Packer credentials issue error "NoCredentialProviders"?

Question

I'm trying to run a Packer template to build a basic AWS EBS based instance. I keep getting the following error however.

==> amazon-ebs: Error querying AMI: NoCredentialProviders: no valid providers in chain. Deprecated. 
==> amazon-ebs:         For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Build 'amazon-ebs' errored: Error querying AMI: NoCredentialProviders: no valid providers in chain. Deprecated. 
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors

I've got my credentials pulling from environment variables like this in the template.

{
  "type": "amazon-ebs",
  "access_key": "{{user `AWS_ACCESS_KEY_ID`}}",
  "secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",
  "region": "us-east-1",
  "source_ami": "ami-fce3c696",
  "instance_type": "t2.micro",
  "ssh_username": "broodadmin",
  "ami_name": "broodbox"
}

I pulled the key and secret from AWS, and have setup the permissions for the group per instructions in the docs here. I've also insured the user is in the group that has all of these permissions set.

Seen this?

This is more of the template with the other google compute and variables in the template listed...

{
  "variables": {
    "account_json": "../../../secrets/account.json",
    "instance_name": "broodbox",
    "image_name": "broodbox"
  },
  "builders": [
    {
      "type": "googlecompute",
      "account_file": "{{user `account_json`}}",
      "project_id": "that-big-universe",
      "source_image": "debian-8-jessie-v20160923",
      "zone": "us-west1-a",
      "instance_name": "{{user `instance_name`}}",
      "image_name": "{{user `image_name`}}",
      "image_description": "Node.js Server.",
      "communicator": "ssh",
      "ssh_username": "broodadmin"
    },
    {
      "type": "amazon-ebs",
      "access_key": "{{user `AWS_ACCESS_KEY_ID`}}",
      "secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",
      "region": "us-east-1",
      "source_ami": "ami-fce3c696",
      "instance_type": "t2.micro",
      "ssh_username": "broodadmin",
      "ami_name": "broodbox"
    }
  ],
  "provisioners": [

The full template is here https://github.com/Adron/multi-cloud/blob/master/ecosystem/packer/nodejs_server.json

The repo is a mult-cloud repo I'm working on https://github.com/Adron/multi-cloud

Answer 1

My decision for Linux:

export AWS_ACCESS_KEY_ID="XXX"

export AWS_SECRET_ACCESS_KEY="XXX"

and remove from config

"access_key": "{{user `AWS_ACCESS_KEY_ID`}}",

"secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",

Answer 2

I had a go at running the template, and the only way I could get it to return that error was if the environment variables didn't exist. Once i created them, I got a different error:

==> amazon-ebs: Error launching source instance: VPCResourceNotSpecified: The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.

So, if you create the variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, you should be fine. (I seem to recall that I've occasionally seen the variables called AWS_ACCESS_KEY and AWS_SECRET_KEY which has tripped me up in the past.)

Answer 3

I believe access_key and secret_key are not as required as the docs make them out to be. I would remove those properties from the builder and — as long as the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are exported — the builder should pick them up. It will also use the default credential lookup strategy used by the AWS Go SDK to find ~/.aws/credentials, for example.

Answer 4

Doing a bit of rubber ducking here. But you haven't added the user variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. You need to add these lines to you variables section:

"AWS_ACCESS_KEY_ID": "{{env `AWS_ACCESS_KEY_ID`}}",
"AWS_SECRET_ACCESS_KEY": "{{env `AWS_SECRET_ACCESS_KEY`}}"

See docs about environment-variables for more information.

But what you probably want to do is to just delete these two lines from your amazon-ebs builder section:

"access_key": "{{user `AWS_ACCESS_KEY_ID`}}",
"secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",

Since then Packer will read them from the default environment variables (which you anyway are using). See Packer Documentation - AWS credentials.