When I try deploy to ECS in another account by Codepipeline, I receive this message:
Unable to access the artifact with Amazon S3 object key 'xxxxxxxx/BuildArtif/yyyy'
I realized that the reason is to use the default KMS. I would need to create a new Customer Managed Key and give permission to cross account.
Link 01: https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create-cross-account.html
Link 02: https://stackoverflow.com/a/66651760/5494849
The problem is:
The only artifact is the "imagedefinitions.json" created in Build stage and used in Deploy ECS stage and I don't need encrypt it and wouldn't like to pay 1 USD for a CMK that i don't need.
I figure out that i can't disable KMS in Codepipeline. Also, i tried check "Disable artifact encryption" in CodeBuild, but looks codepipeline overrides this configuration.
My next idea is: Create a new Code Build Project and replace my current ECS Deploy. I wouldn't need imagedefinitions.json artifact (i just will set output environment variables) and would do the deploy using aws cli (create a task definition revision and update service). But i really i dont know if this is a good idea.
Is there any other solution that I can't figure out?
