2

Background: I'm writing an automated deployment script to deploy a ruby on rails application to AWS on an EC2 instance using S3 as the storage for ActiveStorage. My script creates an instance profile/role and attaches it to the EC2 instance on creation. My script uses the ruby sdk for AWS.

Sometimes when my script runs, it works great (which tells me my configuration is correct). Sometimes it throws the following exception:

/home/ubuntu/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/aws-sigv4-1.2.1/lib/aws-sigv4/signer.rb:613:in `extract_credentials_provider': missing credentials, provide credentials with one of the following options: (Aws::Sigv4::Errors::MissingCredentialsError)
  - :access_key_id and :secret_access_key
  - :credentials
  - :credentials_provider

I generally have success about 9 times out of 10 using a t3a.micro or t3.micro instance. I usually have a failure 9 times out of 10 using a t3a.nano or t3.nano instance.

It sure seems like there is something eventually consistent about these instance profiles, but I can't find anything in the documentation. What's going on, and what can I do to make this succeed consistently?

Thank you.

mattwise
  • 1,464
  • 1
  • 10
  • 20
  • Slightly confused about your scenario. The failing script is running on an EC2 instance that was itself previously launched with a usable IAM role? – jarmod Jul 29 '20 at 15:41
  • Looks like there is a delay in profile/role creation and attaching it to the EC2 instance on creation. The script is not waiting for the delay and checking for success status in each step. Instead, it is simply it is executing line by line causing the issue in some cases. – Robin Varghese Jul 29 '20 at 15:48
  • jarmond- the script runs on my laptop/desktop. It creates a usable IAM role with S3 permissions and attaches that role as an instance profile to the new ec2 instance. Robin- I agree! But in the API docs I don't find any reference to this being an asyc operation or how to check the status. – mattwise Jul 29 '20 at 19:22

0 Answers0