation operation: User: arn:aws:iam::<iam>:user/Bitbucket is not authorized to perform: cloudfront:CreateInvalidation on resource: arn:aws:cloudfront::<iam>:distribution/<distribution_id>

@Jaisa Ram regarding the last question, why if failed - the user you use in s3 and cloudfront, do not have permissions to execute Cloudfront actions. To fix this, you have to change policy (any permissions attached, inline policy etc.) attached to this user or create another user specific for cloudfront.

Could you also tell more details about using Cloudfront as second pipe with default variables feature without passing aws keys as variables (I susoect you're using this)? We need to understand the root cause why it is not working for you.


Also feel free to use our new Bitbucket pipelines oidc feature , where you can authenticate without using any aws keys. Example of how to use it can be found here in the first Advanced example  .

Regards, Galyna

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

📣 Calling Bitbucket Data Center customers to participate in research

Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...

211 views 2 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you