我的 CloudWatch Event 规则没有触发我的 CodePipeline 管道
My CloudWatch Event rule doesn't trigger my CodePipeline pipeline
我在使用 AWS CloudWatch Events 时遇到一些问题。
我正在创建一个 CodePipeline CI 管道,它有一个 CodeCommit 存储库作为源,一个 CodeBuild 项目作为 Build/Test 阶段(然后,它部署到 Lambda,但问题是'在那里)。
我们有多个项目,我们将推动其他多个项目。因此,我创建了一个脚本来管理 AWS CI 内容(即创建一个管道、一个 CodeBuild 项目……以及一个链接到管道的 CloudWatch Events 规则)。
我第一次推送我的代码时,它有效。但是随后,进程停止被 CodeCommit 上的推送触发。
我找到了一个解决方案(但不是我想要的):我只需要修改管道,修改阶段(源),不触及任何东西,并保存空修改:它有效(保存之前,它请求创建与此管道关联的 CloudWatch Events 规则的授权。
有人遇到过这个问题吗?你做了什么来绕过它?
我真的很想实现 100% 自动化 CI,我不想每次我的团队创建新存储库或在现有存储库上推送新分支时都去 AWS 控制台。
编辑:
这是我的 CloudWatch Events 规则的 JSON:
{
"Name": "company-ci_codepipeline_project-stage",
"EventPattern": "cf. second JSON",
"State": "ENABLED",
"Arn": "arn:aws:events:region:xxx:rule/company-ci_codepipeline_project-stage",
"Description": "CloudWatch Events rule to automatically trigger the needed pipeline from every push to project repository, on the stage branch on CodeCommit."
}
这里是 EventPattern JSON :
{
"source": [
"aws.codecommit"
],
"detail-type": [
"CodeCommit repository state change"
],
"resources": [
"arn:aws:codecommit:region:xxx:project"
],
"detail": {
"event": [
"referenceCreated",
"referenceUpdated"
],
"referenceType": [
"branch"
],
"referenceName": [
"stage"
]
}
}
我发现这个问题通常与事件 rule/target/role 配置有关。如果您没有与您的规则关联的目标,您将看不到在查看指标时调用的事件。由于您的 EventPattern 看起来是正确的,我认为目标可能是您的问题。
你应该有一个看起来像这样的配置目标:
{
"Rule": "company-ci_codepipeline_project-stage",
"Targets": [
{
"RoleArn": "arn:aws:iam::xxx:role/cwe-codepipeline",
"Id": "ProjectPipelineTarget",
"Arn": "arn:aws:codepipeline:region:xxx:your-pipeline"
}
]
}
如果一切顺利,接下来我将检查与目标关联的角色是否授予了正确的权限。我的角色类似于:
{
"Role": {
"Description": "Allows CloudWatch Events to invoke targets and perform actions in built-in targets on your behalf.",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "events.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
},
"MaxSessionDuration": 3600,
"RoleId": "xxxx",
"CreateDate": "2018-08-06T20:56:19Z",
"RoleName": "cwe-codepipeline",
"Path": "/",
"Arn": "arn:aws:iam::xxx:role/cwe-codepipeline"
}
}
它有一个内联策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codepipeline:StartPipelineExecution"
],
"Resource": [
"arn:aws:codepipeline:*:xxx:*"
]
}
]
}
作为参考,请查看此 documentation
我在使用 AWS CloudWatch Events 时遇到一些问题。
我正在创建一个 CodePipeline CI 管道,它有一个 CodeCommit 存储库作为源,一个 CodeBuild 项目作为 Build/Test 阶段(然后,它部署到 Lambda,但问题是'在那里)。
我们有多个项目,我们将推动其他多个项目。因此,我创建了一个脚本来管理 AWS CI 内容(即创建一个管道、一个 CodeBuild 项目……以及一个链接到管道的 CloudWatch Events 规则)。
我第一次推送我的代码时,它有效。但是随后,进程停止被 CodeCommit 上的推送触发。
我找到了一个解决方案(但不是我想要的):我只需要修改管道,修改阶段(源),不触及任何东西,并保存空修改:它有效(保存之前,它请求创建与此管道关联的 CloudWatch Events 规则的授权。
有人遇到过这个问题吗?你做了什么来绕过它? 我真的很想实现 100% 自动化 CI,我不想每次我的团队创建新存储库或在现有存储库上推送新分支时都去 AWS 控制台。
编辑:
这是我的 CloudWatch Events 规则的 JSON:
{
"Name": "company-ci_codepipeline_project-stage",
"EventPattern": "cf. second JSON",
"State": "ENABLED",
"Arn": "arn:aws:events:region:xxx:rule/company-ci_codepipeline_project-stage",
"Description": "CloudWatch Events rule to automatically trigger the needed pipeline from every push to project repository, on the stage branch on CodeCommit."
}
这里是 EventPattern JSON :
{
"source": [
"aws.codecommit"
],
"detail-type": [
"CodeCommit repository state change"
],
"resources": [
"arn:aws:codecommit:region:xxx:project"
],
"detail": {
"event": [
"referenceCreated",
"referenceUpdated"
],
"referenceType": [
"branch"
],
"referenceName": [
"stage"
]
}
}
我发现这个问题通常与事件 rule/target/role 配置有关。如果您没有与您的规则关联的目标,您将看不到在查看指标时调用的事件。由于您的 EventPattern 看起来是正确的,我认为目标可能是您的问题。
你应该有一个看起来像这样的配置目标:
{
"Rule": "company-ci_codepipeline_project-stage",
"Targets": [
{
"RoleArn": "arn:aws:iam::xxx:role/cwe-codepipeline",
"Id": "ProjectPipelineTarget",
"Arn": "arn:aws:codepipeline:region:xxx:your-pipeline"
}
]
}
如果一切顺利,接下来我将检查与目标关联的角色是否授予了正确的权限。我的角色类似于:
{
"Role": {
"Description": "Allows CloudWatch Events to invoke targets and perform actions in built-in targets on your behalf.",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "events.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
},
"MaxSessionDuration": 3600,
"RoleId": "xxxx",
"CreateDate": "2018-08-06T20:56:19Z",
"RoleName": "cwe-codepipeline",
"Path": "/",
"Arn": "arn:aws:iam::xxx:role/cwe-codepipeline"
}
}
它有一个内联策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"codepipeline:StartPipelineExecution"
],
"Resource": [
"arn:aws:codepipeline:*:xxx:*"
]
}
]
}
作为参考,请查看此 documentation