✘ Failed to deploy service.
✘ deploy service: check if changeset is empty: create change set copilot-41c097c6-ae59-4169-a782-98581c856efa for stack example-app-test-front-end: AccessDenied: User: arn:aws:sts::935157358684:assumed-role/example-app-test-EnvManagerRole/1608798589915407000 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::935157358684:role/example-app-test-CFNExecutionRole
status code: 403, request id: 994c34cc-8ceb-467b-99bf-35f2321d51cb: describe change set copilot-41c097c6-ae59-4169-a782-98581c856efa for stack example-app-test-front-end: ValidationError: Stack [example-app-test-front-end] does not exist
status code: 400, request id: 854b78d1-0ac5-4a7d-b2f5-f090236fdc91: describe stack: describe stack events for stack example-app-test-front-end: ValidationError: Stack [example-app-test-front-end] does not exist
status code: 400, request id: a87925c9-7e7c-46c0-b2f6-2abb7d477479
copilot svc deploy
works fine, I just setup a default pipeline to automatically build and deploy after commit. I can see the pipeline getting triggered automatically on commit to main
branch but the build is failing even though it builds fine when I run copilot svc deploy. Are the same env variables and secrets defined in my manifest used in the pipeline build? I don't see any env vars when poking around in CodePipeline admin.
It fails at this step COMMAND_EXECUTION_ERROR: Error while executing command: for workload in $WORKLOADS; do manifest
but no useful error message just Reason: exit status 1
so I'm not sure how to proceed debugging, any ideas?
Hi David,
I have tried to add this to addons:
Resources:
SSMAccessPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ssm:Describe*
- ssm:Get*
- ssm:List*
Resource: "{{ resource ARN }}"
Outputs:
SSMAccessPolicyArn:
Description: "The ARN of the ManagedPolicy to attach to the task role."
Value: !Ref SSMAccessPolicy
and i get an error saying ResourceNotReady: failed waiting for successful resource state: Parameter values specified for a template which does not require them.
Heya @srikaransc !
Can you try this:
Parameters:
App:
Type: String
Description: Your application's name.
Env:
Type: String
Description: The environment name your service, job, or workflow is being deployed to.
Name:
Type: String
Description: The name of the service, job, or workflow being deployed.
Resources:
SSMAccessPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- ssm:Describe*
- ssm:Get*
- ssm:List*
Resource: "{{ resource ARN }}"
Outputs:
SSMAccessPolicyArn:
Description: "The ARN of the ManagedPolicy to attach to the task role."
Value: !Ref SSMAccessPolicy
Copilot always passes these parameters to the Addons stack so that you can build your own fancy names, or maybe import values from the environment or service stack
Hi everyone,
Please can someone tell me which directory does buildspec post_build execute in?
I want to upload file to newly created s3 bucket
- aws s3 sync public/assets/images s3://bucket-name
Also is it possbile to get dynamic bucket name inside buildspec?
Thanks