0

I have a problem to set a CodeBuild project's source as S3 bucket.

I'm working to make a cross region & account CI/CD pipeline by AWS CDK,
and want to use a single source bucket in a CodeBuild project in the pipeline.

  • S3 bucket which has build file is in the REGION_A / ACCOUNT_A
  • CodeBuild project is in the REGION_B / ACCOUNT_B

(CDK version 2.0 / Typescript)

I get the bucket like below by the bucket attribute,

const bucket_X = s3.Bucket.fromBucketAttributes(
            this,
            "ImportedBucketByAttr",
            {
                bucketArn: "arn:aws:s3:::BUCKET_NAME", 
                region: REGION_A,
            }
        )

and use it to the CodeBuild project source property.

const project_X = new codebuild.Project(this, PROJECT_ID, {
            projectName: PROJECT_NAME,
            source: Source.s3({
                bucket: bucket_X,
                path: "",
            }),
            environment: {
                buildImage: LinuxBuildImage.STANDARD_5_0,
            },
            timeout: Duration.minutes(30),
            queuedTimeout: Duration.minutes(240),
            role: ROLE_X,
        })

but the codebuild project returns bucket region error.

[Container] 2021/12/26 14:42:43 Waiting for agent ping
[Container] 2021/12/26 14:42:44 Waiting for DOWNLOAD_SOURCE
BucketRegionError: incorrect region, the bucket is not in 'REGION_B' region at endpoint ''
    status code: 301, request id: , host id:  for primary source

If I remember correctly, at the first time, the props of 'fromBucketAttributes' region: REGION_A was working. (codebuild project can get the source from the different region)
So I moved to other parts and updated multiple things without care this.

But after some updates on the stack... it started to return that error

I even deleted the stack and redeployed it but there were no lucks.

Could you give me a little hint?
How can I use the bucket in another region as source of CodeBuild?

(or let me know if my memory is wrong... Does CodeBuild cannot use the different region's bucket as a source??)

  • In my opinion, the role is not the matter. I can see the bucket in the ACCOUNT_B through the codebuild source info link because I set the bucket policy and role. And as you know.. if the role is the matter, console would display different message.

Thanks in advance.

Happy new year.

Noah Gray
  • 151
  • 1
  • 1
  • 13
  • If you use CodePipeline with one step for source and one for build, CDK will automatically create a replication bucket for you in the right region. – kichik Dec 26 '21 at 15:17
  • @kichik Hi, kichik, thanks for the comment. This CodeBuild project is a part (task) of a step function. That's why I chose the single code build... Do you recommend to use CodePipeline instead of the CodeBuild in the step function? – Noah Gray Dec 26 '21 at 16:15
  • + I meant, I just thought it seems more simpler to use CodeBuild than CodePipeline.. but if there is no way to get the S3 bucket from another region, will do as your comment. Thanks! – Noah Gray Dec 26 '21 at 16:24
  • That's the only way I know, unless you want to do the replication to a regional bucket yourself. Since you are deploying cross account, you might need to [create the buckets yourself](https://docs.aws.amazon.com/cdk/api/v1/docs/aws-codepipeline-readme.html#cross-account-codepipelines). – kichik Dec 26 '21 at 17:37

0 Answers0