Hey guys, I'm hoping someone could give me a hand with this. I've tried the obvious things supplied by Google search.
This is present in packer version 0.8.6.
I'm using IAM assume role to elevate to another role:
aws sts assume-role --role-arn "arn:aws:iam::account-id:role/role-name" --role-session-name "Packer" > assume-role-output.txt
export AWS_ACCESS_KEY_ID=`cat assume-role-output.txt | jq -c '.Credentials.AccessKeyId' | tr -d '"' | tr -d ' '`
export AWS_SECRET_ACCESS_KEY=`cat assume-role-output.txt | jq -c '.Credentials.SecretAccessKey' | tr -d '"' | tr -d ' '`
export AWS_SECURITY_TOKEN=`cat assume-role-output.txt | jq -c '.Credentials.SessionToken' | tr -d '"' | tr -d ' '`
I'm then using the following packer config:
{
"variables": {
"aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"aws_security_token": "{{env `AWS_SECURITY_TOKEN`}}"
},
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"token": "{{user `aws_security_token`}}",
"region": "us-east-1",
"source_ami": "ami-id",
"instance_type": "t2.large",
"ssh_username": "centos",
"iam_instance_profile": "Packer",
"ami_virtualization_type": "hvm",
"security_group_ids": [ "sg-a27be7c6", "sg-a67be7c2" ],
"ami_name": "packer-base-{{timestamp}}",
"ami_description": "Built using Packer on {{timestamp}}."
}
]
}
I'm then building the image:
packer build -var "aws_access_key=$AWS_ACCESS_KEY_ID" -var "aws_secret_key=$AWS_SECRET_ACCESS_KEY" -var "token=$AWS_SECURITY_TOKEN" -only=$TYPE template.json
This results in:
[1;32mamazon-ebs output will be in this color.[0m
[1;32m==> amazon-ebs: Prevalidating AMI Name...[0m
[1;31m==> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
==> amazon-ebs: status code: 401, request id: [][0m
[1;31mBuild 'amazon-ebs' errored: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: [][0m
==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: []
==> Builds finished but no artifacts were created.
With PACKER_LOG=1:
2016/01/14 22:07:17 [INFO] Packer version: 0.8.6 f8f7b7a34c1be06058f5aca23a51247db12cdbc5+CHANGES
2016/01/14 22:07:17 Packer Target OS/Arch: linux amd64
2016/01/14 22:07:17 Built with Go Version: go1.5
2016/01/14 22:07:17 [DEBUG] Discovered plugin: amazon-chroot = /opt/packer/packer-builder-amazon-chroot
2016/01/14 22:07:17 [DEBUG] Discovered plugin: amazon-ebs = /opt/packer/packer-builder-amazon-ebs
2016/01/14 22:07:17 [DEBUG] Discovered plugin: amazon-instance = /opt/packer/packer-builder-amazon-instance
2016/01/14 22:07:17 [DEBUG] Discovered plugin: digitalocean = /opt/packer/packer-builder-digitalocean
2016/01/14 22:07:17 [DEBUG] Discovered plugin: docker = /opt/packer/packer-builder-docker
2016/01/14 22:07:17 [DEBUG] Discovered plugin: file = /opt/packer/packer-builder-file
2016/01/14 22:07:17 [DEBUG] Discovered plugin: googlecompute = /opt/packer/packer-builder-googlecompute
2016/01/14 22:07:17 [DEBUG] Discovered plugin: null = /opt/packer/packer-builder-null
2016/01/14 22:07:17 [DEBUG] Discovered plugin: openstack = /opt/packer/packer-builder-openstack
2016/01/14 22:07:17 [DEBUG] Discovered plugin: parallels-iso = /opt/packer/packer-builder-parallels-iso
2016/01/14 22:07:17 [DEBUG] Discovered plugin: parallels-pvm = /opt/packer/packer-builder-parallels-pvm
2016/01/14 22:07:17 [DEBUG] Discovered plugin: qemu = /opt/packer/packer-builder-qemu
2016/01/14 22:07:17 [DEBUG] Discovered plugin: virtualbox-iso = /opt/packer/packer-builder-virtualbox-iso
2016/01/14 22:07:17 [DEBUG] Discovered plugin: virtualbox-ovf = /opt/packer/packer-builder-virtualbox-ovf
