我有一個 Github 操作管道,它可以成功創建一個 S3,然后將我的戰爭檔案上傳到那里,但是在部署到 beantalk 時,總是出現 s3 訪問被拒絕錯誤。下面是我的 build.yml 檔案:
# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path
name: Maven Package
on:
pull_request:
branches:
- main
push:
branches:
- develop
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v2
name: Set up JDK 8
- uses: actions/setup-java@v2
with:
java-version: '8'
distribution: 'adopt'
server-id: github # Value of the distributionManagement/repository/id field of the pom.xml
settings-path: ${{ github.workspace }} # location for the settings.xml file
- name: Build with Maven
run: mvn -B package --file pom.xml
- name: make a new dir and upload war in there
run: mkdir staging && cp -r target/* staging
- uses: actions/upload-artifact@v2
with:
name: Package
path: staging
- name: list all files
run: ls && cd target && ls
- name: Publish to GitHub Packages Apache Maven
run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Deploy to EB
uses: einaregilsson/beanstalk-deploy@v18
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
application_name: springbootwebapi
environment_name: Springbootwebapi-env
version_label: v1.0.10
region: us-east-2
deployment_package: target/login-0.0.2-SNAPSHOT.war
下面是來自 GitHub 操作的一些日志片段:
沒有給出現有的存盤桶名稱,正在創建/請求存盤位置將檔案上傳到存盤桶 elasticbeanstalk-us-east-2-148565102071 新構建成功上傳到 S3,bucket=elasticbeanstalk-us-east-2-148565102071,key=/springbootwebapi/v1- 0-10.zip 在 Beanstalk 中創建了新的應用程式版本 v1.0.10。開始部署 v1.0.10 版本到環境 Springbootwebapi-env 部署開始,“wait_for_deployment”為真...
18:17:02 資訊:環境更新開始。18:17:06 錯誤:服務:Amazon S3,訊息:拒絕訪問 18:17:06 錯誤:部署應用程式失敗。18:17:07 錯誤:服務:Amazon S3,訊息:拒絕訪問:S3Bucket=elasticbeanstalk-us-east-2-148565102071,S3Key=resources/environments/e-fp5bx3gtdn/_runtime/_versions/springbootwebapi/v1.0.10 17:13 錯誤:部署失敗!當前狀態:版本:示例應用程式,運行狀況:紅色,運行狀況:降級錯誤:部署失敗:錯誤:部署失敗!當前狀態:版本:示例應用程式,運行狀況:紅色,運行狀況:降級
我不知道為什么在上傳成功后立即被拒絕訪問。
更新1:
我已經添加了以下權限,請參閱以下內容,但不起作用:
uj5u.com熱心網友回復:
AWSCompromisedKeyQuarantineV2從權限串列中洗掉后,它作業成功。原因是這個權限實際上拒絕了用戶的幾個相關操作,詳情見下面的JSON AWSCompromisedKeyQuarantineV2:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"iam:AddUserToGroup",
"iam:AttachGroupPolicy",
"iam:AttachRolePolicy",
"iam:AttachUserPolicy",
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:CreateInstanceProfile",
"iam:CreateLoginProfile",
"iam:CreatePolicyVersion",
"iam:CreateRole",
"iam:CreateUser",
"iam:DetachUserPolicy",
"iam:PassRole",
"iam:PutGroupPolicy",
"iam:PutRolePolicy",
"iam:PutUserPermissionsBoundary",
"iam:PutUserPolicy",
"iam:SetDefaultPolicyVersion",
"iam:UpdateAccessKey",
"iam:UpdateAccountPasswordPolicy",
"iam:UpdateAssumeRolePolicy",
"iam:UpdateLoginProfile",
"iam:UpdateUser",
"lambda:AddLayerVersionPermission",
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:GetPolicy",
"lambda:ListTags",
"lambda:PutProvisionedConcurrencyConfig",
"lambda:TagResource",
"lambda:UntagResource",
"lambda:UpdateFunctionCode",
"lightsail:Create*",
"lightsail:Delete*",
"lightsail:DownloadDefaultKeyPair",
"lightsail:GetInstanceAccessDetails",
"lightsail:Start*",
"lightsail:Update*",
"organizations:CreateAccount",
"organizations:CreateOrganization",
"organizations:InviteAccountToOrganization",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutLifecycleConfiguration",
"s3:PutBucketAcl",
"s3:DeleteBucketOwnershipControls",
"s3:DeleteBucketPolicy",
"s3:ObjectOwnerOverrideToBucketOwner",
"s3:PutAccountPublicAccessBlock",
"s3:PutBucketPolicy",
"s3:ListAllMyBuckets"
],
"Resource": [
"*"
]
}
]
}
uj5u.com熱心網友回復:
根據docs,您需要為 AWS 用戶附加以下策略,以便在使用您指定的 GitHub 操作時能夠部署您的專案:
AWSElasticBeanstalkWebTierAWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
添加上述內容將解決問題,同時還確保您在使用此 GitHub 操作時不會出現問題。
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/346550.html
標籤:爪哇 亚马逊网络服务 亚马逊-s3 亚马逊弹性豆茎 github-actions