エラー内容
Docker Compose と Amazon ECS を利用したソフトウェアデリバリの自動化を手順通り実行していくと、CodePipelineの ExecuteChangeSet でエラーとなる。
状態の理由
Resource handler returned message: "User is not authorized to perform that action on the specified resource (Service: Efs, Status Code: 403, Request ID: hogehogefugafuga)" (RequestToken: hogehogefugafuga, HandlerErrorCode: GeneralServiceException)
解決策
pipeline フォルダ内の cloudformation.yaml 184行目付近に arn:aws:iam::aws:policy/AmazonVPCFullAccess を追加する。
cloudformation.yaml
ExtractBuildRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
- "arn:aws:iam::aws:policy/AmazonVPCFullAccess"
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: codebuild.amazonaws.com
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Version: "2012-10-17"
フォルダ構成
.
├── LICENSE
├── README.md
├── application
│ ├── docker-compose.yml
│ └── frontend
│ ├── Dockerfile
│ ├── myweb
│ │ ├── app.py
│ │ ├── static
│ │ │ ├── blue.png
│ │ │ ├── green.png
│ │ │ └── style.css
│ │ └── templates
│ │ ├── health.html
│ │ └── index.html
│ └── requirements.txt
├── infrastructure
│ └── cloudformation.yaml
└── pipeline
└── cloudformation.yaml
GitHub
GitHubにソースコードを公開しています。