2016/01/14 22:07:17 [DEBUG] Discovered plugin: vmware-iso = /opt/packer/packer-builder-vmware-iso
2016/01/14 22:07:17 [DEBUG] Discovered plugin: vmware-vmx = /opt/packer/packer-builder-vmware-vmx
2016/01/14 22:07:17 [DEBUG] Discovered plugin: artifice = /opt/packer/packer-post-processor-artifice
2016/01/14 22:07:17 [DEBUG] Discovered plugin: atlas = /opt/packer/packer-post-processor-atlas
2016/01/14 22:07:17 [DEBUG] Discovered plugin: compress = /opt/packer/packer-post-processor-compress
2016/01/14 22:07:17 [DEBUG] Discovered plugin: docker-import = /opt/packer/packer-post-processor-docker-import
2016/01/14 22:07:17 [DEBUG] Discovered plugin: docker-push = /opt/packer/packer-post-processor-docker-push
2016/01/14 22:07:17 [DEBUG] Discovered plugin: docker-save = /opt/packer/packer-post-processor-docker-save
2016/01/14 22:07:17 [DEBUG] Discovered plugin: docker-tag = /opt/packer/packer-post-processor-docker-tag
2016/01/14 22:07:17 [DEBUG] Discovered plugin: vagrant = /opt/packer/packer-post-processor-vagrant
2016/01/14 22:07:17 [DEBUG] Discovered plugin: vagrant-cloud = /opt/packer/packer-post-processor-vagrant-cloud
2016/01/14 22:07:17 [DEBUG] Discovered plugin: vsphere = /opt/packer/packer-post-processor-vsphere
2016/01/14 22:07:17 [DEBUG] Discovered plugin: ansible-local = /opt/packer/packer-provisioner-ansible-local
2016/01/14 22:07:17 [DEBUG] Discovered plugin: chef-client = /opt/packer/packer-provisioner-chef-client
2016/01/14 22:07:17 [DEBUG] Discovered plugin: chef-solo = /opt/packer/packer-provisioner-chef-solo
2016/01/14 22:07:17 [DEBUG] Discovered plugin: file = /opt/packer/packer-provisioner-file
2016/01/14 22:07:17 [DEBUG] Discovered plugin: powershell = /opt/packer/packer-provisioner-powershell
2016/01/14 22:07:17 [DEBUG] Discovered plugin: puppet-masterless = /opt/packer/packer-provisioner-puppet-masterless
2016/01/14 22:07:17 [DEBUG] Discovered plugin: puppet-server = /opt/packer/packer-provisioner-puppet-server
2016/01/14 22:07:17 [DEBUG] Discovered plugin: salt-masterless = /opt/packer/packer-provisioner-salt-masterless
2016/01/14 22:07:17 [DEBUG] Discovered plugin: shell = /opt/packer/packer-provisioner-shell
2016/01/14 22:07:17 [DEBUG] Discovered plugin: shell-local = /opt/packer/packer-provisioner-shell-local
2016/01/14 22:07:17 [DEBUG] Discovered plugin: windows-restart = /opt/packer/packer-provisioner-windows-restart
2016/01/14 22:07:17 [DEBUG] Discovered plugin: windows-shell = /opt/packer/packer-provisioner-windows-shell
2016/01/14 22:07:17 Detected home directory from env var: /home/jenkins
2016/01/14 22:07:17 Detected home directory from env var: /home/jenkins
2016/01/14 22:07:17 Attempting to open config file: /home/jenkins/.packerconfig
2016/01/14 22:07:17 [WARN] Config file doesn't exist: /home/jenkins/.packerconfig
2016/01/14 22:07:17 Packer config: &{DisableCheckpoint:false DisableCheckpointSignature:false PluginMinPort:10000 PluginMaxPort:25000 Builders:map[parallels-iso:/opt/packer/packer-builder-parallels-iso qemu:/opt/packer/packer-builder-qemu vmware-vmx:/opt/packer/packer-builder-vmware-vmx amazon-ebs:/opt/packer/packer-builder-amazon-ebs docker:/opt/packer/packer-builder-docker openstack:/opt/packer/packer-builder-openstack virtualbox-ovf:/opt/packer/packer-builder-virtualbox-ovf digitalocean:/opt/packer/packer-builder-digitalocean googlecompute:/opt/packer/packer-builder-googlecompute null:/opt/packer/packer-builder-null virtualbox-iso:/opt/packer/packer-builder-virtualbox-iso