Reputation: 1516
AWS Unauthorized error for packer in gitlab ci
When my gitlab runner runs the following command:
time packer build -var "git_branch=$CI_BUILD_REF_NAME" -var "git_hash=$CI_BUILD_REF" -color=false packer-application.json
I get the following error:
Build 'amazon-ebs' errored: Error creating temporary keypair: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id:
However, the command runs successfully if i ssh in to my gitlab runner and run the command manually.
Any ideas?
Upvotes: 3
Views: 1151
Answers (1)
Reputation: 9981
You need to make sure the build has access to the AWS API keys with access to change the resources. While the build container runs on the runner, it is completely isolated and does not have access to the environment on the underlying host.
You can add (sort of) secret environment variables under the Variables page in the project. They will be available to all builds, so be careful to not give Developer or higher access to people who should not be able to see the keys.
If you have an EC2 role attached to the runner host, and want to utilise that for accessing the API, you could configure your runner to run builds in shell mode, meaning they will execute directly on the host, as a traditional Jenkins build.
Upvotes: 1
Related Questions
- Authentication Error on Building with Packer
- Gitlab runner unable to run aws commands
- Gitlab CI failing cannot find aws command
- gitlab CI : Error loading key : invalid format
- AWS not found using gitlab ci
- Unable to locate credentials - Gitlab Pipeline for S3
- gitlab ci dind or other method not working
- How to make gitlab runner access EC2 instance to make deploy?
- Gitlab CI deploy AWS EC2
- Packer credentials issue error "NoCredentialProviders"?