CodeBuild buildspec reports — Not authorized to perform: codebuild:CreateReportGroup
See original GitHub issueI’m working on adding test reporting to my pipeline, but I’m getting an error using CodeBuild’s Report Groups functionality. According to the docs, non-existent report groups are supposed to be created on the fly, but as you’ll see, the privileges granted by CDK don’t allow it.
Reproduction Steps
Here’s the relevant section from buildspec.yml
:
reports:
arc-test-reports:
file-format: JunitXml
base-directory: .test
files:
- .test/junit.xml
My CDK code is nothing special:
stack.pipeline.addStage({
stageName: 'Build',
actions: [
new CodeBuildAction({
actionName: 'StackBuild',
project: new PipelineProject(stack, 'DevStackBuild', {
environment: {buildImage: LinuxBuildImage.AMAZON_LINUX_2_2},
environmentVariables, // set elsewhere
buildSpec: BuildSpec.fromSourceFilename('./infra/cdk/buildspec/stackBuild.yml'),
}),
input: stack.sourceArtifact,
outputs: [stack.stackBuildArtifact],
}),
],
});
Error Log
CLIENT_ERROR: Error in UPLOAD_ARTIFACTS phase: [arc-test-reports: [error creating report group: AccessDeniedException: User: arn:aws:sts::215531866295:assumed-role/DevPipelineStack-DevStackBuildRole50F734AC-18GNOX97SSN7J/AWSCodeBuild-71e36eb0-07f4-4ed4-ae92-fc073405aaf2 is not authorized to perform: codebuild:CreateReportGroup on resource: arn:aws:codebuild:us-east-1:215531866295:report-group/DevStackBuildA1918915-iukT8k2ixC7W-arc-test-reports status code: 400, request id: b276f144-3697-409a-be20-c2af80de4c54]]
Environment
- CLI Version : 1.32.2
- Framework Version: 1.32.2
- Language : JavaScript
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Comments:9 (4 by maintainers)
Top GitHub Comments
PR is out: https://github.com/aws/aws-cdk/pull/7691 , let me know what you think about the proposed API @mikestopcontinues !
Looks perfect! Great stuff!