vmware-iso:/opt/packer/packer-builder-vmware-iso amazon-chroot:/opt/packer/packer-builder-amazon-chroot amazon-instance:/opt/packer/packer-builder-amazon-instance file:/opt/packer/packer-builder-file parallels-pvm:/opt/packer/packer-builder-parallels-pvm] PostProcessors:map[artifice:/opt/packer/packer-post-processor-artifice atlas:/opt/packer/packer-post-processor-atlas compress:/opt/packer/packer-post-processor-compress vagrant:/opt/packer/packer-post-processor-vagrant docker-import:/opt/packer/packer-post-processor-docker-import docker-push:/opt/packer/packer-post-processor-docker-push docker-save:/opt/packer/packer-post-processor-docker-save docker-tag:/opt/packer/packer-post-processor-docker-tag vagrant-cloud:/opt/packer/packer-post-processor-vagrant-cloud vsphere:/opt/packer/packer-post-processor-vsphere] Provisioners:map[chef-client:/opt/packer/packer-provisioner-chef-client chef-solo:/opt/packer/packer-provisioner-chef-solo file:/opt/packer/packer-provisioner-file shell:/opt/packer/packer-provisioner-shell windows-restart:/opt/packer/packer-provisioner-windows-restart windows-shell:/opt/packer/packer-provisioner-windows-shell ansible-local:/opt/packer/packer-provisioner-ansible-local powershell:/opt/packer/packer-provisioner-powershell puppet-masterless:/opt/packer/packer-provisioner-puppet-masterless puppet-server:/opt/packer/packer-provisioner-puppet-server salt-masterless:/opt/packer/packer-provisioner-salt-masterless shell-local:/opt/packer/packer-provisioner-shell-local]}
2016/01/14 22:07:17 Setting cache directory: /var/lib/jenkins/jobs/Production_Builds/jobs/Build AMI (Packer)/workspace/packer/packer-base/packer_cache
2016/01/14 22:07:17 Detected home directory from env var: /home/jenkins
2016/01/14 22:07:17 Loading builder: amazon-ebs
2016/01/14 22:07:17 Creating plugin client for path: /opt/packer/packer-builder-amazon-ebs
2016/01/14 22:07:17 Starting plugin: /opt/packer/packer-builder-amazon-ebs []string{"/opt/packer/packer-builder-amazon-ebs"}
2016/01/14 22:07:17 Waiting for RPC address for: /opt/packer/packer-builder-amazon-ebs
2016/01/14 22:07:17 packer-builder-amazon-ebs: 2016/01/14 22:07:17 Plugin minimum port: 10000
2016/01/14 22:07:17 packer-builder-amazon-ebs: 2016/01/14 22:07:17 Plugin maximum port: 25000
2016/01/14 22:07:17 packer-builder-amazon-ebs: 2016/01/14 22:07:17 Plugin address: unix /tmp/packer-plugin678622782
2016/01/14 22:07:17 packer-builder-amazon-ebs: 2016/01/14 22:07:17 Waiting for connection...
2016/01/14 22:07:17 packer-builder-amazon-ebs: 2016/01/14 22:07:17 Serving a plugin connection...
2016/01/14 22:07:17 Loading provisioner: salt-masterless
2016/01/14 22:07:17 Creating plugin client for path: /opt/packer/packer-provisioner-salt-masterless
2016/01/14 22:07:17 Starting plugin: /opt/packer/packer-provisioner-salt-masterless []string{"/opt/packer/packer-provisioner-salt-masterless"}
2016/01/14 22:07:17 Waiting for RPC address for: /opt/packer/packer-provisioner-salt-masterless
2016/01/14 22:07:17 packer-provisioner-salt-masterless: 2016/01/14 22:07:17 Plugin minimum port: 10000
2016/01/14 22:07:17 packer-provisioner-salt-masterless: 2016/01/14 22:07:17 Plugin maximum port: 25000
2016/01/14 22:07:17 packer-provisioner-salt-masterless: 2016/01/14 22:07:17 Plugin address: unix /tmp/packer-plugin786026753
2016/01/14 22:07:17 packer-provisioner-salt-masterless: 2016/01/14 22:07:17 Waiting for connection...
2016/01/14 22:07:17 packer-provisioner-salt-masterless: 2016/01/14 22:07:17 Serving a plugin connection...
