Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CodeBuild buildspec reports — Not authorized to perform: codebuild:CreateReportGroup

See original GitHub issue

I’m working on adding test reporting to my pipeline, but I’m getting an error using CodeBuild’s Report Groups functionality. According to the docs, non-existent report groups are supposed to be created on the fly, but as you’ll see, the privileges granted by CDK don’t allow it.

Reproduction Steps

Here’s the relevant section from buildspec.yml:

reports:
  arc-test-reports:
    file-format: JunitXml
    base-directory: .test
    files:
      - .test/junit.xml

My CDK code is nothing special:

  stack.pipeline.addStage({
    stageName: 'Build',
    actions: [
      new CodeBuildAction({
        actionName: 'StackBuild',
        project: new PipelineProject(stack, 'DevStackBuild', {
          environment: {buildImage: LinuxBuildImage.AMAZON_LINUX_2_2},
          environmentVariables, // set elsewhere
          buildSpec: BuildSpec.fromSourceFilename('./infra/cdk/buildspec/stackBuild.yml'),
        }),
        input: stack.sourceArtifact,
        outputs: [stack.stackBuildArtifact],
      }),
    ],
  });

Error Log

CLIENT_ERROR: Error in UPLOAD_ARTIFACTS phase: [arc-test-reports: [error creating report group: AccessDeniedException: User: arn:aws:sts::215531866295:assumed-role/DevPipelineStack-DevStackBuildRole50F734AC-18GNOX97SSN7J/AWSCodeBuild-71e36eb0-07f4-4ed4-ae92-fc073405aaf2 is not authorized to perform: codebuild:CreateReportGroup on resource: arn:aws:codebuild:us-east-1:215531866295:report-group/DevStackBuildA1918915-iukT8k2ixC7W-arc-test-reports status code: 400, request id: b276f144-3697-409a-be20-c2af80de4c54]]

Environment

CLI Version : 1.32.2
Framework Version: 1.32.2
Language : JavaScript

This is 🐛 Bug Report

Issue Analytics

State:
Created 3 years ago
Comments:9 (4 by maintainers)

Top GitHub Comments

1reaction

skinny85commented, Apr 29, 2020

PR is out: https://github.com/aws/aws-cdk/pull/7691 , let me know what you think about the proposed API @mikestopcontinues !

0reactions

mikestopcontinuescommented, Apr 30, 2020

Looks perfect! Great stuff!

Top Results From Across the Web

Working with report groups - AWS CodeBuild

A report group contains test reports and specifies shared settings. You use the buildspec file to specify the test cases to run and...

Create a test report in CodeBuild using the Amazon CLI sample

Tests that you specify in your buildspec file are run during your build. This sample shows you how to use the Amazon CLI...

aws codebuild start-build - Fig.io

Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml). If this value is not provided or is set to an empty ...

CodeBuild policy error: "Not authorized to perform: ssm ...

You can see in the logs not authorized to perform: ssm:GetParameters on resource: Check the service role of your Codebuild have the ...

AWS CodeBuild Report Groups 101 - YouTube

AWS CodeBuild provides a fully managed, Docker-based build environment. ... Report Groups help y... ... Your browser can't play this video.