I created a CodeBuild Project that uses a docker image for node8. The purpose of this CodeBuild project is to do unit testing. It takes an input artifact from CodeCommit. And in the buildspec.yml it runs a test command.

This is my (simple) buildspec file:

version: 0.2

phases:
  install:
    commands:
     - echo "install phase started"
     - npm install
     - echo "install phase ended"
  pre_build: 
    commands:
     - echo "pre_build aka test phase started"
     - echo "mocha unit test"
     - npm test
     - echo "mocha unit test ended"
  build:
    commands:
     - echo "build phase started"
     - echo "build complete"

The build is failing at the DOWNLOAD_SOURCE phase with the following:

PHASE - DOWNLOAD_SOURCE

Start time 2 minutes ago

End time 2 minutes ago

Message Access Denied

The only logs in the build logs are the following

[Container] 2018/01/12 11:30:22 Waiting for agent ping

[Container] 2018/01/12 11:30:22 Waiting for DOWNLOAD_SOURCE

Thanks in advance.

Screenshot of the CodeBuild policies.

I found a fix. It was a problem with my permissions. I added this to make it work.

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Resource": [
            "arn:aws:logs:eu-west-1:723698621383:log-group:/aws/codebuild/project",
            "arn:aws:logs:eu-west-1:723698621383:log-group:/aws/codebuild/project:*"
        ],
        "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents"
        ]
    },
    {
        "Effect": "Allow",
        "Resource": [
            "arn:aws:s3:::codepipeline-eu-west-1-*"
        ],
        "Action": [
            "s3:PutObject",
            "s3:GetObject",
            "s3:GetObjectVersion"
        ]
    },
    {
        "Effect": "Allow",
        "Action": [
            "ssm:GetParameters"
        ],
        "Resource": "arn:aws:ssm:eu-west-1:723698621383:parameter/CodeBuild/*"
    }
]

}

I had similar error and will post my fix in case it helps anyone else. I was using CodePipeline and had two separate builds happening. Build #1 would complete its build and the output artifact for that was to be the input artifact for Build #2. Build #2 was failing on the the DOWNLOAD_SOURCE phase with the following error:

AccessDenied: Access Denied status code: 403

The problem was that in my build spec for Build #1, I didn't have the artifacts defined. After calling out the artifact files/folders in Build #1, then Build #2 was able to download the source without issue.