Reputation: 686
Packer and AWS credentials: CryptProtectData failed
I am provisioning a Windows machine using Packer. I use a Powershell Script to do most of the provisioning.
An important provisioning step is to download some software from a private S3 bucket. In attempt to first set AWS credentials I run this snippit:
echo "Configure AWS"
echo "AWS_ACCESS_KEY_ID: ${env:AWS_ACCESS_KEY_ID}"
echo "AWS_SECRET_ACCESS_KEY: ${env:AWS_SECRET_ACCESS_KEY}"
echo "AWS_DEFAULT_REGION: ${env:AWS_DEFAULT_REGION}"
Set-AWSCredentials -AccessKey ${env:AWS_ACCESS_KEY_ID} -SecretKey ${env:AWS_SECRET_ACCESS_KEY} -StoreAs default
And invariably get an error when Packer runs it on the machine:
amazon-ebs: Set-AWSCredentials : CryptProtectData failed.
amazon-ebs: At C:\Windows\Temp\script.ps1:15 char:1
amazon-ebs: + Set-AWSCredentials -AccessKey ${env:AWS_ACCESS_KEY_ID} -SecretKey
amazon-ebs: ${env:AWS_SECR ...
If I run this command directly on the Windows instance it works fine.
Thanks, Jevon
Upvotes: 0
Views: 871
Answers (1)
Reputation: 53773
from the PowerShell doc:
The PowerShell Tools can use either of two credentials stores.
- The AWS SDK store, which encrypts your credentials and stores them in your home folder. The AWS SDK for .NET and AWS Toolkit for Visual Studio can also use the AWS SDK store.
- The credentials file, which is also located in your home folder, but stores credentials as plain text. By default, the credentials file is stored here: `C:\Users\username.aws. The AWS SDKs and the AWS Command Line Interface can also use the credentials file. If you are running a script outside of your AWS user context, be sure that the file that contains your credentials is copied to a location where all user accounts (local system and user) can access your credentials.
From google search, it seems people turn to use BasicAWSCredentials
I am not sure this is something you can do (depending if you use an SDK or not), if not you can use the second approach described in doc and store the variables in C:\Users\username\.aws and use S3 command with the credentials stored from this file
Upvotes: 1
Related Questions
- Authentication Error on Building with Packer
- Packer unable to communicate with AWS Instance
- Build Windows EC2 Image with Packer
- Getting error in phase:DOWNLOAD_SOURCE Failed of secret manager cant find keys
- Packer credentials issue error "NoCredentialProviders"?
- AWS AMI cannot retrieve password after packer creation using private key
- packer build cannot ssh to aws instance
- AWS CLI InvalidAccessKeyId on Windows 10
- Packer "No valid credential sources found for AWS builder" using -var or static credentials
- AWS SDK CryptProtectData failed