CodeDeploy UnrecognizedClientException - The security token included in the request is inval

0
2023-07-22T13:33:27 INFO  [codedeploy-agent(12946)]: [Aws::CodeDeployCommand::Client 400 0.020899 0 retries] poll_host_command(host_identifier:"arn:aws:ec2:ap-northeast-2:539239817397:instance/i-0e9fe7b11be081a65") Aws::CodeDeployCommand::Errors::UnrecognizedClientException The security token included in the request is invalid.

2023-07-22T13:33:27 ERROR [codedeploy-agent(12946)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Error polling for host commands: Aws::CodeDeployCommand::Errors::UnrecognizedClientException - The security token included in the request is invalid. - /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:22:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/aws-sdk-core/plugins/param_converter.rb:26:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/seahorse/client/plugins/request_callback.rb:71:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/aws-sdk-core/plugins/response_paging.rb:12:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/seahorse/client/plugins/response_target.rb:24:in `call'
/opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/seahorse/client/request.rb:72:in `send_request'
/opt/codedeploy-agent/vendor/gems/codedeploy-commands-1.0.0/sdks/codedeploy_commands_sdk.rb:856:in `poll_host_command'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_poller.rb:170:in `next_command'
/opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_poller.rb:94:in `perform'
/opt/codedeploy-agent/lib/instance_agent/agent/base.rb:28:in `run'
/opt/codedeploy-agent/lib/instance_agent/runner/child.rb:44:in `block in run'
/opt/codedeploy-agent/lib/instance_agent/runner/child.rb:86:in `with_error_handling'
/opt/codedeploy-agent/lib/instance_agent/runner/child.rb:43:in `run'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:70:in `block in run_with_error_handling'
/opt/codedeploy-agent/lib/instance_agent/runner/child.rb:86:in `with_error_handling'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:69:in `run_with_error_handling'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:33:in `block in start'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:22:in `loop'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:22:in `start'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:206:in `block in spawn_child'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:204:in `fork'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:204:in `spawn_child'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:196:in `block in spawn_children'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:195:in `times'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:195:in `spawn_children'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:134:in `start'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:37:in `block in start'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:36:in `fork'
/opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:36:in `start'
/opt/codedeploy-agent/bin/../lib/codedeploy-agent.rb:43:in `block (2 levels) in <main>'
/opt/codedeploy-agent/vendor/gems/gli-2.11.0/lib/gli/command_support.rb:126:in `execute'
/opt/codedeploy-agent/vendor/gems/gli-2.11.0/lib/gli/app_support.rb:284:in `block in call_command'
/opt/codedeploy-agent/vendor/gems/gli-2.11.0/lib/gli/app_support.rb:297:in `call_command'
/opt/codedeploy-agent/vendor/gems/gli-2.11.0/lib/gli/app_support.rb:79:in `run'
/opt/codedeploy-agent/bin/../lib/codedeploy-agent.rb:90:in `<main>'
2023-07-22T13:33:27 ERROR [codedeploy-agent(12946)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Cannot reach InstanceService: Aws::CodeDeployCommand::Errors::UnrecognizedClientException - The security token included in the request is invalid.

CodeDeploy를 통해서 EC2에 앱을 배포할려고 합니다 배포를 실행해도 CodeDeploy agent was not able to receive the lifecycle event. Check the CodeDeploy agent logs on your host and make sure the agent is running and can connect to the CodeDeploy server. 라고 오류가 발생하며 실패합니다.

EC2 상에서 CodeDeploy Agent의 로그를 확인하면 위와 같이 로그가 계속 찍히는데 관련해서 해결책을 검색해서 시도를 해봤습니다.

  1. IAM 역활 지정
  2. EC2 역활 지정
  3. IAM User 액세스 토큰 다시 발급
  4. CodeDeploy 재설치

위 4가지 방법을 다시 확인해도 로그 상에서는 배포를 하지 않아도 Agent가 계속 Security Token에 대해 반복적으로 ERROR 로그가 발생합니다.

1개 답변
0
수락된 답변

EC2 인스턴스에 연결된 IAM 역할에 대한 정책 설정은 무엇인가요?
그런데 EC2에 대한 IAM 사용자 액세스 키가 설정되어 있지 않으신가요?
액세스 키는 IAM 역할보다 우선 순위가 높기 때문에 액세스 키가 발급된 IAM 사용자의 정책을 확인해야 합니다.
액세스 키가 설정되어 있는 경우 EC2에서 삭제하는 것이 좋습니다.
https://repost.aws/knowledge-center/iam-ec2-user-role-credentials

profile picture
전문가
답변함 7달 전
  • 감사합니다. 답변의 힌트를 통해서 AWS 사용자 Credential이 관련된 것을 삭제했는데 root 계정에도 잘못된 credentials이 존재해 해당 폴더를 삭제하니 정상적으로 작동합니다!

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