This started happening just recently, without updating Packer (and also with the latest version). We’ve been using this configuration for years. This particular block is causing the error “Error: Datasource.Execute failed: No valid credential sources found”:
data "amazon-ami" "our_great_ami" {
filters = {
name = "our-great-ami-*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["123456789123"]
region = "us-east-1"
}
This is within Docker, on an EC2 with an IAM instance profile. I confirmed that the AWS CLI on this Docker instance can successfully run aws ec2 describe-images without a permission error. Then, I run packer build and get the credential error.
If I remove the data block and hard-code the AMI ID to use in the rest of the packer config, it all works fine. It’s just this data block that is causing that issue.
We ran into this yesterday as well. In our case, we were running packer inside a docker container on an EC2 instance, and leveraging an instance profile for the permissions necessary to complete the packer run. The error above happened because we had IMDSv2 set as ‘optional’, but the associated HTTP PUT response hop count limit set to the default of 1. When using IMDSv2 and a hop count of 1, Docker containers cannot contact the metadata service and thus cannot leverage the instance profile.
Increasing the HTTP PUT response hop count limit to 2 worked around the problem.