I have cloudformation set of two templates for a standard Fargate mode ECS launch with basic infrastructure (VPC, 2 subnets, publicloadbanlancer...)
I have correctly created and set an IAM role for as Task Execution Role. Tested locally following official AWS guidelines and working fine.
However, once Service task is running in production, I get the following error:
{ message: 'Could not load credentials from RemoteCredentials', code: 'CredentialsError', time: 2020-04-22T18:22:34.213Z, originalError: { message: 'Variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or AWS_CONTAINER_CREDENTIALS_FULL_URI must be set to use AWS.RemoteCredentials.', code: 'ECSCredentialsProviderFailure', time: 2020-04-22T18:22:34.213Z } } }
Additionally, after some time trying to solve this issue I realised the ECS Agent is not populating the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environmental variable.
I added a debug line for checking env vars from within the container and this is ther result:
{ PATH: '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', HOSTNAME: 'ip-10-0-1-235.eu-west-3.compute.internal', AWS_DEFAULT_REGION: 'eu-west-3', AWS_EXECUTION_ENV: 'AWS_ECS_FARGATE', AWS_REGION: 'eu-west-3', ECS_CONTAINER_METADATA_URI: 'http://169.254.170.2/v3/89c2b643-5c7c-42dc-bfa6-5f34375bea76', VERSION: 'v9.11.1', NPM_VERSION: '5', YARN_VERSION: 'latest', CONFIG_FLAGS: '--fully-static --without-npm', DEL_PKGS: 'libstdc++', RM_DIRS: '/usr/include', HOME: '/root' }
Why is AWS_CONTAINER_CREDENTIALS_RELATIVE_URI not being populated by ECS Agent?
This is causing my nodejs aws-sdk to report error due to lack of credentials.
I have picked your post for my daily hive voting initiative, Keep it up and Hive On!!
Anyways, I manage to solved the issue. If anyone ever has the same problem feel free to get in touch !