I have been using serverless to deploy a Lambda application in a bitbucket pipeline for well over a year. I just started getting an error yesterday and I can’t figure out why.
Serverless Error ----------------------------------------
Could not locate deployment bucket. Error: Access Denied
I re-created my AWS keys, and tested the key has access to the bucket using Filezilla pro. In the log I can see it is using the correct region. I replaced the key variables with hard coded values and I have the same error. I used the keys and I was able to deploy the project from my local system with no issue.
I tried putting in a bogus AWS key and I am getting the same error. I don’t believe the error means it can’t access the bucket, but is also a notice that they key is not working.
Here is the code from my pipleline file. None of the code has changed, but I realized this could be pulling a different docker image, serverless version etc. As far as I can tell the libraries are all the same version. I am running out of ideas. Any help is appreciated.
I am still having issues. I can run these same commands on a local docker container and the deploy works. I was able to get this detailed output:
Serverless: [AWS sts 200 0.202s 0 retries] getCallerIdentity({})
Serverless: Invoke aws:package:finalize
Serverless: Invoke aws:common:moveArtifactsToPackage
Serverless: Invoke aws:common:validate
Serverless: Invoke aws:deploy:deploy
Serverless: [AWS cloudformation 400 0.092s 0 retries] describeStacks({ StackName: 'z-image-resize-dev' })
Serverless: Ensuring that deployment bucket exists
Serverless: [AWS s3 403 0.069s 0 retries] getBucketLocation({ Bucket: 'icustomize-image-resize' })
Serverless Error ----------------------------------------
ServerlessError: Could not locate deployment bucket. Error: AccessDenied: Access Denied
at Request.extractError (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/services/s3.js:711:35)
at Request.callListeners (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/request.js:686:14)
at Request.transition (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/request.js:688:12)
at Request.callListeners (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
at Request.emit (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/request.js:686:14)
at Request.transition (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/request.js:688:12)
at Request.callListeners (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
at callNextListener (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/sequential_executor.js:96:12)
at IncomingMessage.onEnd (/opt/atlassian/pipelines/agent/build/node_modules/aws-sdk/lib/event_listeners.js:417:13)
at IncomingMessage.emit (events.js:327:22)
at IncomingMessage.EventEmitter.emit (domain.js:486:12)
at endReadableNT (_stream_readable.js:1327:12)
at processTicksAndRejections (internal/process/task_queues.js:80:21)
----------------------------------------------------------------------------------------------------
at AwsDeploy.ensureValidBucketExists (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/plugins/aws/deploy/lib/ensure-valid-bucket-exists.js:35:15)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at async aws:deploy:deploy:checkForChanges (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/plugins/aws/deploy/index.js:127:9)
at async PluginManager.runHooks (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/classes/PluginManager.js:601:35)
at async PluginManager.invoke (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/classes/PluginManager.js:639:9)
at async PluginManager.spawn (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/classes/PluginManager.js:663:5)
at async PluginManager.runHooks (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/classes/PluginManager.js:601:35)
at async PluginManager.invoke (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/classes/PluginManager.js:639:9)
at async PluginManager.run (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/classes/PluginManager.js:700:7)
at async Serverless.run (/opt/atlassian/pipelines/agent/build/node_modules/serverless/lib/Serverless.js:468:5)
at async /opt/atlassian/pipelines/agent/build/node_modules/serverless/scripts/serverless.js:836:9
Does this line indicate that serverless was able to auth and request data from AWS? I was thinking that the connection was not setup correctly, but this seems like it is working until it gets to the S3 bucket.