2016/01/14 22:07:17 ui: [1;32mamazon-ebs output will be in this color.[0m
2016/01/14 22:07:17 ui:
2016/01/14 22:07:17 Build debug mode: false
2016/01/14 22:07:17 Force build: false
2016/01/14 22:07:17 Preparing build: amazon-ebs
[1;32mamazon-ebs output will be in this color.[0m
2016/01/14 22:07:17 packer-builder-amazon-ebs: 2016/01/14 22:07:17 Config: {PackerConfig:{PackerBuildName:amazon-ebs PackerBuilderType:amazon-ebs PackerDebug:false PackerForce:false PackerUserVars:map[aws_access_key:<Filtered> aws_secret_key:<Filtered> token:{{REDACTED}} aws_security_token:{{REDACTED}}]} AccessConfig:{AccessKey:<Filtered> SecretKey:<Filtered> RawRegion:us-east-1 Token:} AMIConfig:{AMIName:packer-base-1452809237 AMIDescription:Built using Packer on 1452809237. AMIVirtType:hvm AMIUsers:[] AMIGroups:[] AMIProductCodes:[] AMIRegions:[] AMITags:map[] AMIEnhancedNetworking:false AMIForceDeregister:false} BlockDevices:{AMIMappings:[] LaunchMappings:[]} RunConfig:{AssociatePublicIpAddress:false AvailabilityZone: IamInstanceProfile:Packer InstanceType:t2.large RunTags:map[] SourceAmi:{{REDACTED}} SpotPrice: SpotPriceAutoProduct: SecurityGroupId: SecurityGroupIds:[{{REDACTED}}] SubnetId:{{REDACTED}} TemporaryKeyPairName:packer 56981c15-b74d-9a5c-cf4a-990acc23548d UserData: UserDataFile:{{REDACTED}} WindowsPasswordTimeout:10m0s VpcId:{{REDACTED}} Comm:{Type:ssh SSHHost: SSHPort:22 SSHUsername:{{REDACTED}} SSHPassword: SSHPrivateKey: SSHPty:true SSHTimeout:5m0s SSHDisableAgent:false SSHHandshakeAttempts:10 SSHBastionHost: SSHBastionPort:0 SSHBastionUsername: SSHBastionPassword: SSHBastionPrivateKey: WinRMUser: WinRMPassword: WinRMHost: WinRMPort:0 WinRMTimeout:0} SSHKeyPairName: SSHPrivateIp:true} ctx:{Data:<nil> Funcs:map[clean_ami_name:0x51ee50] UserVariables:map[aws_access_key:<Filtered> aws_secret_key:<Filtered> token:{{REDACTED}} aws_security_token:{{REDACTED}}] EnableEnv:false BuildName:amazon-ebs BuildType:amazon-ebs TemplatePath:/var/lib/jenkins/jobs/Production_Builds/jobs/Build AMI (Packer)/workspace/packer/packer-base/template.json}}
2016/01/14 22:07:17 Waiting on builds to complete...
2016/01/14 22:07:17 Starting build run: amazon-ebs
2016/01/14 22:07:17 Running builder: amazon-ebs
2016/01/14 22:07:17 ui: [1;32m==> amazon-ebs: Prevalidating AMI Name...[0m
[1;32m==> amazon-ebs: Prevalidating AMI Name...[0m
2016/01/14 22:07:17 ui error: [1;31m==> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
==> amazon-ebs: status code: 401, request id: [][0m
[1;31m==> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
2016/01/14 22:07:17 ui error: [1;31mBuild 'amazon-ebs' errored: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: [][0m
2016/01/14 22:07:17 Builds completed. Waiting on interrupt barrier...
2016/01/14 22:07:17 machine readable: error-count []string{"1"}
2016/01/14 22:07:17 ui error:
==> Some builds didn't complete successfully and had errors:
==> amazon-ebs: status code: 401, request id: [][0m
2016/01/14 22:07:17 machine readable: amazon-ebs,error []string{"Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials\n\tstatus code: 401, request id: []"}
2016/01/14 22:07:17 ui error: --> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: []
2016/01/14 22:07:17 ui:
==> Builds finished but no artifacts were created.
2016/01/14 22:07:17 waiting for all plugin processes to complete...
[1;31mBuild 'amazon-ebs' errored: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: [][0m
==> Some builds didn't complete successfully and had errors:
2016/01/14 22:07:17 /opt/packer/packer-provisioner-salt-masterless: plugin process exited
--> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: []
==> Builds finished but no artifacts were created.
2016/01/14 22:07:17 /opt/packer/packer-builder-amazon-ebs: plugin process exited
A few things I've read imply issues with a credentials file or server time. So far I'm stumped. As far as I can tell I should be doing it right.
666jfox777
All 13 comments
Thanks for opening an issue. As far as I know this feature is working in the current release. I'm not familiar with all the details of setting up assume role so if you need to troubleshoot your config you may get a quicker response via the mailing list. If you get more info that this is a bug in packer please post an update here so I can reclassify this issue. Thanks!
cbednarski
on 14 Jan 2016
I've posted in https://groups.google.com/forum/#!topic/packer-tool/AXXCg_MFpuw as per your recommendation. I'll update when I get more information or even better a solution. :)
I'm also happy to provide the steps for creating an assumed role for the troubleshooting process.
666jfox777
on 14 Jan 2016
Is it the same issue as https://github.com/mitchellh/packer/issues/2611 ?
tchemineau
on 25 Jan 2016
Yes, very likely. IAM Roles work but the assume role functionality seems to break it.
For more details on assume role: Cross Account Access with Roles
666jfox777
on 25 Jan 2016
I struggled with this, as well. Took me a few hours to track down.
