The instance_role works well from ps80.cd jenkins server but It has issues running from pxb.cd jenkins server.
Getting following Error during describe part:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (UnauthorizedOperation) when calling the DescribeInstanceStatus operation: You are not authorized to perform this operation. User: arn:aws:iam::119175775298:user/jenkins-s3-do is not authorized to perform: ec2:DescribeInstanceStatus because no identity-based policy allows the ec2:DescribeInstanceStatus action
12:13:29 failed: [localhost] (item={'failed': 0, 'started': 1, 'finished': 0, 'ansible_job_id': 'j843127026014.7116', 'results_file': '/home/admin/.ansible_async/j843127026014.7116', 'changed': True, 'item': {'image': 'ami-0d0f7602aa5c2425d', 'instance_tags': {'iit-billing-tag': 'pxb-package-testing', 'job-name': 'pxb-package-testing-molecule'}, 'instance_type': 't2.medium', 'name': 'debian11-82-pxb-package-testing-molecule-pxb_84', 'region': 'us-west-2', 'root_device_name': '/dev/xvda', 'ssh_user': 'admin', 'vpc_subnet_id': 'subnet-03136d8c244f56036'}, 'ansible_loop_var': 'item', 'index': 0, 'ansible_index_var': 'index'}) => {"ansible_job_id": "j843127026014.7116", "ansible_loop_var": "item", "attempts": 5, "boto3_version": "1.35.76", "botocore_version": "1.35.76", "changed": false, "error": {"code": "UnauthorizedOperation", "message": "You are not authorized to perform this operation. User: arn:aws:iam::119175775298:user/jenkins-s3-do is not authorized to perform: ec2:DescribeInstanceStatus because no identity-based policy allows the ec2:DescribeInstanceStatus action"}, "finished": 1, "item": {"ansible_index_var": "index", "ansible_job_id": "j843127026014.7116", "ansible_loop_var": "item", "changed": true, "failed": 0, "finished": 0, "index": 0, "item": {"image": "ami-0d0f7602aa5c2425d", "instance_tags": {"iit-billing-tag": "pxb-package-testing", "job-name": "pxb-package-testing-molecule"}, "instance_type": "t2.medium", "name": "debian11-82-pxb-package-testing-molecule-pxb_84", "region": "us-west-2", "root_device_name": "/dev/xvda", "ssh_user": "admin", "vpc_subnet_id": "subnet-03136d8c244f56036"}, "results_file": "/home/admin/.ansible_async/j843127026014.7116", "started": 1}, "msg": "Failed to fetch status of new EC2 instance: An error occurred (UnauthorizedOperation) when calling the DescribeInstanceStatus operation: You are not authorized to perform this operation. User: arn:aws:iam::119175775298:user/jenkins-s3-do is not authorized to perform: ec2:DescribeInstanceStatus because no identity-based policy allows the ec2:DescribeInstanceStatus action", "response_metadata": {"http_headers": {"cache-control": "no-cache, no-store", "content-type": "text/xml;charset=UTF-8", "date": "Thu, 05 Dec 2024 06:43:24 GMT", "server": "AmazonEC2", "strict-transport-security": "max-age=31536000; includeSubDomains", "transfer-encoding": "chunked", "vary": "accept-encoding", "x-amzn-requestid": "03f7431a-a12a-4a04-a377-b681178fb8ac"}, "http_status_code": 403, "request_id": "03f7431a-a12a-4a04-a377-b681178fb8ac", "retry_attempts": 0}, "results_file": "/home/admin/.ansible_async/j843127026014.7116", "started": 1, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
Can you please grant required permissions for instance_role or credentials Id , Or if this is not the right one to run from pxb.cd jenkins can you please suggest the correct values for them to ensure it runs from pxb.cd jenkins.
Thanks
Activity
Alex Miroshnychenko January 23, 2025 at 8:09 AM
Closing this task. Please reopen it in case the issue is still present
yash.panchal January 16, 2025 at 8:44 AM
Hi Alex,
Yes the working credentials id in ps80.cd jenkins server is 5d78d9c7-2188-4b16-8e31-4d5782c6ceaa
We need to add similar permissions for the pxb.cd jenkins credentials.
