InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials

Question

I'm trying to deploy a GitHub project to a EC2 Instance using AWS CodeDeploy. After following 2 video tutorials an a bunch of Google answer, I'm still getting the following error:

2017-02-01 12:20:08 INFO  [codedeploy-agent(1379)]: master 1379: Spawned child 1/1 2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: On Premises config file does not exist or not readable 2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandExecutor: Archives to retain is: 5} 2017-02-01 12:20:09 INFO  [codedeploy-agent(1383)]: Version file found in /opt/codedeploy-agent/.version. 2017-02-01 12:20:09 ERROR [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile 

I have two IAM:

• CodeDeployInstanceRole
• CodeDeployServiceRole

CodeDeployInstanceRole for the EC2 Instance

Policy Name: AmazonEC2RoleforAWSCodeDeploy

{   "Version": "2012-10-17",   "Statement": [     {       "Action": [         "s3:GetObject",         "s3:GetObjectVersion",         "s3:ListObjects"       ],       "Effect": "Allow",       "Resource": "*"     }   ] } 

Policy Name: AutoScalingNotificationAccessRole

{     "Version": "2012-10-17",     "Statement": [{         "Effect": "Allow",         "Resource": "*",         "Action": [             "sqs:SendMessage",             "sqs:GetQueueUrl",             "sns:Publish"         ]       }     ] } 

Trust Relationship

{   "Version": "2012-10-17",   "Statement": [     {       "Effect": "Allow",       "Principal": {         "Service": [           "codedeploy.amazonaws.com",           "ec2.amazonaws.com"         ]       },       "Action": "sts:AssumeRole"     }   ] } 

CodeDeployServiceRole for CodeDeploy

Policy Name: AWSCodeDeployRole

{   "Version": "2012-10-17",   "Statement": [     {       "Effect": "Allow",       "Action": [         "autoscaling:CompleteLifecycleAction",         "autoscaling:DeleteLifecycleHook",         "autoscaling:DescribeAutoScalingGroups",         "autoscaling:DescribeLifecycleHooks",         "autoscaling:PutLifecycleHook",         "autoscaling:RecordLifecycleActionHeartbeat",         "autoscaling:CreateAutoScalingGroup",         "autoscaling:UpdateAutoScalingGroup",         "autoscaling:EnableMetricsCollection",         "autoscaling:DescribeAutoScalingGroups",         "autoscaling:DescribePolicies",         "autoscaling:DescribeScheduledActions",         "autoscaling:DescribeNotificationConfigurations",         "autoscaling:DescribeLifecycleHooks",         "autoscaling:SuspendProcesses",         "autoscaling:ResumeProcesses",         "autoscaling:AttachLoadBalancers",         "autoscaling:PutScalingPolicy",         "autoscaling:PutScheduledUpdateGroupAction",         "autoscaling:PutNotificationConfiguration",         "autoscaling:PutLifecycleHook",         "autoscaling:DescribeScalingActivities",         "autoscaling:DeleteAutoScalingGroup",         "ec2:DescribeInstances",         "ec2:DescribeInstanceStatus",         "ec2:TerminateInstances",         "tag:GetTags",         "tag:GetResources",         "sns:Publish",         "cloudwatch:DescribeAlarms",         "elasticloadbalancing:DescribeLoadBalancers",         "elasticloadbalancing:DescribeInstanceHealth",         "elasticloadbalancing:RegisterInstancesWithLoadBalancer",         "elasticloadbalancing:DeregisterInstancesFromLoadBalancer"       ],       "Resource": "*"     }   ] } 

Trust Relationship

{   "Version": "2012-10-17",   "Statement": [     {       "Effect": "Allow",       "Principal": {         "Service": [           "codedeploy.amazonaws.com",           "ec2.amazonaws.com"         ]       },       "Action": "sts:AssumeRole"     }   ] } 

EC2 Instance

I spin my own image that I have created based on Debian so I have NodeJS already installed. When I spin the new instance I also paste the following code in the User data text area to make sure CodeDeploy is installed.

#!/bin/bash -x  REGION=$(curl 169.254.169.254/latest/meta-data/placement/availability-zone/ | sed 's/[a-z]$//') &&  sudo apt-get update -y &&  sudo apt-get install -y python-pip &&  sudo apt-get install -y ruby &&  sudo apt-get install -y wget &&  cd /home/admin &&  wget https://aws-codedeploy-$REGION.s3.amazonaws.com/latest/install &&  chmod +x ./install &&  sudo ./install auto &&  sudo apt-get remove -y wget &&  sudo service codedeploy-agent start 

Debugging

If I log in in the EC2 instance that I have create, and execute the following command:

echo $(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/) 

I get the following response CodeDeployInstanceRole

When I then execute

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/CodeDeployInstanceRole 

I get the following response

{   "Code" : "Success",   "LastUpdated" : "2017-02-01T12:38:07Z",   "Type" : "AWS-HMAC",   "AccessKeyId" : "THE_KEY",   "SecretAccessKey" : "SECRET",   "Token" : "TOKEN",   "Expiration" : "2017-02-01T19:08:43Z" } 

On GitHub I see that CodeDeploy never accesses my repo even when I select deployment using GitHub, I set the right repo name, and commit ID.

Question

What am I missing?

Answer 1

I ran into the same issue. Briefly what caused the problem:

• Launch an instance WITHOUT any roles attached to it
• Then install a codedeploy-agent on that machine
• Only lastly attach an IAM role to the machine

Result: I get the error: Missing credentials - please check if this instance was started with an IAM instance profile

Solution: restart the codedeploy agent. Use:

sudo service codedeploy-agent restart 

The error should be gone now!