It would appear that you need to set the build session token as
"token": "{{user `aws_session_token`}}"
in order for it to properly authenticate using role switching.
ThatGerber
on 25 Jan 2016
If you view the config I'm using above:
{
"variables": {
"aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"aws_security_token": "{{env `AWS_SECURITY_TOKEN`}}"
},
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"token": "{{user `aws_security_token`}}",
}
]
}
Is that not correct? That's the configuration I'm using - and it's generating the error I've posted above.
666jfox777
on 25 Jan 2016
~You can delete the variables. If you have the profile set in ~AWS_PROFILE/AWS_DEFAULT_PROFILE it will automatically pull from that.
The variable must be
"aws_security_token": "{{env `AWS_SESSION_TOKEN`}}"
You're using aws_security_token.
Edit: Sorry I mispoke. You'll need the variables for profile switching, but you should be pulling in AWS_SESSION_TOKEN not AWS_SECURITY_TOKEN.
ThatGerber
on 25 Jan 2016
Unfortunately it can't pull from ~/.aws/config or ~/.aws/credentials. In my situation it'll grab the wrong credentials if it does that. It would need to pull from the environment or need to be passed with -var. Unless I'm misunderstanding something here.
With the modifications you suggested I get the following error:
2016/01/25 21:19:01 [INFO] Packer version: 0.8.6 f8f7b7a34c1be06058f5aca23a51247db12cdbc5+CHANGES
2016/01/25 21:19:01 Packer Target OS/Arch: linux amd64
2016/01/25 21:19:01 Built with Go Version: go1.5
2016/01/25 21:19:01 [DEBUG] Discovered plugin: amazon-chroot = /opt/packer/packer-builder-amazon-chroot
2016/01/25 21:19:01 [DEBUG] Discovered plugin: amazon-ebs = /opt/packer/packer-builder-amazon-ebs
2016/01/25 21:19:01 [DEBUG] Discovered plugin: amazon-instance = /opt/packer/packer-builder-amazon-instance
2016/01/25 21:19:01 [DEBUG] Discovered plugin: digitalocean = /opt/packer/packer-builder-digitalocean
2016/01/25 21:19:01 [DEBUG] Discovered plugin: docker = /opt/packer/packer-builder-docker
2016/01/25 21:19:01 [DEBUG] Discovered plugin: file = /opt/packer/packer-builder-file
2016/01/25 21:19:01 [DEBUG] Discovered plugin: googlecompute = /opt/packer/packer-builder-googlecompute
2016/01/25 21:19:01 [DEBUG] Discovered plugin: null = /opt/packer/packer-builder-null
2016/01/25 21:19:01 [DEBUG] Discovered plugin: openstack = /opt/packer/packer-builder-openstack
2016/01/25 21:19:01 [DEBUG] Discovered plugin: parallels-iso = /opt/packer/packer-builder-parallels-iso
2016/01/25 21:19:01 [DEBUG] Discovered plugin: parallels-pvm = /opt/packer/packer-builder-parallels-pvm
2016/01/25 21:19:01 [DEBUG] Discovered plugin: qemu = /opt/packer/packer-builder-qemu
2016/01/25 21:19:01 [DEBUG] Discovered plugin: virtualbox-iso = /opt/packer/packer-builder-virtualbox-iso
2016/01/25 21:19:01 [DEBUG] Discovered plugin: virtualbox-ovf = /opt/packer/packer-builder-virtualbox-ovf
2016/01/25 21:19:01 [DEBUG] Discovered plugin: vmware-iso = /opt/packer/packer-builder-vmware-iso
2016/01/25 21:19:01 [DEBUG] Discovered plugin: vmware-vmx = /opt/packer/packer-builder-vmware-vmx
2016/01/25 21:19:01 [DEBUG] Discovered plugin: artifice = /opt/packer/packer-post-processor-artifice
2016/01/25 21:19:01 [DEBUG] Discovered plugin: atlas = /opt/packer/packer-post-processor-atlas
2016/01/25 21:19:01 [DEBUG] Discovered plugin: compress = /opt/packer/packer-post-processor-compress
2016/01/25 21:19:01 [DEBUG] Discovered plugin: docker-import = /opt/packer/packer-post-processor-docker-import
2016/01/25 21:19:01 [DEBUG] Discovered plugin: docker-push = /opt/packer/packer-post-processor-docker-push
2016/01/25 21:19:01 [DEBUG] Discovered plugin: docker-save = /opt/packer/packer-post-processor-docker-save
2016/01/25 21:19:01 [DEBUG] Discovered plugin: docker-tag = /opt/packer/packer-post-processor-docker-tag
2016/01/25 21:19:01 [DEBUG] Discovered plugin: vagrant = /opt/packer/packer-post-processor-vagrant