Hi Team,
I am using following details in molecule from pxb.cd jenkins server:
credentialsId: 'c42456e5-c28d-4962-b32c-b75d161bff27'and
instance_role: "arn:aws:iam::119175775298:instance-profile/jenkins-psmdb-slave"The instance_role works well from ps80.cd jenkins server but It has issues running from pxb.cd jenkins server.
Getting following Error during describe part:
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (UnauthorizedOperation) when calling the DescribeInstanceStatus operation: You are not authorized to perform this operation. User: arn:aws:iam::119175775298:user/jenkins-s3-do is not authorized to perform: ec2:DescribeInstanceStatus because no identity-based policy allows the ec2:DescribeInstanceStatus action 12:13:29 failed: [localhost] (item={'failed': 0, 'started': 1, 'finished': 0, 'ansible_job_id': 'j843127026014.7116', 'results_file': '/home/admin/.ansible_async/j843127026014.7116', 'changed': True, 'item': {'image': 'ami-0d0f7602aa5c2425d', 'instance_tags': {'iit-billing-tag': 'pxb-package-testing', 'job-name': 'pxb-package-testing-molecule'}, 'instance_type': 't2.medium', 'name': 'debian11-82-pxb-package-testing-molecule-pxb_84', 'region': 'us-west-2', 'root_device_name': '/dev/xvda', 'ssh_user': 'admin', 'vpc_subnet_id': 'subnet-03136d8c244f56036'}, 'ansible_loop_var': 'item', 'index': 0, 'ansible_index_var': 'index'}) => {"ansible_job_id": "j843127026014.7116", "ansible_loop_var": "item", "attempts": 5, "boto3_version": "1.35.76", "botocore_version": "1.35.76", "changed": false, "error": {"code": "UnauthorizedOperation", "message": "You are not authorized to perform this operation. User: arn:aws:iam::119175775298:user/jenkins-s3-do is not authorized to perform: ec2:DescribeInstanceStatus because no identity-based policy allows the ec2:DescribeInstanceStatus action"}, "finished": 1, "item": {"ansible_index_var": "index", "ansible_job_id": "j843127026014.7116", "ansible_loop_var": "item", "changed": true, "failed": 0, "finished": 0, "index": 0, "item": {"image": "ami-0d0f7602aa5c2425d", "instance_tags": {"iit-billing-tag": "pxb-package-testing", "job-name": "pxb-package-testing-molecule"}, "instance_type": "t2.medium", "name": "debian11-82-pxb-package-testing-molecule-pxb_84", "region": "us-west-2", "root_device_name": "/dev/xvda", "ssh_user": "admin", "vpc_subnet_id": "subnet-03136d8c244f56036"}, "results_file": "/home/admin/.ansible_async/j843127026014.7116", "started": 1}, "msg": "Failed to fetch status of new EC2 instance: An error occurred (UnauthorizedOperation) when calling the DescribeInstanceStatus operation: You are not authorized to perform this operation. User: arn:aws:iam::119175775298:user/jenkins-s3-do is not authorized to perform: ec2:DescribeInstanceStatus because no identity-based policy allows the ec2:DescribeInstanceStatus action", "response_metadata": {"http_headers": {"cache-control": "no-cache, no-store", "content-type": "text/xml;charset=UTF-8", "date": "Thu, 05 Dec 2024 06:43:24 GMT", "server": "AmazonEC2", "strict-transport-security": "max-age=31536000; includeSubDomains", "transfer-encoding": "chunked", "vary": "accept-encoding", "x-amzn-requestid": "03f7431a-a12a-4a04-a377-b681178fb8ac"}, "http_status_code": 403, "request_id": "03f7431a-a12a-4a04-a377-b681178fb8ac", "retry_attempts": 0}, "results_file": "/home/admin/.ansible_async/j843127026014.7116", "started": 1, "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}Can you please grant required permissions for instance_role or credentials Id , Or if this is not the right one to run from pxb.cd jenkins can you please suggest the correct values for them to ensure it runs from pxb.cd jenkins.
Thanks