Getting AWS role credentials in Gradle


(Guy Grinwald) #1

I have an S3 repository that I want to access in my build process. It contains some of my project’s dependencies. My project is deployed to an EC2 instance with a designated role - Repo_dependent. The role has an Access_Repo policy attached to it:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmt1484560548000",
        "Effect": "Allow",
        "Action": [
            "s3:GetObject",
            "s3:ListBucket",
            "s3:GetBucketLocation"
        ],
        "Resource": [
            "arn:aws:s3:::my_bucket",
            "arn:aws:s3:::my_bucket/*"
        ]
    }
  ]
}

When I deploy the new server I get a The AWS Access Key Id you provided does not exist in our records. (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID: 02169BFDCF7AFE10) exception.

My build script is this (abbreviated for simplicity)

buildscript {
  repositories {
    jcenter()
  }
  dependencies {
    classpath 'com.amazonaws:aws-java-sdk:1.11.83'
  }
}

import com.amazonaws.auth.*

repositories {
  jcenter()
  maven {
    url "s3://my_bucket.s3.amazonaws.com"
    credentials(AwsCredentials) {
        def providercreds = new DefaultAWSCredentialsProviderChain().getCredentials()
        accessKey providercreds.getAWSAccessKeyId()
        secretKey providercreds.getAWSSecretKey()
    }
  }
}

Through testing I know Gradle is using the right role but for some reason the credentials passed are still not sufficient. Testing with the AWS CLI works (i.e. I can download the content of the bucket) so I’m pretty sure the problem is in the build script

Any help would be very much appreciated.