+7 votes
3.1k views
in Amazon Web Service by

Im trying to use EC2 Container service. Im using terraform for creating it. I have defined a ecs cluster, autoscaling group, launch configuration. All seems to work. Except one thing. The ec2 instances are creating, but they are not register in the cluster, cluster just says no instances available.

In ecs agent log on created instance i found logs flooded with one error:

Error registering: NoCredentialProviders: no valid providers in chain

The ec2 instances are created with a proper role ecs_role. This role has two policies, one of them is following, like docs required:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecs:CreateCluster",
        "ecs:DeregisterContainerInstance",
        "ecs:DiscoverPollEndpoint",
        "ecs:Poll",
        "ecs:RegisterContainerInstance",
        "ecs:StartTelemetrySession",
        "ecs:Submit*",
        "ecs:StartTask"
      ],
      "Resource": "*"
    }
  ]
}

Im using ami ami-6ff4bd05. Latest terraform.

3 Answers

+12 votes
by

It was a problem with trust relationships in the role as the role should include ec2. Unfortunately the error message was not all that helpful.

Example of trust relationship:

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": ["ecs.amazonaws.com", "ec2.amazonaws.com"]
      },
      "Effect": "Allow"
    }
  ]
}
0 votes
by

apparently this error message also occurs when an invalid aws-profile is passed.

0 votes
by

You might want to add AmazonEC2RoleforSSM (or AmazonSSMFullAccess) to your EC2's role.

Welcome to Kloudwise, where you can ask any AWS, Azure, GCP and other cloud service questions and receive answers from other members of the community.
...