Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-20290

IAM Policy on the web site isn't sufficient for the plugin to run

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • ec2-plugin
    • None
    • Jenkins 1.536
      ec2 plugin 1.19
      Ubuntu 12.04 LTS
      AWS us-west-1

    Description

      When applying the IAM policy documented on the wiki (https://wiki.jenkins-ci.org/display/JENKINS/Amazon+EC2+Plugin), I'm getting this exception:

      WARNING: Failed to count the # of live instances on EC2
      Status Code: 403, AWS Service: AmazonEC2, AWS Request ID: c272e12b-80ce-439d-9999-9274c9862a1d, AWS Error Code: UnauthorizedOperation, AWS Error Message: You are not authorized to perform this operation.
      	at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:614)
      	at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:312)
      	at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:165)
      	at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:6047)
      	at com.amazonaws.services.ec2.AmazonEC2Client.describeInstances(AmazonEC2Client.java:2740)
      	at com.amazonaws.services.ec2.AmazonEC2Client.describeInstances(AmazonEC2Client.java:5462)
      	at hudson.plugins.ec2.EC2Cloud.countCurrentEC2Slaves(EC2Cloud.java:200)
      	at hudson.plugins.ec2.EC2Cloud.addProvisionedSlave(EC2Cloud.java:259)
      	at hudson.plugins.ec2.EC2Cloud.provision(EC2Cloud.java:349)
      	at hudson.slaves.NodeProvisioner.update(NodeProvisioner.java:281)
      	at hudson.slaves.NodeProvisioner.access$000(NodeProvisioner.java:51)
      	at hudson.slaves.NodeProvisioner$NodeProvisionerInvoker.doRun(NodeProvisioner.java:368)
      	at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:54)
      	at java.util.TimerThread.mainLoop(Timer.java:534)
      	at java.util.TimerThread.run(Timer.java:484)
      

      Seems it is missing the DescribeInstances permission.

      Attachments

        Issue Links

          Activity

            crazysim Nelson Chen added a comment -

            Looks like the permission has been added.

            crazysim Nelson Chen added a comment - Looks like the permission has been added.
            johntdyer John Dyer added a comment -

            I seem to be getting the same thing but my IAM role I assigned has power user access.

            johntdyer John Dyer added a comment - I seem to be getting the same thing but my IAM role I assigned has power user access.

            People

              francisu Francis Upton
              weirded Stefan Zier
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: