Why did the pipeline fail?

By:
On:
In: DOP-C01
Tagged:
With: 0 Comments
During the next CodePipeline run, the pipeline exits with a FAILED state during the build stage.The DevOps engineer verifies that the correct Systems Manager parameter path is in place for the environment variable values that were changed.The DevOps engineer also validates that the environment variable type is Parameter.

Why did the pipeline fail?

The CodePipeline IAM service role does not have the required IAM permissions to use Parameter Store.

The CodePipeline IAM service role does not have the required IAM permissions to use the aws/ssm KMS key.

The CodeBuild IAM service role does not have the required IAM permissions to use Parameter Store.

The CodeBuild IAM service role does not have the required IAM permissions to use the aws/ssm KMS key.

Explanations:

The issue lies with permissions related to Systems Manager Parameter Store, but the failure occurs in the build stage, which means the permissions required are for the CodeBuild service role, not the CodePipeline service role.

The issue is not related to the KMS key used for encryption in the CodePipeline service role. CodePipeline doesn’t directly interact with Parameter Store when environment variables are used in the CodeBuild stage.

The CodeBuild service role needs IAM permissions to access Systems Manager Parameter Store to retrieve the environment variables. Lack of the necessary permissions results in the pipeline failure during the build stage.

The failure is not related to permissions for theaws/ssmKMS key, as the issue pertains to accessing the Parameter Store values for environment variables, not the encryption of those parameters.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 16 =