I'm trying to setup my Node project with AWS CodeBuild.
version: 0.2
phases:
pre_build:
commands:
- $(aws ecr get-login)
- TAG="$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | head -c 8)"
build:
commands:
- docker build -t "${REPOSITORY}:${TAG}" .
post_build:
commands:
- docker push "${REPOSITORY}:${TAG}"
When I trigger a build, command $(aws ecr get-login) fails:
An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User is not authorized to perform: ecr:GetAuthorizationToken on resource: * [Container] 2018/10/26 10:04:12 Command did not exit successfully $(aws ecr get-login) exit status 255
In IAM console, the user has these policies attached:
and both contain ecr:GetAuthorizationToken permission.
What am I missing?
Solved. I needed to give ecr:GetAuthorizationToken permission to the role, instead of to the user.