I have created a cicd pipeline to import the existing resources in cloudformation. I want to Import the existing S3 bucket and encrypt it, all through the codepipeline only. I have used codebuild & codepipeline but I am getting an error while running the buildspec.yaml:
An error occurred (ValidationError) when calling the CreateChangeSet operation: S3 error: Access Denied
I can import and work on the same thing using console, and I have added access in both codepipeline & codebuild roles.
My buildspec.yml deploys following command:
- aws cloudformation create-change-set --stack-name ${STACK_NAME} --change-set-name ImportChangeSet --change-set-type IMPORT --resources-to-import file://ResourcesToImport.txt --template-url https://Bucket_Name.s3.eu-west-3.amazonaws.com/templates/Template_Import.yaml
For those who couldn't solve the above error:
I tried with --template-body instead of --template-url and it worked, because there was a issue with the url I provided in my cli command. So the above command changed to this:
aws cloudformation create-change-set --stack-name ${STACK_NAME} --change-set-name ImportChangeSet --change-set-type IMPORT --resources-to-import "[{\"ResourceType\":\"AWS::S3::Bucket\",\"LogicalResourceId\":\"ImportedS3Bucket\",\"ResourceIdentifier\":{\"BucketName\":\"${Bucket_Name}\"}}]"
--template-body file://templates/template.yaml --capabilities CAPABILITY_NAMED_IAM