DEV Community

Samuel Ajisafe
Samuel Ajisafe

Posted on

1 1

AWS CodeDeploy: How to Fix the "Cannot Reach Instance Service" Error

If you're a DevOps engineer, System engineer, or Cloud engineer using AWS CodePipeline, CodeBuild, and CodeDeploy to deploy applications to EC2 instances, you may encounter a deployment failure after a successful build. If the logs from CodeDeploy show the following error:

CodeDeploy agent was not able to receive the lifecycle event. Check the CodeDeploy agent logs on your host and make sure the agent is running and can connect to the CodeDeploy server.
Enter fullscreen mode Exit fullscreen mode

Don’t panic! This guide will help you troubleshoot and resolve the issue.

Step 1: Check the Status of the CodeDeploy Agent on the EC2 Instance

The first step is to verify if the CodeDeploy agent is running on your EC2 instance. To check the status, run the following command:

sudo service codedeploy-agent status
Enter fullscreen mode Exit fullscreen mode
  • If the agent is stopped, start it by running:
sudo service codedeploy-agent start
Enter fullscreen mode Exit fullscreen mode

Step 2: Confirm IAM Role Permissions

Ensure that the EC2 instance has an IAM role attached to it, and this role must have the necessary permissions to interact with AWS CodeDeploy. The policy should include actions for CodeDeploy, S3, and CloudWatch Logs:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "codedeploy:*",
        "s3:GetObject",
        "s3:ListBucket",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "*"
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Step 3: Validate IAM Role Trust Relationship

Next, ensure that the IAM role trust relationship is set up correctly. It should allow EC2 instances to assume the role. The trust relationship policy should look like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Step 4: Restart the CodeDeploy Agent

Once you've confirmed that the IAM role is correctly configured, restart the CodeDeploy agent:

sudo service codedeploy-agent restart
Enter fullscreen mode Exit fullscreen mode

Step 5: Check the CodeDeploy Agent Logs

If the problem persists, inspect the CodeDeploy agent logs for additional error messages that might provide insight into why the lifecycle event failed. To tail the log file:

sudo tail -f /var/log/aws/codedeploy-agent/codedeploy-agent.log
Enter fullscreen mode Exit fullscreen mode

Look for any errors similar to this one:

ERROR [codedeploy-agent(3313518)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Cannot reach InstanceService: Aws::CodeDeployCommand::Errors::AccessDeniedException - Aws::CodeDeployCommand::Errors::AccessDeniedException
Enter fullscreen mode Exit fullscreen mode

Step 6: Remove AWS Credentials from the Instance (if applicable)

If the error mentions AccessDeniedException, it's possible that an AWS credentials file exists on the instance (e.g., /root/.aws/credentials or /home/{user}/.aws/credentials). If such a file exists, it might be interfering with the CodeDeploy agent’s ability to connect.

To fix this:

  1. Delete the credentials file:
sudo rm -rf /root/.aws/credentials
# or for a specific user:
sudo rm -rf /home/{user}/.aws/credentials
Enter fullscreen mode Exit fullscreen mode
  1. Restart the CodeDeploy agent:
sudo systemctl restart codedeploy-agent
Enter fullscreen mode Exit fullscreen mode

Conclusion

By following these steps, you should be able to resolve the "CodeDeploy cannot reach instance service" error and get your deployments back on track. If the issue persists, revisit the IAM role permissions and the CodeDeploy agent logs to gather more information.

References:

Cloud #AWS #DevOps #Automation #CI/CD #System #Engineer #CodeDeploy #CodePipeline #EC2

Image of AssemblyAI tool

Challenge Submission: SpeechCraft - AI-Powered Speech Analysis for Better Communication

SpeechCraft is an advanced real-time speech analytics platform that transforms spoken words into actionable insights. Using cutting-edge AI technology from AssemblyAI, it provides instant transcription while analyzing multiple dimensions of speech performance.

Read full post

Top comments (0)

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay