Using the IamInstanceProfile auto scaling launch configuration option

Louis Z

unread,

Jul 10, 2012, 1:41:42 PM7/10/12

to beanstal...@googlegroups.com

I want to use IAM Roles with my beanstalk application. Here's an example OptionSetting I added to my POM configuration:

<namespace>aws:autoscaling:launchconfiguration</namespace>

<optionName>IamInstanceProfile</optionName>

<value>myapp-staging-eb</value>

</optionSetting>

But when I try to deploy this I get the following exception:

org.apache.maven.plugin.MojoFailureException: Failed

at br.com.ingenieux.mojo.aws.AbstractAWSMojo.handleException(AbstractAWSMojo.java:379)

at br.com.ingenieux.mojo.beanstalk.cmd.BaseCommand.handleException(BaseCommand.java:84)

at br.com.ingenieux.mojo.beanstalk.cmd.BaseCommand.execute(BaseCommand.java:76)

at br.com.ingenieux.mojo.beanstalk.env.CreateEnvironmentMojo.createEnvironment(CreateEnvironmentMojo.java:103)

at br.com.ingenieux.mojo.beanstalk.env.ReplaceEnvironmentMojo.executeInternal(ReplaceEnvironmentMojo.java:89)

at br.com.ingenieux.mojo.aws.AbstractAWSMojo.execute(AbstractAWSMojo.java:340)

at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)

at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)

at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84)

at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59)

at org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183)

at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161)

at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320)

at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)

at org.apache.maven.cli.MavenCli.execute(MavenCli.java:537)

at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:196)

at org.apache.maven.cli.MavenCli.main(MavenCli.java:141)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:616)

at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:290)

at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:230)

at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:409)

at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:352)

Caused by: Status Code: 400, AWS Service: AWSElasticBeanstalk, AWS Request ID: b93e7df3-baaa-11e1-f000-f77a03cfa814, AWS Error Code: InvalidParameterValue, AWS Error Message: Validation Failure: Unknown configuration option. [Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'IamInstanceProfile'].

at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:556)

at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:289)

at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:170)

at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.invoke(AWSElasticBeanstalkClient.java:1336)

at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.createEnvironment(AWSElasticBeanstalkClient.java:339)

at br.com.ingenieux.mojo.beanstalk.cmd.env.create.CreateEnvironmentCommand.executeInternal(CreateEnvironmentCommand.java:60)

at br.com.ingenieux.mojo.beanstalk.cmd.env.create.CreateEnvironmentCommand.executeInternal(CreateEnvironmentCommand.java:27)

at br.com.ingenieux.mojo.beanstalk.cmd.BaseCommand.execute(BaseCommand.java:74)

... 24 more

------------

Any help would be appreciated!

Thanks,

-louis

Louis Z

unread,

Jul 10, 2012, 1:43:12 PM7/10/12

to beanstal...@googlegroups.com

Oh and by the way the AutoScaling API docs suggest that's the right option:

http://autoscaling.amazonaws.com/doc/2011-01-01/AutoScaling.wsdl

http://docs.amazonwebservices.com/AutoScaling/latest/APIReference/API_CreateLaunchConfiguration.html

Louis Z

unread,

Jul 10, 2012, 2:55:57 PM7/10/12

to beanstal...@googlegroups.com

I am using 0.2.7-RC5 by the way

On Tuesday, July 10, 2012 1:41:42 PM UTC-4, Louis Z wrote:

Louis Z

unread,

Jul 13, 2012, 9:24:09 AM7/13/12

to beanstal...@googlegroups.com

Anyone? Bueller? Bueller?

On Tuesday, July 10, 2012 1:41:42 PM UTC-4, Louis Z wrote:

Aldrin Leal

unread,

Jul 13, 2012, 12:25:19 PM7/13/12

to beanstal...@googlegroups.com

Will look over the weekend ok?

--
-- Aldrin Leal, <ald...@leal.eng.br> / http://meadiciona.com/aldrinleal

Louis Z

unread,

Jul 13, 2012, 12:29:09 PM7/13/12

to beanstal...@googlegroups.com

Hi Aldrin,

That's excellent! Thank you. I'll check in here periodically over the weekend so ping me if I can be of assistance.

Regards,

-louis

Aldrin Leal

unread,

Jul 13, 2012, 3:23:53 PM7/13/12

to beanstal...@googlegroups.com

Louis,

It seems this is not directly supported by Elastic Beanstalk (but it should be in a couple of months). Nor seems to be supported in the AWS EB Console (could you confirm it)?

Seems the case to raise a forum post and hope. Like IAM, it is likely to happen

Thank you

--
-- Aldrin Leal, <ald...@leal.eng.br> / http://meadiciona.com/aldrinleal

Louis Z

unread,

Jul 13, 2012, 9:58:05 PM7/13/12

to beanstal...@googlegroups.com

Hi Aldrin,

It sure looks like beanstalk does not support IAM roles. There is nothing in the beanstalk console about IAM roles, and the exception I posted previously is pretty clear that the beanstalk API will not validate the launchconfiguration option.

Thank you for confirming -- though I hoped I was just missing something.

I have posted to the beanstalk forums: https://forums.aws.amazon.com/thread.jspa?threadID=99791

thanks again!

-louis

Aldrin Leal

unread,

Jul 14, 2012, 11:39:14 PM7/14/12

to beanstal...@googlegroups.com

I can, however, make expose-security-credentials use the instance metadata, which is useful if you happen to keep build servers in the cloud (just like I actually do)

If you think this is interesting, please tell me so.

Thank you

--
-- Aldrin Leal, <ald...@leal.eng.br> / http://meadiciona.com/aldrinleal

Louis Z

unread,

Jul 15, 2012, 9:59:18 AM7/15/12

to beanstal...@googlegroups.com

No, thats not really helpful for me. My elastic beanstalk application server instances only need S3 & SQS access, but beanstalker on the build server needs much more access (EC2, AS, EB, ...,) so that won't be useful.

However, I think I can make good use of expose-security-credentials by putting the application keys in the build server's settings.xml instead of committing them to Subversion in the POM, which would be an improvement.

Regards,

-louis

Aldrin Leal

unread,

Jul 15, 2012, 10:00:39 AM7/15/12

to beanstal...@googlegroups.com

Thats is actually the whole idea of expose-security-credentials and password encryption.

--
-- Aldrin Leal, <ald...@leal.eng.br> / http://meadiciona.com/aldrinleal

Reply all

Reply to author

Forward