Fix missing credentials error on Amazon CodeDeploy

Setting up an Amazon CodeDeploy installation is sometimes tricky and the documentation is not really helpful and complete.

The most common error is "Missing credentials - please check if this instance was started with an IAM instance profile" in /var/log/aws/codedeploy-agent/codedeploy-agent.log of the target EC2 instance.

This error means that the EC2 instance is not configured with the proper rights. The following are the most common reasons:

  • The EC2 instance was not created with your CodeDeploy IAM Role
  • The CodeDeploy IAM role should have this Trust Relationship:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "codedeploy.amazonaws.com",
          "codedeploy.eu-west-1.amazonaws.com",
          "ec2.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

The documentation is not clear on this missing inportant step. eu-west-1 should be replaced with the EC2 region in which the instance is running.

tags: