Я использую Beanstalk и Codepipeline.
До сборки работает нормально, но
Развертывание не удалось. Предоставленная роль не имеет достаточных разрешений: Не удалось развернуть приложение. Сервис: AWSLogs, Сообщение: Пользователь: arn: aws: sts ::: Предполагаемая роль / конвейерная роль / не авторизован для выполнения: logs: CreateLogGroup на ресурсе: arn: aws: logs: ap-northeast- 2 :: log-group: /aws/elasticbeanstalk/repo-env/var/log/nginx/error.log: log-stream:
происходит в развертывании Beanstalk.
Нужно ли мне разрешение для группы журналов?
Моя роль кодипайлина
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"opsworks:DescribeStacks",
"devicefarm:GetRun",
"rds:*",
"cloudformation:CreateChangeSet",
"autoscaling:*",
"codebuild:BatchGetBuilds",
"devicefarm:ScheduleRun",
"servicecatalog:ListProvisioningArtifacts",
"devicefarm:ListDevicePools",
"cloudformation:UpdateStack",
"servicecatalog:DescribeProvisioningArtifact",
"cloudformation:DescribeChangeSet",
"devicefarm:ListProjects",
"cloudformation:ExecuteChangeSet",
"sns:*",
"lambda:ListFunctions",
"lambda:InvokeFunction",
"codedeploy:RegisterApplicationRevision",
"devicefarm:CreateUpload",
"cloudformation:*",
"opsworks:DescribeDeployments",
"cloudformation:DescribeStacks",
"codecommit:GetUploadArchiveStatus",
"cloudwatch:*",
"cloudformation:DeleteStack",
"opsworks:DescribeInstances",
"ecs:*",
"ecr:DescribeImages",
"ec2:*",
"codebuild:StartBuild",
"cloudformation:ValidateTemplate",
"opsworks:DescribeApps",
"opsworks:UpdateStack",
"codedeploy:CreateDeployment",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeploymentConfig",
"servicecatalog:CreateProvisioningArtifact",
"sqs:*",
"cloudformation:DeleteChangeSet",
"codecommit:GetCommit",
"servicecatalog:DeleteProvisioningArtifact",
"codedeploy:GetApplication",
"cloudformation:SetStackPolicy",
"codecommit:UploadArchive",
"s3:*",
"elasticloadbalancing:*",
"codecommit:CancelUploadArchive",
"devicefarm:GetUpload",
"elasticbeanstalk:*",
"opsworks:UpdateApp",
"opsworks:CreateDeployment",
"cloudformation:CreateStack",
"servicecatalog:UpdateProduct",
"codecommit:GetBranch",
"codedeploy:GetDeployment",
"opsworks:DescribeCommands"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"cloudformation.amazonaws.com",
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
}
}
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "codestar-connections:UseConnection",
"Resource": "*"
}
]
}