Packer credentials issue error "NoCredentialProviders"?

Question

I'm trying to run a Packer template to build a basic AWS EBS based instance. I keep getting the following error however.

==> amazon-ebs: Error querying AMI: NoCredentialProviders: no valid providers in chain. Deprecated. 
==> amazon-ebs:         For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Build 'amazon-ebs' errored: Error querying AMI: NoCredentialProviders: no valid providers in chain. Deprecated. 
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors

I've got my credentials pulling from environment variables like this in the template.

{
  "type": "amazon-ebs",
  "access_key": "{{user `AWS_ACCESS_KEY_ID`}}",
  "secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",
  "region": "us-east-1",
  "source_ami": "ami-fce3c696",
  "instance_type": "t2.micro",
  "ssh_username": "broodadmin",
  "ami_name": "broodbox"
}

I pulled the key and secret from AWS, and have setup the permissions for the group per instructions in the docs here. I've also insured the user is in the group that has all of these permissions set.

Seen this?

This is more of the template with the other google compute and variables in the template listed...

{
  "variables": {
    "account_json": "../../../secrets/account.json",
    "instance_name": "broodbox",
    "image_name": "broodbox"
  },
  "builders": [
    {
      "type": "googlecompute",
      "account_file": "{{user `account_json`}}",
      "project_id": "that-big-universe",
      "source_image": "debian-8-jessie-v20160923",
      "zone": "us-west1-a",
      "instance_name": "{{user `instance_name`}}",
      "image_name": "{{user `image_name`}}",
      "image_description": "Node.js Server.",
      "communicator": "ssh",
      "ssh_username": "broodadmin"
    },
    {
      "type": "amazon-ebs",
      "access_key": "{{user `AWS_ACCESS_KEY_ID`}}",
      "secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",
      "region": "us-east-1",
      "source_ami": "ami-fce3c696",
      "instance_type": "t2.micro",
      "ssh_username": "broodadmin",
      "ami_name": "broodbox"
    }
  ],
  "provisioners": [

The full template is here https://github.com/Adron/multi-cloud/blob/master/ecosystem/packer/nodejs_server.json

The repo is a mult-cloud repo I'm working on https://github.com/Adron/multi-cloud

Please supply your full template. – Rickard von Essen May 21 '17 at 04:25 — Rickard von Essen, May 21 '17 at 04:25

score 3 · Answer 1 · answered May 21 '17 at 08:44

3

Doing a bit of rubber ducking here. But you haven't added the user variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. You need to add these lines to you variables section:

"AWS_ACCESS_KEY_ID": "{{env `AWS_ACCESS_KEY_ID`}}",
"AWS_SECRET_ACCESS_KEY": "{{env `AWS_SECRET_ACCESS_KEY`}}"

See docs about environment-variables for more information.

But what you probably want to do is to just delete these two lines from your amazon-ebs builder section:

"access_key": "{{user `AWS_ACCESS_KEY_ID`}}",
"secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",

Since then Packer will read them from the default environment variables (which you anyway are using). See Packer Documentation - AWS credentials.

answered May 21 '17 at 08:44

Rickard von Essen

4,110
2
23
27

Ah, wiped em' out and went with the ~/.aws/credentials file and that seems to have em' getting picked up now. Except now I get the issue Matt Richardson is pointing out above. – Adron May 21 '17 at 21:37
You need to specify `vpc_id` and `subnet_id` too. – Rickard von Essen May 22 '17 at 04:51
Yeah, realized that after fiddling with it a bit longer. Thanks! – Adron May 29 '17 at 08:12

score 3 · Accepted Answer · answered May 21 '17 at 10:51

I had a go at running the template, and the only way I could get it to return that error was if the environment variables didn't exist. Once i created them, I got a different error:

==> amazon-ebs: Error launching source instance: VPCResourceNotSpecified: The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.

So, if you create the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, you should be fine. (I seem to recall that I've occasionally seen the variables called AWS_ACCESS_KEY and AWS_SECRET_KEY which has tripped me up in the past.)

Ah, that fixed the issue. For some reason it just wasn't picking up the environment variables even when they were set. I went with the ~/.aws/credentials method and it picked them up there once I removed them from the environment variables. ¯\_(ツ)_/¯ — Adron, May 21 '17 at 21:38

score 0 · Answer 3 · answered May 21 '17 at 10:36

I believe access_key and secret_key are not as required as the docs make them out to be. I would remove those properties from the builder and — as long as the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are exported — the builder should pick them up. It will also use the default credential lookup strategy used by the AWS Go SDK to find ~/.aws/credentials, for example.

score 0 · Answer 4 · answered Apr 18 '18 at 15:50

0

My decision for Linux:

export AWS_ACCESS_KEY_ID="XXX"

export AWS_SECRET_ACCESS_KEY="XXX"

and remove from config

"access_key": "{{user `AWS_ACCESS_KEY_ID`}}",

"secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",

answered Apr 18 '18 at 15:50

vaisman

96
8

Packer credentials issue error "NoCredentialProviders"?

4 Answers4