2016/01/25 21:19:01 [DEBUG] Discovered plugin: vagrant-cloud = /opt/packer/packer-post-processor-vagrant-cloud
2016/01/25 21:19:01 [DEBUG] Discovered plugin: vsphere = /opt/packer/packer-post-processor-vsphere
2016/01/25 21:19:01 [DEBUG] Discovered plugin: ansible-local = /opt/packer/packer-provisioner-ansible-local
2016/01/25 21:19:01 [DEBUG] Discovered plugin: chef-client = /opt/packer/packer-provisioner-chef-client
2016/01/25 21:19:01 [DEBUG] Discovered plugin: chef-solo = /opt/packer/packer-provisioner-chef-solo
2016/01/25 21:19:01 [DEBUG] Discovered plugin: file = /opt/packer/packer-provisioner-file
2016/01/25 21:19:01 [DEBUG] Discovered plugin: powershell = /opt/packer/packer-provisioner-powershell
2016/01/25 21:19:01 [DEBUG] Discovered plugin: puppet-masterless = /opt/packer/packer-provisioner-puppet-masterless
2016/01/25 21:19:01 [DEBUG] Discovered plugin: puppet-server = /opt/packer/packer-provisioner-puppet-server
2016/01/25 21:19:01 [DEBUG] Discovered plugin: salt-masterless = /opt/packer/packer-provisioner-salt-masterless
2016/01/25 21:19:01 [DEBUG] Discovered plugin: shell = /opt/packer/packer-provisioner-shell
2016/01/25 21:19:01 [DEBUG] Discovered plugin: shell-local = /opt/packer/packer-provisioner-shell-local
2016/01/25 21:19:01 [DEBUG] Discovered plugin: windows-restart = /opt/packer/packer-provisioner-windows-restart
2016/01/25 21:19:01 [DEBUG] Discovered plugin: windows-shell = /opt/packer/packer-provisioner-windows-shell
2016/01/25 21:19:01 Detected home directory from env var: /home/jenkins
2016/01/25 21:19:01 Detected home directory from env var: /home/jenkins
2016/01/25 21:19:01 Attempting to open config file: /home/jenkins/.packerconfig
2016/01/25 21:19:01 [WARN] Config file doesn't exist: /home/jenkins/.packerconfig
2016/01/25 21:19:01 Packer config: &{DisableCheckpoint:false DisableCheckpointSignature:false PluginMinPort:10000 PluginMaxPort:25000 Builders:map[docker:/opt/packer/packer-builder-docker parallels-iso:/opt/packer/packer-builder-parallels-iso parallels-pvm:/opt/packer/packer-builder-parallels-pvm amazon-chroot:/opt/packer/packer-builder-amazon-chroot amazon-instance:/opt/packer/packer-builder-amazon-instance null:/opt/packer/packer-builder-null openstack:/opt/packer/packer-builder-openstack amazon-ebs:/opt/packer/packer-builder-amazon-ebs digitalocean:/opt/packer/packer-builder-digitalocean qemu:/opt/packer/packer-builder-qemu vmware-iso:/opt/packer/packer-builder-vmware-iso vmware-vmx:/opt/packer/packer-builder-vmware-vmx file:/opt/packer/packer-builder-file googlecompute:/opt/packer/packer-builder-googlecompute virtualbox-iso:/opt/packer/packer-builder-virtualbox-iso virtualbox-ovf:/opt/packer/packer-builder-virtualbox-ovf] PostProcessors:map[docker-save:/opt/packer/packer-post-processor-docker-save vagrant:/opt/packer/packer-post-processor-vagrant artifice:/opt/packer/packer-post-processor-artifice compress:/opt/packer/packer-post-processor-compress docker-import:/opt/packer/packer-post-processor-docker-import vagrant-cloud:/opt/packer/packer-post-processor-vagrant-cloud vsphere:/opt/packer/packer-post-processor-vsphere atlas:/opt/packer/packer-post-processor-atlas docker-push:/opt/packer/packer-post-processor-docker-push docker-tag:/opt/packer/packer-post-processor-docker-tag] Provisioners:map[puppet-server:/opt/packer/packer-provisioner-puppet-server salt-masterless:/opt/packer/packer-provisioner-salt-masterless windows-restart:/opt/packer/packer-provisioner-windows-restart windows-shell:/opt/packer/packer-provisioner-windows-shell powershell:/opt/packer/packer-provisioner-powershell chef-client:/opt/packer/packer-provisioner-chef-client chef-solo:/opt/packer/packer-provisioner-chef-solo file:/opt/packer/packer-provisioner-file puppet-masterless:/opt/packer/packer-provisioner-puppet-masterless shell:/opt/packer/packer-provisioner-shell shell-local:/opt/packer/packer-provisioner-shell-local ansible-local:/opt/packer/packer-provisioner-ansible-local]}
