Packer assume role for aws

Dear Team,

I’m trying to initiate packer build using “assume role” authentication method. Using aws cli, I just executed the below command and get temporary credentials from it and export it as environment variables. But it failed with below message.

Command to create temporary credentials:
#aws sts assume-role --role-arn ‘arn:aws:iam::xxxxxxxxxxx:role/packer_role_1’ --role-session-name ‘image_build_session’

Packer build script:
“variables”: {
“aws_access_key”: “{{ env ACCESS_KEY}}”,
“aws_secret_key”: “{{ env SECRET_KEY}}”
“builders”: [{
“type”: “amazon-ebs”,
“assume_role”: {
“role_arn” : “arn:aws:iam::xxxxxxxxxxxxxxx:role/packer_role_1”,
“session_name”: “image_build_session”
“access_key”: “{{user aws_access_key}}”,
“secret_key”: “{{user aws_secret_key}}”,

Error Message:
Build ‘amazon-ebs’ errored after 689 milliseconds 149 microseconds: IAM Role (arn:aws:iam::xxxxxxxxxxx:role/packer_role_1) cannot be assumed.

There are a number of possible causes of this - the most common are:

  • The credentials used in order to assume the role are invalid
  • The credentials do not have appropriate permission to assume the role
  • The role ARN is not valid

Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors

Note: The assume role has “administrator permission” provided. If I export any other access & secret keys and initiate the build, it works fine without any issue. When I try to utilize the same role which works for packer build, and export the temporary credentials, it failed.

Kindly advise on this.

Packer Version: 1.6.5

Guru Mohan G

Total novice here, but I always thought, if you used an assumed role, you’d have 3 elements: key, secret, and token.