Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS Code deploy cannot reach instance service

0

I'm going to use ec2, s3, codedeploy to configure cicd through github Action

These are the settings.

This is Code deploy IAM Role AmazonEC2FullAccess ,AmazonS3FullAccess, AWSCodeDeployRole

this is EC2 IAM Role AmazonS3FullAccess, AWSCodeDeployRole, AmazonEC2RoleforAWSCodeDeploy, AWSCodeDeployFullAccess, AWSCodeDeployRoleForECS

This is User IAM Role User access was done using a local programming key AmazonEC2FuullAccess, AmazonS3FullAccess, AWSCodeDeployFullAccess, AWSCodeDeployRole, IAMFullAccess,PowerUserAccess

And I can access S3 through aws cli and download the zip file Just code deployment doesn't work When codedeploy is turned on, the following error occurs

2023-05-20 14:54:40 ERROR [codedeploy-agent(725)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Cannot reach InstanceService: Aws::CodeDeployCommand::Errors::AccessDeniedException - 2023-05-20 14:56:10 INFO [codedeploy-agent(725)]: Version file found in /opt/codedeploy-agent/.version with agent version OFFICIAL_1.3.2-1902_deb. 2023-05-20 14:56:10 INFO [codedeploy-agent(725)]: [Aws::CodeDeployCommand::Client 400 0.035239 0 retries] poll_host_command(host_identifier:"arn:aws:ec2:ap-northeast-2:634327468890:instance/i-023d83ff3c7b4341e") Aws::CodeDeployCommand::Errors::AccessDeniedException

2023-05-20 14:56:10 ERROR [codedeploy-agent(725)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Cannot reach InstanceService: Aws::CodeDeployCommand::Errors::AccessDeniedException - 2023-05-20 14:57:40 INFO [codedeploy-agent(725)]: Version file found in /opt/codedeploy-agent/.version with agent version OFFICIAL_1.3.2-1902_deb. 2023-05-20 14:57:40 INFO [codedeploy-agent(725)]: [Aws::CodeDeployCommand::Client 400 0.032228 0 retries] poll_host_command(host_identifier:"arn:aws:ec2:ap-northeast-2:634327468890:instance/i-023d83ff3c7b4341e") Aws::CodeDeployCommand::Errors::AccessDeniedException

Themen
EntwicklertoolsSicherheit, Identität & KonformitätManagement & UnternehmensführungDevOps
Tags
AWS CodeDeployAWS Identity and Access ManagementAWS BefehlszeilenschnittstelleDevOpsIAM-Richtlinien
Sprache
English
gildong
gefragt vor einem Jahr1882 Aufrufe
2 Antworten
2

You probably have AWS credential file stored somewhere in the instance, e.g, /root/.aws/credentials or /home/{user}/.aws/credentials. Remove this file and restart the CodeDeploy agent service e,g. systemctl restart codeploy-agent. I found the solution at https://stackoverflow.com/questions/37721601/aws-code-deploy-deployment-failed

rePost-User-3541224
beantwortet vor einem Jahr
  • psst_um_lakia
    vor 10 Monaten

    Worked for me after following it.

  • DD-Boom
    vor 6 Monaten

    I must use /root/.aws/credentials or /home/{user}/.aws/credentials because I want to upload logs to cloudwatch to other areas. How do I configure it?

0

I thought that CodeDeploy Agent was not getting the IAM information from the instance profile properly.
What happens if I restart EC2 itself?

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor einem Jahr
  • gildong
    vor einem Jahr

    I've done it dozens of times, and nothing happens... I'm so sad

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt