By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Code deploy cannot reach instance service

0

I'm going to use ec2, s3, codedeploy to configure cicd through github Action

These are the settings.

This is Code deploy IAM Role AmazonEC2FullAccess ,AmazonS3FullAccess, AWSCodeDeployRole

this is EC2 IAM Role AmazonS3FullAccess, AWSCodeDeployRole, AmazonEC2RoleforAWSCodeDeploy, AWSCodeDeployFullAccess, AWSCodeDeployRoleForECS

This is User IAM Role User access was done using a local programming key AmazonEC2FuullAccess, AmazonS3FullAccess, AWSCodeDeployFullAccess, AWSCodeDeployRole, IAMFullAccess,PowerUserAccess

And I can access S3 through aws cli and download the zip file Just code deployment doesn't work When codedeploy is turned on, the following error occurs

2023-05-20 14:54:40 ERROR [codedeploy-agent(725)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Cannot reach InstanceService: Aws::CodeDeployCommand::Errors::AccessDeniedException - 2023-05-20 14:56:10 INFO [codedeploy-agent(725)]: Version file found in /opt/codedeploy-agent/.version with agent version OFFICIAL_1.3.2-1902_deb. 2023-05-20 14:56:10 INFO [codedeploy-agent(725)]: [Aws::CodeDeployCommand::Client 400 0.035239 0 retries] poll_host_command(host_identifier:"arn:aws:ec2:ap-northeast-2:634327468890:instance/i-023d83ff3c7b4341e") Aws::CodeDeployCommand::Errors::AccessDeniedException

2023-05-20 14:56:10 ERROR [codedeploy-agent(725)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Cannot reach InstanceService: Aws::CodeDeployCommand::Errors::AccessDeniedException - 2023-05-20 14:57:40 INFO [codedeploy-agent(725)]: Version file found in /opt/codedeploy-agent/.version with agent version OFFICIAL_1.3.2-1902_deb. 2023-05-20 14:57:40 INFO [codedeploy-agent(725)]: [Aws::CodeDeployCommand::Client 400 0.032228 0 retries] poll_host_command(host_identifier:"arn:aws:ec2:ap-northeast-2:634327468890:instance/i-023d83ff3c7b4341e") Aws::CodeDeployCommand::Errors::AccessDeniedException

Topics
Developer ToolsSecurity, Identity, & ComplianceManagement & GovernanceDevOps
Tags
AWS CodeDeployAWS Identity and Access ManagementAWS Command Line InterfaceDevOpsIAM Policies
Language
English
gildong
asked a year ago1789 views
2 Answers
2

You probably have AWS credential file stored somewhere in the instance, e.g, /root/.aws/credentials or /home/{user}/.aws/credentials. Remove this file and restart the CodeDeploy agent service e,g. systemctl restart codeploy-agent. I found the solution at https://stackoverflow.com/questions/37721601/aws-code-deploy-deployment-failed

rePost-User-3541224
answered a year ago
  • psst_um_lakia
    9 months ago

    Worked for me after following it.

  • DD-Boom
    5 months ago

    I must use /root/.aws/credentials or /home/{user}/.aws/credentials because I want to upload logs to cloudwatch to other areas. How do I configure it?

0

I thought that CodeDeploy Agent was not getting the IAM information from the instance profile properly.
What happens if I restart EC2 itself?

profile picture
EXPERT
Riku_Kobayashi
answered a year ago
  • gildong
    a year ago

    I've done it dozens of times, and nothing happens... I'm so sad

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content