CodeDeploy UnrecognizedClientException - The security token included in the request is inval

Question

```sh 2023-07-22T13:33:27 INFO [codedeploy-agent(12946)]: [Aws::CodeDeployCommand::Client 400 0.020899 0 retries] poll_host_command(host_identifier:"arn:aws:ec2:ap-northeast-2:539239817397:instance/i-0e9fe7b11be081a65") Aws::CodeDeployCommand::Errors::UnrecognizedClientException The security token included in the request is invalid. 2023-07-22T13:33:27 ERROR [codedeploy-agent(12946)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Error polling for host commands: Aws::CodeDeployCommand::Errors::UnrecognizedClientException - The security token included in the request is invalid. - /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/seahorse/client/plugins/raise_response_errors.rb:17:in `call' /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:22:in `call' /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/aws-sdk-core/plugins/idempotency_token.rb:19:in `call' /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/aws-sdk-core/plugins/param_converter.rb:26:in `call' /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/seahorse/client/plugins/request_callback.rb:71:in `call' /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/aws-sdk-core/plugins/response_paging.rb:12:in `call' /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/seahorse/client/plugins/response_target.rb:24:in `call' /opt/codedeploy-agent/vendor/gems/aws-sdk-core-3.121.1/lib/seahorse/client/request.rb:72:in `send_request' /opt/codedeploy-agent/vendor/gems/codedeploy-commands-1.0.0/sdks/codedeploy_commands_sdk.rb:856:in `poll_host_command' /opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_poller.rb:170:in `next_command' /opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_poller.rb:94:in `perform' /opt/codedeploy-agent/lib/instance_agent/agent/base.rb:28:in `run' /opt/codedeploy-agent/lib/instance_agent/runner/child.rb:44:in `block in run' /opt/codedeploy-agent/lib/instance_agent/runner/child.rb:86:in `with_error_handling' /opt/codedeploy-agent/lib/instance_agent/runner/child.rb:43:in `run' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:70:in `block in run_with_error_handling' /opt/codedeploy-agent/lib/instance_agent/runner/child.rb:86:in `with_error_handling' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:69:in `run_with_error_handling' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:33:in `block in start' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:22:in `loop' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/child.rb:22:in `start' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:206:in `block in spawn_child' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:204:in `fork' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:204:in `spawn_child' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:196:in `block in spawn_children' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:195:in `times' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:195:in `spawn_children' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:134:in `start' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:37:in `block in start' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:36:in `fork' /opt/codedeploy-agent/vendor/gems/process_manager-0.0.13/lib/process_manager/master.rb:36:in `start' /opt/codedeploy-agent/bin/../lib/codedeploy-agent.rb:43:in `block (2 levels) in

' /opt/codedeploy-agent/vendor/gems/gli-2.11.0/lib/gli/command_support.rb:126:in `execute' /opt/codedeploy-agent/vendor/gems/gli-2.11.0/lib/gli/app_support.rb:284:in `block in call_command' /opt/codedeploy-agent/vendor/gems/gli-2.11.0/lib/gli/app_support.rb:297:in `call_command' /opt/codedeploy-agent/vendor/gems/gli-2.11.0/lib/gli/app_support.rb:79:in `run' /opt/codedeploy-agent/bin/../lib/codedeploy-agent.rb:90:in `

' 2023-07-22T13:33:27 ERROR [codedeploy-agent(12946)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Cannot reach InstanceService: Aws::CodeDeployCommand::Errors::UnrecognizedClientException - The security token included in the request is invalid. ``` CodeDeploy를 통해서 EC2에 앱을 배포할려고 합니다 배포를 실행해도 CodeDeploy agent was not able to receive the lifecycle event. Check the CodeDeploy agent logs on your host and make sure the agent is running and can connect to the CodeDeploy server. 라고 오류가 발생하며 실패합니다. EC2 상에서 CodeDeploy Agent의 로그를 확인하면 위와 같이 로그가 계속 찍히는데 관련해서 해결책을 검색해서 시도를 해봤습니다. 1. IAM 역활 지정 2. EC2 역활 지정 3. IAM User 액세스 토큰 다시 발급 4. CodeDeploy 재설치 위 4가지 방법을 다시 확인해도 로그 상에서는 배포를 하지 않아도 Agent가 계속 Security Token에 대해 반복적으로 ERROR 로그가 발생합니다.

Riku_Kobayashi · Accepted Answer

EC2 인스턴스에 연결된 IAM 역할에 대한 정책 설정은 무엇인가요?  
그런데 EC2에 대한 IAM 사용자 액세스 키가 설정되어 있지 않으신가요?  
액세스 키는 IAM 역할보다 우선 순위가 높기 때문에 액세스 키가 발급된 IAM 사용자의 정책을 확인해야 합니다.  
액세스 키가 설정되어 있는 경우 EC2에서 삭제하는 것이 좋습니다.  
https://repost.aws/knowledge-center/iam-ec2-user-role-credentials

CodeDeploy UnrecognizedClientException - The security token included in the request is inval

답변 추가

관련 콘텐츠