question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CodeBuild buildspec reports — Not authorized to perform: codebuild:CreateReportGroup

See original GitHub issue

I’m working on adding test reporting to my pipeline, but I’m getting an error using CodeBuild’s Report Groups functionality. According to the docs, non-existent report groups are supposed to be created on the fly, but as you’ll see, the privileges granted by CDK don’t allow it.

Reproduction Steps

Here’s the relevant section from buildspec.yml:

reports:
  arc-test-reports:
    file-format: JunitXml
    base-directory: .test
    files:
      - .test/junit.xml

My CDK code is nothing special:

  stack.pipeline.addStage({
    stageName: 'Build',
    actions: [
      new CodeBuildAction({
        actionName: 'StackBuild',
        project: new PipelineProject(stack, 'DevStackBuild', {
          environment: {buildImage: LinuxBuildImage.AMAZON_LINUX_2_2},
          environmentVariables, // set elsewhere
          buildSpec: BuildSpec.fromSourceFilename('./infra/cdk/buildspec/stackBuild.yml'),
        }),
        input: stack.sourceArtifact,
        outputs: [stack.stackBuildArtifact],
      }),
    ],
  });

Error Log

CLIENT_ERROR: Error in UPLOAD_ARTIFACTS phase: [arc-test-reports: [error creating report group: AccessDeniedException: User: arn:aws:sts::215531866295:assumed-role/DevPipelineStack-DevStackBuildRole50F734AC-18GNOX97SSN7J/AWSCodeBuild-71e36eb0-07f4-4ed4-ae92-fc073405aaf2 is not authorized to perform: codebuild:CreateReportGroup on resource: arn:aws:codebuild:us-east-1:215531866295:report-group/DevStackBuildA1918915-iukT8k2ixC7W-arc-test-reports status code: 400, request id: b276f144-3697-409a-be20-c2af80de4c54]]

Environment

  • CLI Version : 1.32.2
  • Framework Version: 1.32.2
  • Language : JavaScript

This is 🐛 Bug Report

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:9 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
skinny85commented, Apr 29, 2020

PR is out: https://github.com/aws/aws-cdk/pull/7691 , let me know what you think about the proposed API @mikestopcontinues !

0reactions
mikestopcontinuescommented, Apr 30, 2020

Looks perfect! Great stuff!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Working with report groups - AWS CodeBuild
A report group contains test reports and specifies shared settings. You use the buildspec file to specify the test cases to run and...
Read more >
Create a test report in CodeBuild using the Amazon CLI sample
Tests that you specify in your buildspec file are run during your build. This sample shows you how to use the Amazon CLI...
Read more >
aws codebuild start-build - Fig.io
Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty ...
Read more >
CodeBuild policy error: "Not authorized to perform: ssm ...
You can see in the logs not authorized to perform: ssm:GetParameters on resource: Check the service role of your Codebuild have the ...
Read more >
AWS CodeBuild Report Groups 101 - YouTube
AWS CodeBuild provides a fully managed, Docker-based build environment. ... Report Groups help y... ... Your browser can't play this video.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found