Deployment job in Bamboo fails while consuming the artifact from Amazon S3 bucket with "Error Code: 403 Forbidden" error
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
This article covers a scenario where Bamboo artifacts are generated successfully via the build and stored in the S3 bucket. However when the deployment job tries to consume or read the artifact from the S3 bucket the job fails with "Error Code: 403 Forbidden" error.
環境
The issue was seen on Bamboo 9.0 with Amazon S3 artifact handler but the solution will be applicable for other Bamboo versions as well with the same artifact handler..
診断
Deployment job fails while trying to access the artifact from the Amazon S3 bucket. We can see the below error "Amazon S3; Status Code: 403; Error Code: 403 Forbidden" in the deployment logs.
simple 17-Jun-2015 15:37:14 Preparing artifact 'scripts' for use at scripts
error 17-Jun-2015 15:37:14 Forbidden (Service: Amazon S3; Status Code: 403; Error Code: 403 Forbidden; Request ID: A5XXXXXXXXEB)
simple 17-Jun-2015 15:37:14 Failure in artifact preparation phase during processing of: Subscription for Shared artifact: [scripts], pattern: [*]anchored at: [scripts], destination: [scripts]
error 17-Jun-2015 15:37:14 1 error(s) found when performing pre-build actions.原因
The artifacts are generated successfully via the build and stored in the S3 bucket. However when the deployment job tries to consume or read the artifact from the S3 bucket the job fails with "Error Code: 403 Forbidden" error.
The error we are seeing could indicate an issue with user permissions for the S3 .AWS credentials used for Elastic Bamboo configuration require proper S3 permissions for certain actions in Amazon S3 bucket which is missing.
ソリューション
Create a policy by following Amazon Policy guide and AWS Policy Generator to grant permissions to Bamboo on the S3 Bucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1434671502112",
"Action": [
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::atlassian-net-bamboo-artifacts"
}
]
}