2016/01/25 21:19:01 Setting cache directory: /var/lib/jenkins/jobs/Production_Builds/jobs/Build AMI (Packer)/workspace/packer/packer-base/packer_cache
2016/01/25 21:19:01 Detected home directory from env var: /home/jenkins
2016/01/25 21:19:01 Loading builder: amazon-ebs
2016/01/25 21:19:01 Creating plugin client for path: /opt/packer/packer-builder-amazon-ebs
2016/01/25 21:19:01 Starting plugin: /opt/packer/packer-builder-amazon-ebs []string{"/opt/packer/packer-builder-amazon-ebs"}
2016/01/25 21:19:01 Waiting for RPC address for: /opt/packer/packer-builder-amazon-ebs
2016/01/25 21:19:01 packer-builder-amazon-ebs: 2016/01/25 21:19:01 Plugin minimum port: 10000
2016/01/25 21:19:01 packer-builder-amazon-ebs: 2016/01/25 21:19:01 Plugin maximum port: 25000
2016/01/25 21:19:01 packer-builder-amazon-ebs: 2016/01/25 21:19:01 Plugin address: unix /tmp/packer-plugin860043352
2016/01/25 21:19:01 packer-builder-amazon-ebs: 2016/01/25 21:19:01 Waiting for connection...
2016/01/25 21:19:01 packer-builder-amazon-ebs: 2016/01/25 21:19:01 Serving a plugin connection...
2016/01/25 21:19:01 Loading provisioner: salt-masterless
2016/01/25 21:19:01 Creating plugin client for path: /opt/packer/packer-provisioner-salt-masterless
2016/01/25 21:19:01 Starting plugin: /opt/packer/packer-provisioner-salt-masterless []string{"/opt/packer/packer-provisioner-salt-masterless"}
2016/01/25 21:19:01 Waiting for RPC address for: /opt/packer/packer-provisioner-salt-masterless
2016/01/25 21:19:01 packer-provisioner-salt-masterless: 2016/01/25 21:19:01 Plugin minimum port: 10000
2016/01/25 21:19:01 packer-provisioner-salt-masterless: 2016/01/25 21:19:01 Plugin maximum port: 25000
2016/01/25 21:19:01 packer-provisioner-salt-masterless: 2016/01/25 21:19:01 Plugin address: unix /tmp/packer-plugin629801223
2016/01/25 21:19:01 packer-provisioner-salt-masterless: 2016/01/25 21:19:01 Waiting for connection...
2016/01/25 21:19:01 packer-provisioner-salt-masterless: 2016/01/25 21:19:01 Serving a plugin connection...
2016/01/25 21:19:01 ui: [1;32mamazon-ebs output will be in this color.[0m
2016/01/25 21:19:01 ui:
2016/01/25 21:19:01 Build debug mode: false
2016/01/25 21:19:01 Force build: false
2016/01/25 21:19:01 Preparing build: amazon-ebs
[1;32mamazon-ebs output will be in this color.[0m
2016/01/25 21:19:01 packer-builder-amazon-ebs: 2016/01/25 21:19:01 Config: {PackerConfig:{PackerBuildName:amazon-ebs PackerBuilderType:amazon-ebs PackerDebug:false PackerForce:false PackerUserVars:map[]} AccessConfig:{AccessKey: SecretKey: RawRegion:us-east-1 Token:} AMIConfig:{AMIName:packer-base-1453756741 AMIDescription:Built using Packer on 1453756741. AMIVirtType:hvm AMIUsers:[] AMIGroups:[] AMIProductCodes:[] AMIRegions:[] AMITags:map[] AMIEnhancedNetworking:false AMIForceDeregister:false} BlockDevices:{AMIMappings:[] LaunchMappings:[]} RunConfig:{AssociatePublicIpAddress:false AvailabilityZone: IamInstanceProfile:Packer InstanceType:t2.large RunTags:map[] SourceAmi:ami-57cd8732 SpotPrice: SpotPriceAutoProduct: SecurityGroupId: SecurityGroupIds:[sg-a27be7c6 sg-a67be7c2] SubnetId:subnet-68fe5143 TemporaryKeyPairName:packer 56a69145-3ecf-6df1-4aec-9a2029409e67 UserData: UserDataFile:../scripts/userdata.sh WindowsPasswordTimeout:10m0s VpcId:vpc-e0411485 Comm:{Type:ssh SSHHost: SSHPort:22 SSHUsername:centos SSHPassword: SSHPrivateKey: SSHPty:true SSHTimeout:5m0s SSHDisableAgent:false SSHHandshakeAttempts:10 SSHBastionHost: SSHBastionPort:0 SSHBastionUsername: SSHBastionPassword: SSHBastionPrivateKey: WinRMUser: WinRMPassword: WinRMHost: WinRMPort:0 WinRMTimeout:0} SSHKeyPairName: SSHPrivateIp:true} ctx:{Data:<nil> Funcs:map[clean_ami_name:0x51ee50] UserVariables:map[] EnableEnv:false BuildName:amazon-ebs BuildType:amazon-ebs TemplatePath:/var/lib/jenkins/jobs/Production_Builds/jobs/Build AMI (Packer)/workspace/packer/packer-base/template.json}}
2016/01/25 21:19:01 Waiting on builds to complete...
