Error retrieiving credentials from the instance profile metadata server

  • Resolved johnrharris

    (@johnrharris)


    4 years, 9 months ago

    Whether attempting to browse an existing S3 bucket or create a new one using IAM roles for access, we receive this error:

    Error retrieving credentials from the instance profile metadata server. (Client error: GET https://169.254.169.254/latest/meta-data/iam/security-credentials/ resulted in a 404 Not Found response:

    We have (i) installed the plugin with no apparent issues, (ii) created an IAM user per the Amazon S3 Quick Start Guide, and (iii) implemented the “preferably with” modification to wp-config.php to permit us to use an IAM role instead of defining access keys within the wp-config.php file, as set forth here.

    The plugin appears to detect our wp-config.php modification, as it displays the alert “defined in wp-config.php” on the Media Library tab of the plugin configuration dialog.

    For additional context, we do have WordPress installed in an Amazon EC2 instance and if this matters, do use Cloudflare in front of AWS, with Cloudflare as proxy.

    Ours is a fresh WordPress install with only two plugins: WP Offload Media Lite (v2.3.2) and WP Offload SES Lite (v1.4.1). We use Astra theme 2.4.5. The site health check reports no issues.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor ianmjones

    (@ianmjones)

    We occasionally see this with customers, usually it’s a problem with the EC2 instance’s networking stack.

    Give it a quick reboot, usually fixes things up.

    Thread Starter johnrharris

    (@johnrharris)

    Thank you for your help. The reboot, unfortunately, did not improve matters. I would be grateful for any other suggestions.

    Plugin Contributor ianmjones

    (@ianmjones)

    We’ve just released WP Offload Media (Lite) 2.4 which has an updated version of the AWS PHP SDK, maybe that’ll help.

    Thread Starter johnrharris

    (@johnrharris)

    Thank you, and please accept my apology for the slow reply. Upgrading to WP Offload Media (Lite) 2.4 made no difference–we still received the same error as posted in our original inquiry. After additional evaluation and testing, however, we discovered that the error appears to be related to our attempted use of IAM Roles to tell WP Offload Media not to ask for or require the access keys. The user guide advises as follows:

    …if you host your WordPress site on an EC2 instance you won’t necessarily want to distribute your access credentials onto the instance, and will want to make use of IAM Roles.

    It then suggests “After creating an IAM role you can use the ‘AS3CF_AWS_USE_EC2_IAM_ROLE’ constant to tell WP Offload Media not to ask for or require the access keys…preferable with:”

    define( 'AS3CF_SETTINGS', serialize( array(
    'provider' => 'aws',
    'use-server-roles' => true,
) ) );

    By dispensing with this recommended approach and instead defining access keys within wp-config.php uisng the directive below, the plugin began behaving as expected:

    define( 'AS3CF_SETTINGS', serialize( array(
    'provider' => 'aws',
    'access-key-id' => '********************',
    'secret-access-key' => '**************************************',
) ) );

    We use Cloudflare in front of our EC2 instance and did experiment with disabling Cloudflare’s proxy feature while we were still attempting to connect to S3 using the IAM Role constant, but that appeared to make no difference.

    If we can be of further assistance with this, please let us know. We will mark this matter as “resolved” since we do have a work-around.

    We have the same problem with the WP Offload Media 2.4.1 plugin.
    We are using IAM roles attached to the EC2 instance. On top of that we’re running Kubernetes and WordPress in a container.
    If I login to the conainer running WordPress and install the aws cli I can access S3 correctly but the plugin fails.
    Let me know if I can help you debug this issue on our side to get it fixed.

    A safer way is to create a IAM role with full access to S3 and then attach it to your ec2 instance. Et Voila!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Error retrieiving credentials from the instance profile metadata server’ is closed to new replies.

Tags