I'm trying to use Jenkins as a build server hosted on aws. For that I have an EC2 instance with Jenkins up and running. I installed the AWS EC2 plugin but when I try to configure it (by going to jenkins -> configure system -> add cloud -> aws) I get the following error:
Stack trace
com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:131)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:
I can't even fill in the AWS credentials.
Anybody have any thoughts on this?
some people have worked around this error by not ticking the "IAM Role" checkbox when configuring AWS.
see open jenkins issue: S3 plugin - Unable to load AWS credentials from any provider in the chain
see also stackoverflow question: Unable to load AWS credentials from any provider in the chain - Jenkins & AWS codepipeline
Related
I was trying to deploy webserver in EC2 instance, this is the error i'm getting in deployment phase
I'm uploading code to s3 and implementing via CodeDeploy to EC2.
My Ec2 CodeDeploy agent service running.
even though I provided role for EC2 - Awscodedeployfullacces,ec2fullaccess,S3fullacess. And codedeploy-access for my deployment grp, I was implementing in a (amazon) linux machine.
Deployment events log in aws:
this is my yaml code:
and the corresponding codes in scripts/ folder.
Event Log failed:
I am currently building Jenkins + ECR CI/CD.
Here's pipeline code.
docker.withRegistry(
'https://ID.ecr.eu-west-1.amazonaws.com',
'ecr:eu-west-1:86c8f5ec-1ce1-4e94-80c2-18e23bbd724a') {
My Question is How can I get ECR login credential?
The login credential in the above code is 'ecr:eu-west-1:86c8f5ec-1ce1-4e94-80c2-18e23bbd724a'.
My reference documentation is https://plugins.jenkins.io/amazon-ecr/
Install AWS Pipeline Plugin in Jenkins,
Then you can create an aws credential from Manage Jenkins - Manage credentials
Open a freestyle job. You can find "Credentials" under git or docker. Choose one to click add. The default credential provider is jenkins. Click it and choose "AWS credential". Fill amazon access key ID and access key and submit.
Go to "Manage Jenkins" and then "Manage Credentials". You can find credential id.
I am trying to implement CI/CD using AWS CodeBuild, and trying to deploy an application onto an AWS EC2 instance, but the code deployment is failing and showing the error below:
The IAM role arn:aws:iam::341502448925:role/CodeDeployServiceRole does not give you permission to perform operations in the following AWS service: AmazonEC2
I have even created service role in the IAM console but it's not working for me. Someone let me know how can I resolve this issue.
Except for creating an IAM role you should also install aws codedeploy agent on your ec2 instance:
install aws-codedeploy agent
I have single ec2 instance running on ubuntu server and I am trying to implement CI/CD flow using codedeploy and source is bit-bucket.I jave also installed codedeploy-agent on ec2 instance and it is installed and running successfully but whenever I am deploying code on ec2 deployment is failing with an error shown below:
The overall deployment failed because too many individual instances failed deployment, too few
healthy instances are available for deployment, or some instances in your deployment group are
experiencing problems.
In the CodeDeploy agent log file that I am accessing using less /var/log/aws/codedeploy-agent/codedeploy-agent.log showing below error:
ERROR [codedeploy-agent(31598)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller:
Missing credentials - please check if this instance was started with an IAM instance profile
I am unable to understand how can I overcome this error someone let me know.
CodeDeploy agent requires IAM permissions provided by IAM role/profile of your instance. The exact permissions needed are given in AWS docs:
Step 4: Create an IAM instance profile for your Amazon EC2 instances
We are switching from Docker Hub to ECR and I'm curious how to structure the Dockerrun.aws.json file to use this image. I attempted to modify the name as <my_ECR_URL>/<repo_name>:<image_tag> but this is not successful. I also saw the details of private registries using an authentication file on S3 but this doesn't seem like the correct route when aws ecr get-login is the recommended way to authenticate with ECR.
Can anyone point me to how I can use an ECR image in a Beanstalk Dockerrun.aws.json file?
If I look at the ECS Task Definition,there's a required attribute called com.amazonaws.ecs.capability.ecr-auth, but I'm not setting that anywhere in my Dockerrun.aws.json file and I'm not sure what needs to be there. Perhaps it is an S3 bucket? Something is needed as every time I try to run the Elastic Beanstalk created tasks from ECS, I get:
Run tasks failed
Reasons : ATTRIBUTE
Any insights are greatly appreciated.
Update I see from some other threads that this used to occur with earlier versions of the ECS agent but I am currently running Agent version 1.6.0 and Docker version 1.7.1, which I believe are the recommended versions. Is this possibly an issue with the Docker version?
So it turns out, the ECS agent was only able to pull images with version 1.7, and that's where mine was falling. Updating the agent resolves my issue, and hopefully it helps someone else.
This is most likely an issue with IAM roles if you are using a role that was previously created for Elastic Beanstalk. Ensure that the role that Elastic Beanstalk is running with has the AmazonEC2ContainerRegistryReadOnly managed policy attached
Source: http://docs.aws.amazon.com/AmazonECR/latest/userguide/ECR_IAM_policies.html
Support for ECR was added in version 1.7.0 of the ECS Agent.
When using Elasticbeanstalk and ECR you don't need to authenticate. Just make sure the user has the policy AmazonEC2ContainerRegistryReadOnly
You can store your custom Docker images in AWS with Amazon EC2 Container Registry (Amazon ECR). When you store your Docker images in
Amazon ECR, Elastic Beanstalk automatically authenticates to the
Amazon ECR registry with your environment's instance profile, so you
don't need to generate an authentication file and upload it to Amazon
Simple Storage Service (Amazon S3).
You do, however, need to provide your instances with permission to
access the images in your Amazon ECR repository by adding permissions
to your environment's instance profile. You can attach the
AmazonEC2ContainerRegistryReadOnly managed policy to the instance
profile to provide read-only access to all Amazon ECR repositories in
your account, or grant access to single repository by using the
following template to create a custom policy:
Source: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.container.console.html