By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

While deploying my springboot application in ecs through codepipeline it is success for source and build stage but failed in deploy stage

0

Hi, While deploying my springboot application in ecs through codepipeline it is success for source and build stage but failed in deploy stage. I Have checked the log, it shows

2024-05-15T03:21:59.840Z WARN 1 --- [PLACES-AUTOCOMPLETE-SERVICE] [ main] i.a.c.s.AwsSecretsManagerPropertySources : Unable to load AWS secret from test/secret/. Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: To use assume role profiles the aws-java-sdk-sts module must be on the class path., com.amazonaws.auth.profile.ProfileCredentialsProvider@123123: profile file cannot be null, com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@123123: Failed to connect to service endpoint: ]

I have given necessary permission to access secrets from the secrets manger to the role ecsTaskExecutionRole. I cant able to find the exact issue, please help.

Thanks

Topics
Developer ToolsContainersMicroservicesSecurity, Identity, & Compliance
Tags
AWS CodePipelineAmazon Elastic Container ServiceMicroservicesIAM PoliciesIAM Roles Anywhere
Language
English
boopathi
asked 17 days ago387 views
1 Answer
1

Based on the logs, it seems the ECS task stopped when it failed to pull the secrets from the Secret Manager, causing CodeDeployment to fail. Though you have assigned the necessary permissions, ensure the ECS task can pull the secrets.

To debug that, make the ECS task healthy by skipping on loading the secrets in the app and logging in to the container through one of the methods

  1. Session Manager
  2. SSH Login

Once you enter the container using docker exec commands, run the AWS CLI secrets manager command and try to pull the secrets (test/secret/). If it fails, assign appropriate permissions and launch the task again.

Manikandan
answered 16 days ago
  • boopathi
    14 days ago

    Hi @Manikandan thanks for the reply. I found that need to add task role for the ECS to use other AWS services programatically and I gave necessary permissions to it and worked. NOTE: ECS automatically create the ecsTaskExecutionRole but ecsTaskRole need to create and assign it manually.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content