Dear Team,
I’m trying to initiate packer build using “assume role” authentication method. Using aws cli, I just executed the below command and get temporary credentials from it and export it as environment variables. But it failed with below message.
Command to create temporary credentials:
#aws sts assume-role --role-arn ‘arn:aws:iam::xxxxxxxxxxx:role/packer_role_1’ --role-session-name ‘image_build_session’
Packer build script:
{
“variables”: {
“aws_access_key”: “{{ env ACCESS_KEY
}}”,
“aws_secret_key”: “{{ env SECRET_KEY
}}”
},
“builders”: [{
“type”: “amazon-ebs”,
“assume_role”: {
“role_arn” : “arn:aws:iam::xxxxxxxxxxxxxxx:role/packer_role_1”,
“session_name”: “image_build_session”
},
“access_key”: “{{user aws_access_key
}}”,
“secret_key”: “{{user aws_secret_key
}}”,
Error Message:
Build ‘amazon-ebs’ errored after 689 milliseconds 149 microseconds: IAM Role (arn:aws:iam::xxxxxxxxxxx:role/packer_role_1) cannot be assumed.
There are a number of possible causes of this - the most common are:
- The credentials used in order to assume the role are invalid
- The credentials do not have appropriate permission to assume the role
- The role ARN is not valid
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Note: The assume role has “administrator permission” provided. If I export any other access & secret keys and initiate the build, it works fine without any issue. When I try to utilize the same role which works for packer build, and export the temporary credentials, it failed.
Kindly advise on this.
Packer Version: 1.6.5
Regards,
Guru Mohan G