I have an S3 repository that I want to access in my build process. It contains some of my project’s dependencies. My project is deployed to an EC2 instance with a designated role - Repo_dependent. The role has an Access_Repo policy attached to it:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1484560548000",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::my_bucket",
"arn:aws:s3:::my_bucket/*"
]
}
]
}
When I deploy the new server I get a The AWS Access Key Id you provided does not exist in our records. (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID: 02169BFDCF7AFE10) exception.
My build script is this (abbreviated for simplicity)
buildscript {
repositories {
jcenter()
}
dependencies {
classpath 'com.amazonaws:aws-java-sdk:1.11.83'
}
}
import com.amazonaws.auth.*
repositories {
jcenter()
maven {
url "s3://my_bucket.s3.amazonaws.com"
credentials(AwsCredentials) {
def providercreds = new DefaultAWSCredentialsProviderChain().getCredentials()
accessKey providercreds.getAWSAccessKeyId()
secretKey providercreds.getAWSSecretKey()
}
}
}
Through testing I know Gradle is using the right role but for some reason the credentials passed are still not sufficient. Testing with the AWS CLI works (i.e. I can download the content of the bucket) so I’m pretty sure the problem is in the build script
Any help would be very much appreciated.