I'm using a ec2 instance with a IAM role that gives me all rights to sqs
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sqs:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
The IAM role has 'ec2' as trust relationship.
On the instance I have a node.js application running with the aws-sdk. I'm using the sqs-consumer library to access the queue.
This is my initialization code:
const consumer = require('sqs-consumer');
const AWS = require('aws-sdk');
let options = {apiVersion: '2012-11-05', region:'eu-central-1'};
let sqsClient = new AWS.SQS(options);
const app = consumer.create({
queueUrl: 'my_sqs_url',
region:'eu-central-1',
handleMessage: handleMessage,
sqs: sqsIncoming,
messageAttributeNames:['All']
});
app.on('error', (err) => {
console.log(err);
});
The exact error message I'm getting is: "SQS receive message failed: Missing credentials in config". Which is true, because the IAM role should provide the credentials, according to the docs this should work automatically (link). I'm also using this setup for a couple of ecs auto scaling instances and that works without problem, though I'm using a older version of the sdk there (2.324.0).
I'm using aws-sdk version 2.4.19 (latest as of now).
--EDIT-- I forgot to mention, I'm using a windows server ami.
Things I've tried:
- defining hard coded credentials, then it works
- creating a more broad sqs profile (as seen above)
- tried the 2nd answer from this topic
So I'm wondering why this doesn't work, do I need extra setup of the aws-sdk?
--EDIT2-- It turns out I needed more setup code, see this link for more information.
When I call sqs with the aws-cli I now get the error message: Error when retrieving credentials from Ec2InstanceMetadata: No credentials found in credential_source referenced in profile default
My config looks like
# In ~/.aws/config
[profile default]
role_arn=arn:aws:iam:...
credential_source=Ec2InstanceMetadata