2016/01/25 21:19:01 Starting build run: amazon-ebs
2016/01/25 21:19:01 Running builder: amazon-ebs
2016/01/25 21:19:01 ui: [1;32m==> amazon-ebs: Prevalidating AMI Name...[0m
[1;32m==> amazon-ebs: Prevalidating AMI Name...[0m
2016/01/25 21:19:01 ui error: [1;31m==> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
==> amazon-ebs: status code: 401, request id: [][0m
[1;31m==> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
==> amazon-ebs: status code: 401, request id: [][0m
2016/01/25 21:19:01 ui error: [1;31mBuild 'amazon-ebs' errored: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: [][0m
[1;31mBuild 'amazon-ebs' errored: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: [][0m
2016/01/25 21:19:01 Builds completed. Waiting on interrupt barrier...
2016/01/25 21:19:01 machine readable: error-count []string{"1"}
2016/01/25 21:19:01 ui error:
==> Some builds didn't complete successfully and had errors:
2016/01/25 21:19:01 machine readable: amazon-ebs,error []string{"Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials\n\tstatus code: 401, request id: []"}
2016/01/25 21:19:01 ui error: --> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: []
2016/01/25 21:19:01 ui:
==> Builds finished but no artifacts were created.
2016/01/25 21:19:01 waiting for all plugin processes to complete...
==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Error querying AMI: AuthFailure: AWS was not able to validate the provided access credentials
status code: 401, request id: []
==> Builds finished but no artifacts were created.
2016/01/25 21:19:01 /opt/packer/packer-provisioner-salt-masterless: plugin process exited
2016/01/25 21:19:01 /opt/packer/packer-builder-amazon-ebs: plugin process exited
And here's the config:
{
"variables": {
},
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"token": "{{user `aws_session_token`}}",
...
}
]
}
With your edited comment:
{
"variables": {
"aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"aws_session_token": "{{env `AWS_SESSION_TOKEN`}}"
},
"builders": [
{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"token": "{{user `aws_session_token`}}",
...
}
]
}
And I've updated my assume role script to push it to the environment variable you suggest:
aws sts assume-role --role-arn "arn:aws:iam::account-id:role/role-name" --role-session-name "Packer" > assume-role-output.txt
export AWS_ACCESS_KEY_ID=`cat assume-role-output.txt | jq -c '.Credentials.AccessKeyId' | tr -d '"' | tr -d ' '`
export AWS_SECRET_ACCESS_KEY=`cat assume-role-output.txt | jq -c '.Credentials.SecretAccessKey' | tr -d '"' | tr -d ' '`
export AWS_SESSION_TOKEN=`cat assume-role-output.txt | jq -c '.Credentials.SessionToken' | tr -d '"' | tr -d ' '`
This seems to make it work. But, why does it matter what the environment variable is? If I'm specifically passing a variable, shouldn't it accept that?
666jfox777
on 25 Jan 2016
My guess whats happening is during the ChainProvider, it's unable to correctly create and default to ENV variables to set it. Since those weren't being set correctly, it couldn't authenticate.
The token wasn't being set right and causing it to fail, so it defaulted to ENV provider, and the env variables also weren't set correctly, so it eventually failed. http://docs.aws.amazon.com/sdk-for-go/api/aws/credentials/ChainProvider.html
ThatGerber
on 27 Jan 2016
@ThatGerber just hit this today - any progress?
jedi4ever
on 18 Jul 2016
👍2
This at least works in packer 0.10.1/0.10.2 by using aws sts assume-role and setting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN.
Closing this as fixed.
Also see #3019
rickard-von-essen
on 19 Oct 2016
Setting the environment variable AWS_PROFILE works for me.
kjenney
on 23 Apr 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
shashanksinha89
路
3Comments
jesse-c
路
3Comments
shantanugadgil
路
3Comments
PartyImp
路
3Comments
Nikoos
路
3Comments
Most helpful comment
@ThatGerber just hit this today - any progress?