Codepipeline: Insufficient permissions Unable to access the artifact with Amazon S3 object key

I was able to find a solution. The true issue is that when the deployment provider is set as Amazon ECS, we need to generate an output artifact indicating the name of the task definition and the image uri, for example:

post_build:    commands:      - printf '[{"name":"your.task.definition.name","imageUri":"%s"}]' $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG > imagedefinitions.jsonartifacts:    files: imagedefinitions.json

This happens when AWS CodeDeploy cannot find the build artifact from AWS CodeBuild. If you go into the S3 bucket and check the path you would actually see that the artifact object is NOT THERE!

Even though the error says about a permission issue. This can happen due the absent of the artifact object.

Solution: Properly configure artifacts section in buildspec.yml and configure AWS Codepipeline stages properly specifying input and output artifact names.

artifacts:  files:    - '**/*'  base-directory: base_dir  name: build-artifact-name  discard-paths: no

Refer this article - https://medium.com/@shanikae/insufficient-permissions-unable-to-access-the-artifact-with-amazon-s3-247f27e6cdc3

For me the issue was that my CodeBuild step was encrypting the artifacts using the Default AWS Managed S3 key.

My Deploy step uses a Cross-Account role, and so it couldn't retrieve the artifact. Once I changed the Codebuild encryption key to my CMK as it should've been originally, my deploy step succeeded.