4

I have been configuring AWS CodeDeploy for a few days and my first deployment is failing. The error message I get reads "The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems."

To get more detailed info I have installed the AWS CodeDeploy agent on the Windows instance and it appears not to be working. All what I manage to read in the code-deploy-agent-log.txt file are the repetitive lines.

2016-05-31 16:05:24 DEBUG [codedeploy-agent(4872)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Sleeping 90 seconds. 2016-05-31 16:06:55 DEBUG [codedeploy-agent(4872)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Calling PollHostCommand: 2016-05-31 16:06:55 INFO [codedeploy-agent(4872)]: Version file found in C:/ProgramData/Amazon/CodeDeploy/.version. 2016-05-31 16:06:55 ERROR [codedeploy-agent(4872)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile

My question is how can I get more information about the error message I am getting over the deployments. Which credentials am I missing (specifying incorrectly) that cause to the error message in the log file?

Slava Mvv
  • 53
  • 1
  • 7

3 Answers3

2

I think you are missing service-role-arn while creating your deployment group. The service role ARN allows AWS CodeDeploy to act on the user's behalf when interacting with AWS services. The service role ARN is of the code deploy role that you may have created it earlier.

In addition please make sure that your deployment policy is set to CodeDeployDefault.OneAtATime. This is to avoid taking all instances down if you push incorrect or failing build.

Suken Shah
  • 1,622
  • 14
  • 20
  • thank you. It appears to be an issue with service roles. However, I have created a new instance and specified a list of policies for it: AmazonEC2FullAccess, AmazonEC2RoleforAWSCodeDeploy, AWSCodeDeployFullAccess, AWSCodeDeployRole, PowerUserAccess.Then I tried to deploy the "Hello World" Amazon example and it failed with the same exception. The policy in the service role I used was AWSCodeDeployRole. Which policies should I set for the instance role? – Slava Mvv Jun 01 '16 at 12:42
  • Alright so create a new role called say "my-code-deploy". Assign AWSCodeDeployRole policy to it. Then go to your code deployment group and assign your "my-code-deploy" service role. Hope this helps! – Suken Shah Jun 02 '16 at 03:59
  • Unfortunately, it hasn't helped. The same error message. I think the problem is in a tiny detail. :) Will report as (if) solve the problem. – Slava Mvv Jun 02 '16 at 06:39
  • Suken, your hint has been very helpful! The problem was that the target EC2 didn't have any IAM role. – Slava Mvv Jun 03 '16 at 13:07
  • Thats awesome! Sorry for late reply I have been away for last few days. – Suken Shah Jun 06 '16 at 06:48
2

I tried Suken Shah's steps it didn't solve for me. What solved for me are:

1)Creating an IamInstanceProfile say Webserver.

2)Adding AWSCodeDeployRole to the IamInstanceProfile Webserver.

3)Adding the following to AWSCodeDeployRole's Trust Relationship: "codedeploy.amazonaws.com", "ec2.amazonaws.com", "codedeploy.MY_REGION.amazonaws.com"

4)Rebooting the ec2

ishandutta2007
  • 16,676
  • 16
  • 93
  • 129
  • 2
    Was scratching my head for a while because everything looked good... just needed to reboot my EC2 instances! – danwild Mar 17 '17 at 23:19
  • Ya. If you think you have everything right and it's still not working stop/start the ec2. Worked for me. – Braden Holt Jan 30 '18 at 06:12
0

Make sure the role you use for EC2 has 'AWSCodeDeployRole' policy and trust relationship has 'ec2.amazonaws.com' service. if you need to change the role then restart the EC2

vedat
  • 1,193
  • 9
  • 10