By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How do I fix a compute environment that's not valid in AWS Batch?

5 minute read
0

My compute environment in AWS Batch is in the INVALID state.

Short description

You receive the following error:

"CLIENT_ERROR - Your compute environment has been INVALIDATED and scaled down because none of the instances joined the underlying ECS Cluster. Common issues preventing instances joining are the following: VPC/Subnet configuration preventing communication to ECS, incorrect Instance Profile policy preventing authorization to ECS, or customized AMI or LaunchTemplate configurations affecting ECS agent."

Issues that prevent your instances from joining an Amazon Elastic Container Service (Amazon ECS) cluster include:

  • Amazon Virtual Private Cloud (Amazon VPC) subnet configuration settings prevent successful communication to Amazon ECS.
  • An incorrect setting within the instance profile policy prevents authorization to Amazon ECS.
  • Customized Amazon Machine Images (AMIs) or launch template configurations affect the ECS agent.

CLIENT_ERROR occurs when the Amazon Elastic Compute Cloud (Amazon EC2) instances that the AWS Batch compute environment created failed to join the ECS cluster. When the CLIENT_ERROR error occurs, AWS Batch automatically terminates the EC2 instance, and then moves the compute environment into an INVALID state.

Note: For AWS Batch on Amazon Elastic Kubernetes Service (Amazon EKS) compute environments, see INVALID compute environment.

Resolution

If your compute environment is in the INVALID state, then choose one of the following resolutions based on the error message that you receive.

CLIENT_ERROR - Not authorized to perform sts:AssumeRole

To resolve the CLIENT_ERROR - Not authorized to perform sts:AssumeRole error, fix the service role that's not valid. Complete the following steps:

  1. Open the AWS Batch console.

  2. In the navigation pane, choose Compute environments.

  3. Choose the compute environment that's in the INVALID state.

    Note: If your compute environment is in the DISABLED state, then choose Enable to activate your compute environment.

  4. Choose Edit.

  5. For Service role, choose a service role with permissions for AWS Batch to make calls to other AWS services.

    Note: Your service role manages the resources that you use with the service. Before you use the service, you must have an AWS Identity and Access Management (IAM) policy and role that provides the necessary permissions. If you don't have an IAM role with the necessary permissions, then create one.

  6. Choose Save.

CLIENT_ERROR - Parameter: SpotFleetRequestConfig.IamFleetRole is invalid

For managed compute environments that use Amazon EC2 Spot Fleet instances, create a role that grants the Spot Fleet the following permissions:

  • Bidding on instances
  • Launching instances
  • Tagging instances
  • Terminating instances

If you don't have a Spot Fleet role, then use the IAM console to create one.

Note: Use your new Spot Fleet role to create new compute environments. Existing compute environments can't change Spot Fleet roles. To remove the obsolete environment, first deactivate it, and then delete that environment.

CLIENT_ERROR - The specified launch template, with template ID [###], does not exist

If the launch template that's associated with your compute environment doesn't exist, deactivate your compute environment, and then delete it. Complete the following steps:

  1. Open the AWS Batch console.
  2. In the navigation pane, choose Compute environments.
  3. Select the compute environment that's in the INVALID state. Then, choose Disable.
  4. Choose Delete.
  5. Create a new compute environment.

CLIENT_ERROR - Access denied

To resolve the CLIENT_ERROR - Access denied error, create a service role with the correct permissions. Or, choose an existing service role with the correct permissions.

Internal Error

To resolve an Internal Error error, deactivate your compute environment, and then activate it. Complete the following steps:

  1. Open the AWS Batch console.
  2. In the navigation pane, choose Compute environments.
  3. Choose the compute environment that's in the INVALID state. Then, choose Disable.
  4. Choose the same compute environment, and then choose Enable.

CLIENT_ERROR - The request uses the same client token as previous, but non-identical request

To resolve the CLIENT_ERROR - The request uses the same client token as previous, but non-identical request error, deactivate your compute environment, and then activate it. For more information, see the Internal Error section of this article.

CLIENT_ERROR - You are not authorized to use launch template

To resolve the CLIENT_ERROR - You are not authorized to use launch template error, complete the following tasks:

  • Check that your Service Role has permissions granted for Amazon Elastic Compute Cloud and Auto Scaling groups. Then, complete the steps in the CLIENT_ERROR - Not authorized to perform sts:AssumeRole section.
  • Check that your account is part of AWS Organizations. Also, check whether service control policies block access to your Amazon EC2 permissions. Then, update service control policies.

Related information

Troubleshooting AWS Batch

Why is my Amazon ECS on an Amazon EC2 instance unable to join the cluster?

Why is my AWS Batch job stuck in RUNNABLE status?

Topics
Compute
Tags
AWS Batch
Language
English

Related videos

Watch Nikhil's video to learn more (4:51)
Watch Nikhil's video to learn more (4:51)
AWS OFFICIAL
AWS OFFICIALUpdated 9 months ago
No comments

Relevant content