Geek Answers Handbook

Failed to download AWS CodeDeploy Agent Installation File

I am trying to load an AWS Codedeploy agent file on my Amazon Linux. I followed the instructions mentioned at http://docs.aws.amazon.com/codedeploy/latest/userguide/how-to-run-agent.html , for Amazon Linux, created the corresponding instance profile, service role, etc. All the latter (Amazon Linux, CLI Packages, this is a new instance, and I tried this with at least three new instances with the same result). All instances have full outgoing Internet access.

But the following instruction to download the installation from S3 always fails,

aws s3 cp s3://aws-codedeploy-us-east-1/latest/install . --region us-east-1

With an error, A client error occurred while calling the HeadObject operation (403): Forbidden Completed 1 part with ... remaining files

Can someone help me with this error?

+7
amazon-s3 amazon-web-services aws-code-deploy
source share
2 answers

I understood the problem, according to the Codedeploy documentation for the IAM instance profile

http://docs.aws.amazon.com/codedeploy/latest/userguide/how-to-create-iam-instance-profile.html

The following permissions must be granted to your IAM instance profile.

 { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:Get*", "s3:List*" ], "Effect": "Allow", "Resource": "*" } ] }

But I limited the resource to a code bucket, since I do not want my instances to directly access other buckets. But it turns out that I also need to provide additional permission for the aws-codedeploy-us-east-1 / * s3 resource to be able to load the agent. This is not entirely clear in the document for configuring the IAM instance profile for Codedeploy.

+17
source share

A more restrictive policy that works:

 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": [ "arn:aws:s3:::aws-codedeploy-us-east-1/*", "arn:aws:s3:::aws-codedeploy-us-west-1/*", "arn:aws:s3:::aws-codedeploy-us-west-2/*", "arn:aws:s3:::aws-codedeploy-ap-south-1/*", "arn:aws:s3:::aws-codedeploy-ap-northeast-2/*", "arn:aws:s3:::aws-codedeploy-ap-southeast-1/*", "arn:aws:s3:::aws-codedeploy-ap-southeast-2/*", "arn:aws:s3:::aws-codedeploy-ap-northeast-1/*", "arn:aws:s3:::aws-codedeploy-eu-central-1/*", "arn:aws:s3:::aws-codedeploy-eu-west-1/*", "arn:aws:s3:::aws-codedeploy-sa-east-1/*" ] } ] }
+2
source share

More articles:


All Articles