Geoff Dunn added a comment - 2021-07-25 23:01 Log of error:   Jul 26, 2021 8:36:59 AM INFO hudson.plugins.ec2.SlaveTemplate getImage Getting image for request {ExecutableUsers: [],Filters: [],ImageIds: [ami-0e9385446265e3b17],Owners: []} Jul 26, 2021 8:36:59 AM INFO hudson.plugins.ec2.SlaveTemplate logProvisionInfo SlaveTemplate{description= 'Windows Test Executor' , labels= 'win32 _TestWin32 TestWin32' }. Considering launching Jul 26, 2021 8:36:59 AM INFO hudson.plugins.ec2.SlaveTemplate setupRootDevice AMI had /dev/sda1 Jul 26, 2021 8:36:59 AM INFO hudson.plugins.ec2.SlaveTemplate setupRootDevice {DeleteOnTermination: true ,SnapshotId: snap-07496dc218bddf918,VolumeSize: 150,VolumeType: gp2,Encrypted: false } Jul 26, 2021 8:36:59 AM INFO hudson.plugins.ec2.SlaveTemplate logProvisionInfo SlaveTemplate{description= 'Windows Test Executor' , labels= 'win32 _TestWin32 TestWin32' }. EBS default encryption value set to: Based on AMI ( null ) Jul 26, 2021 8:36:59 AM INFO hudson.plugins.ec2.SlaveTemplate logProvisionInfo SlaveTemplate{description= 'Windows Test Executor' , labels= 'win32 _TestWin32 TestWin32' }. Setting Instance Initiated Shutdown Behavior : ShutdownBehavior.Terminate Jul 26, 2021 8:36:59 AM INFO hudson.plugins.ec2.SlaveTemplate logProvisionInfo SlaveTemplate{description= 'Windows Test Executor' , labels= 'win32 _TestWin32 TestWin32' }. Looking for existing instances with describe-instance: {Filters: [{Name: image-id,Values: [ami-0e9385446265e3b17]}, {Name: instance-type,Values: [m5.2xlarge]}, {Name: key-name,Values: [key-jenkins1-server]}, {Name: tenancy,Values: [ default ]}, {Name: subnet-id,Values: [subnet-01aafee5250a28627]}, {Name: tag:Name,Values: [Jenkins 1 Agent]}, {Name: tag:jenkins_server_url,Values: [https: //mydomain/]}, {Name: tag:Creator,Values: [Jenkins 1]}, {Name: tag:jenkins_slave_type,Values: [demand_Windows Test Executor]}],InstanceIds: [],} Jul 26, 2021 8:36:59 AM WARNING hudson.init.impl.InstallUncaughtExceptionHandler handleException Caught unhandled exception with ID 87d82880-6169-4f03-8e1f-d65c62bc0d54 com.amazonaws.services.ec2.model.AmazonEC2Exception: You are not authorized to perform this operation. Encoded authorization failure message: TLf_BHeqxxVMdzzoKHh8YeO8DCGFdkxITkuLZFFjp2s2S36HiHOe6EFoMN3-ykhREmJqibsaDF2fFu7CA-CcOjnZ_S-MLqBgpO3embCE4HIfZwtMI5hF4FsIEgB_uYv3yxNEmCvYi3bYy03fOeIhif6Qtr5FTBPOiJs8bgodY1LD_RIE9KhI5QaVKwF_0MKW8_NWtdvHq9lrWsfkbOMgsexxr7kgSydLS0Xz6sMBGiIR6KTXwz2Ksa1KejGaPzz3_Satn-h42lru9UH21IOSGHwuu_m6ENAsmtMUKjPCWFrKruQKmBg6JEfFVk4AtB9IC-z5TE0i_D_boOQHZX28j8Lt_4QSLm3jDTezSc5XdrPzr_SM9euPjxCqvORCSBYarZJCcGm2Ti7t7hJNKLdtVQwiZJqOBUre2hv3LGWJc4Wt6YScdUENuyqjuogb16F9P_qLDpIvC5QHM25MTLaYKRSblq072-JlqX7nAfq-YF_abBORWGfEYpszEed-_KLhIp7P_mcC860Eb01uQcQmlafKRDA-gb7eR3zhqELVbxOSxWLM1OykJsaYJT_chg (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request ID: 1924361f-0f02-41ba-a9d0-912f23511587; Proxy: null ) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1819) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleServiceErrorResponse(AmazonHttpClient.java:1403) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1372) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1145) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:802) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744) at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704) at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550) at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530) at com.amazonaws.services.ec2.AmazonEC2Client.doInvoke(AmazonEC2Client.java:29240) at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:29207) at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:29196) at com.amazonaws.services.ec2.AmazonEC2Client.executeRunInstances(AmazonEC2Client.java:28011) at com.amazonaws.services.ec2.AmazonEC2Client.runInstances(AmazonEC2Client.java:27980) at hudson.plugins.ec2.SlaveTemplate.provisionOndemand(SlaveTemplate.java:1085) at hudson.plugins.ec2.SlaveTemplate.provisionOndemand(SlaveTemplate.java:1027) at hudson.plugins.ec2.SlaveTemplate.provision(SlaveTemplate.java:840) at hudson.plugins.ec2.EC2Cloud.getNewOrExistingAvailableSlave(EC2Cloud.java:714) at hudson.plugins.ec2.EC2Cloud.doProvision(EC2Cloud.java:451) at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627) at org.kohsuke.stapler.Function$MethodFunction.invoke(Function.java:396) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:408) at org.kohsuke.stapler.interceptor.RequirePOST$Processor.invoke(RequirePOST.java:77) at org.kohsuke.stapler.PreInvokeInterceptedFunction.invoke(PreInvokeInterceptedFunction.java:26) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:212) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:145) at org.kohsuke.stapler.MetaClass$11.doDispatch(MetaClass.java:536) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java: ...etc...

Geoff Dunn added a comment - 2021-07-25 23:06 Looks like it is a permission issue. If I give the Jenkins server role Admin it can create the agent. It's already got full EC2 and read only IAM access...

Geoff Dunn added a comment - 2021-07-25 23:21 got it. Needs iam:PassRole which was in the IAM write permissions